检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to HSS Creating a User and Granting Permissions HSS Custom Policies HSS Actions
For details about how to grant permissions, see Assigning Permissions to an IAM User. Parent topic: Others
For security purposes, create IAM users and grant them permissions for routine management. User A user is created using a domain to use cloud services. Each user has its own identity credentials (password and access keys).
If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Query Clusters in a Project cce:cluster:list Query Agencies Based on Specified Conditions iam:agencies:listAgencies Prerequisites To let an IAM user perform operations, assign the Security Administrator system role or the HSS AgencyOperatePolicy system policy to the user.
For example, if status code 201 is returned for calling the API used to create an IAM user, the request is successful. Response Header A response header corresponds to a request header, for example, Content-Type.
protected: CCE cluster: container tunnel network model, cloud native network 2.0 model, and VPC network model Other Kubernetes clusters: container tunnel network model In a CCE cluster, to operate resource objects, you need to obtain either of the following operation permissions: IAM
If your Huawei Cloud account does not need individual IAM users, then you may skip over this section. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign policies or roles to these groups.
Related Services You can use SMN to receive alarm notifications, IAM service to manage user permissions, and Cloud Trace Service (CTS) to audit user behaviors.
If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .
In a CCE cluster, to operate and protect resource objects, you need to obtain either of the following operation permissions: IAM permissions: Tenant Administrator or CCE Administrator. Namespace permissions (authorized by Kubernetes RBAC): O&M permissions.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see What Is IAM? HSS Permissions By default, new IAM users do not have permissions assigned.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
If you perform operations as an IAM user, ensure that the IAM user has been assigned the HSS FullAccess permission. For details, see Creating a User and Granting Permissions .
On the Permissions tab, click Authorize User Group to go to the User Groups page on the IAM console. Associate the enterprise project with a user group and assign permissions to the group. For details, see Creating a User Group and Assigning Permissions in the IAM help.
"Action": [ "hss:hosts:switchVersion", "hss:hosts:manualDetect", "hss:manualDetectStatus:get" ] } ] } Parent Topic: Using IAM
However, HSS can be shared by multiple IAM users. Sharing HSS Among Multiple IAM Users Assume that you have created an account, domain1, by registering with Huawei Cloud, and used domain1 to create two IAM users, sub-user1a and sub-user1b, in IAM.
Identity Authentication and Access Control Identity and Access Management (IAM) provides refined permissions management for HSS resources. You can: Create IAM users for employees based on the organizational structure of your enterprise.
Parent Topic: Using IAM to Grant Access to HSS
