检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating an IAM User and Granting Permissions When you use KooCLI to manage and use your cloud resources, provide your IAM user identity information for authentication. IAM users are created with a HUAWEI ID to use cloud services.
Obtaining a Temporary AK/SK and SecurityToken A temporary AK/SK and SecurityToken are issued by the system to IAM users and are valid for 15 minutes to 24 hours. The temporary AK/SK and SecurityToken follow the principle of least privilege.
IAM Identity Center instance is enabled. cli-sso-account-name Account name. cli-sso-permission-set-name Permission set name.
To use this mode, create a cloud service agency to delegate ECS to use the CLI on the IAM console, and add the agency in the Management Information > Agency area of the ECS details page. For details, see Cloud Service Delegation. Parent topic: Other
Only APIs that involve identity authentication require IAM identity credentials during calling. Access Control Access control on resources Your permissions for debugging and managing resources with KooCLI are the same as those for doing this with SDKs.
Create an Identity and Access Management (IAM) user and grant them permissions. Then obtain an access key. For details, see Step 1: Make Preparations.
Run the following command to implement SSO login: hcloud configure sso After pressing Enter, enter an SSO profile name (name of the profile to save after SSO login, required), SSO start URL (portal URL, required), SSO region (region where the IAM Identity Center instance is enabled
Authentication parameters: user portal URL (cli-sso-start-url), region of an IAM Identity Center instance (cli-sso-region), account name (cli-sso-account-name), and permission set name (cli-sso-permission-set-name). cli-sso-account-name and cli-sso-permission-set-name are optional
-cli-secret-key=******** Use temporary security credentials (temporary AK/SK and SecurityToken): hcloud RDS ListApiVersion --cli-region="ap-southeast-1" --cli-access-key=******** --cli-secret-key=******** --cli-security-token=******** cli-domain-id ID of the account to which the IAM
Commercial use Skipping HTTPS Request Certificate Verification 2 New feature KooCLI version: 2.4.4 You can create an IAM agency and use KooCLI on an Elastic Cloud Server (ECS) through agency authentication. Commercial use ecsAgency Delegation September 2021 No.
KooCLI automatically obtains the account ID and project ID of an IAM user based on the user authentication information during API calling. The user does not need to specify cli-region in the command if it has already been specified in the configuration information.
