检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to RDS Creating a User and Granting Permissions RDS Custom Policies
An IAM account can create three OBT instances in a region. You can change the specifications of a created GeminiDB Redis instance, but the instance will be billed after the change.
Error Reported When a DB Instance Is Purchased Scenario When an IAM user purchases an RDS DB instance, an error message is displayed, indicating that the user is not granted the IAM agency permission.
Operation Process Process Description Preparations Sign up for a HUAWEI ID, enable Huawei Cloud services, make sure you have a valid payment method configured, create IAM users, and grant them specific RDS permissions.
Operation Process Process Description Preparations Sign up for a HUAWEI ID, enable Huawei Cloud services, make sure you have a valid payment method configured, create IAM users, and grant them specific RDS permissions.
The following is an example deny policy: { "Version": "1.1", "Statement": [{ "Action": ["rds:instance:delete"], "Effect": "Deny" }] } Parent Topic: Using IAM to Grant Access to RDS
Operation Process Process Description Preparations Sign up for a HUAWEI ID, enable Huawei Cloud services, make sure you have a valid payment method configured, create IAM users, and grant them specific RDS permissions.
This permission can be granted using Identity and Access Management (IAM). On the IAM console, add permission policies to user groups. For details, see Creating a User Group and Assigning Permissions.
For fine-grained permissions management, create an Identity and Access Management (IAM) user and user group on the IAM console and grant the user specific operation permissions. For details, see Creating a User and Granting Permissions. Go to the Buy DB Instance page.
For details, see Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket. Download the backup file. On the OBS Browser+ page, click the bucket that you added.
Parent Topic: Using IAM to Grant Access to RDS
To use DBA Assistant on the RDS console, IAM users must have the RDS FullAccess, DAS FullAccess, DAS Administrator, and CES FullAccess permissions. For details, see Creating a User and Granting Permissions.
IAM users can use RDS resources only after their accounts and passwords are verified. For details, see Step 2: Create IAM Users and Log In.
Access Control RDS controls access through the account/IAM user and security groups. When you create an RDS DB instance, an account is automatically created. To separate out specific permissions, you can create IAM users and assign permissions to them as needed.
For details, see Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket. Click the name of the external bucket to go to the object list page.
For details, see Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket. Download a merged binlog. On the OBS Browser+ page, click the bucket that you added.
For details, see Granting IAM Users Under an Account the Access to a Bucket and Resources in the Bucket. Click the name of the external bucket to go to the object list page. In the search box on the right, enter the log file name and start a search.
a RAM-based shared KMS key, configure the following actions: iam:agencies:listAgencies iam:roles:listRoles iam:agencies:pass iam:agencies:createAgency iam:permissions:grantRoleToAgency RDS FullAccess already contains the iam:agencies:listAgencies, iam:roles:listRoles, and iam:agencies