检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Procedure Log in to the IAM console. On the IAM console, choose Agencies from the navigation pane on the left, and click Create Agency in the upper right corner. Figure 1 Creating an agency Enter an agency name. Set Cloud Service to RFS.
For example, to obtain an IAM token in the CN North-Beijing4 region, obtain the endpoint of IAM (iam.cn-north-4.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?
Use fine-grained authorization to add iam:tokens:assume and required operation permissions to the agency.
IAM.Agency Element Description The IAM.Agency element is used to create agencies on IAM, specify entrusted accounts, and grant rights. After an administrator assigns agent operator permissions to an entrusted account user, the user can manage corresponding resources.
Identity authentication on the console RFS is interconnected with Identity and Access Management (IAM) to manage tenant identity authentication and access using IAM permissions.
Stack set permission models Self-managed permissions: When using this permissions model, create IAM roles required by stack sets for deployment across accounts and Huawei Cloud regions.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Resource Formation Service Getting Started Visual Designer Managing a Stack Stack Sets Auditing IAM Agency
Type: string Value Description: Support IAM, APP, NONE Default: IAM Value Constraint: Valid values can only be IAM, APP, NONE. Suggestion: Use the get_input function to import this field.
It manages system and service resources (all physical or logical entities that can be located and described, such as databases, VPCs, pipelines, and IAM roles).
Suggestion: Comply with the URI specifications. authType Yes API authentication mode Type: string Value Description: NONE: no authentication; APP: app authentication; IAM: IAM authentication Default: IAM Value Constraint: The value can be NONE, APP, or IAM.
The value can be automatically obtained on the AOS page. role No The Huawei IAM execution role to access to other Huawei Cloud services. Type: string Value Description: IAM service support is required and a delegate is created on the IAM interface.
This agency must have the iam:tokens:assume permission to obtain the managed agency credential. Otherwise, an error is reported when an instance is created or deployed. Managed Agency Name: RFS uses this agency to obtain permissions required for deploying resources.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details on API calling authentication, see Authentication. The following is an example response.
Example: variable "iam_user_password" { type = string description = "The password for iam user to log in."
* SERVICE_MANAGED: Based on the Organization service, RFS will automatically create all IAM agency required when deploying organization member accounts.
Identity and Access Management (IAM) IAM.Agency The IAM.Agency element is used to create agencies on IAM, specify entrusted accounts, and grant rights.
To create DIS triggers, you need to enable the DIS service and configure Identity and Access Management (IAM) agencies for accessing the DIS service.
To create DMS triggers, you need to enable the DMS service and configure the IAM agencies for accessing the DMS service. Element Properties Table 1 Property Description Property Required Descripiton pollingInterval No Interval at which data is pulled from the stream.
