检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Procedure Log in to the IAM console. On the IAM console, choose Agencies from the navigation pane on the left, and click Create Agency in the upper right corner. Figure 1 Creating an agency Enter an agency name. Set Cloud Service to RFS.
Stack set permission models Self-managed permissions: When using this permissions model, create IAM roles required by stack sets for deployment across accounts and Huawei Cloud regions.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details on API calling authentication, see Authentication. The following is an example response.
required_providers {\n huaweicloud = {\n source = \"huawei.com/provider/huaweicloud\"\n version = \"1.41.0\"\n }\n }\n}\nprovider \"huaweicloud\"{\n insecure = true\n cloud = \"{cloud_name}\"\n region = \"{region}\"\n endpoints = {\n iam
For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?
Example: variable "iam_user_password" { type = string description = "The password for iam user to log in."
Identity authentication on the console RFS is interconnected with Identity and Access Management (IAM) to manage tenant identity authentication and access using IAM permissions.
For example, to obtain an IAM token in the CN North-Beijing4 region, obtain the endpoint of IAM (iam.cn-north-4.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
This agency must have the iam:tokens:assume permission to obtain the managed agency credential. Otherwise, an error is reported when an instance is created or deployed. Managed Agency Name: RFS uses this agency to obtain permissions required for deploying resources.
* SERVICE_MANAGED: Based on the Organization service, RFS will automatically create all IAM agency required when deploying organization member accounts.
template for creating a VPC and an ECS: terraform { required_providers { huaweicloud = { source = "huawei.com/provider/huaweicloud" version = "1.41.0" } } } provider "huaweicloud" { cloud = "myhuaweicloud.com" endpoints = { iam
If the provider_name value given by the user is duplicate, 400 is returned. agency_name No String IAM agency used by the corresponding provider. RFS uses this agency to access and create resources of the provider.
Use fine-grained authorization to add iam:tokens:assume and required operation permissions to the agency.
This agency must contain the iam:tokens:assume permission to subsequently obtain the managed agency credentials. If it is not included, adding or deploying instances will fail.
* SERVICE_MANAGED: Based on the Organization service, RFS will automatically create all IAM agency required when deploying organization member accounts.
It manages system and service resources (all physical or logical entities that can be located and described, such as databases, VPCs, pipelines, and IAM roles).
If the provider_name value given by the user is duplicate, 400 is returned. agency_name No String IAM agency used by the corresponding provider. RFS uses this agency to access and create resources of the provider.
* SERVICE_MANAGED: Based on the Organization service, RFS will automatically create all IAM agency required when deploying organization member accounts.
If the provider_name value given by the user is duplicate, 400 is returned. agency_name String IAM agency used by the corresponding provider. RFS uses this agency to access and create resources of the provider.
