检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
How Do I Grant Permissions to an IAM User? If you want to authorize an IAM user to operate the SecMaster service, you need to use the primary account to grant permissions to the user. Procedure Log in to the console as the administrator.
Step 4: Create a Non-administrator IAM User This topic walks you through how to create a non-administrator IAM user. IAM authentication is used for tenant log collection.
Creating a User and Granting Permissions This topic describes how to use IAM to implement fine-grained permissions control for your SecMaster. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Only non-administrator IAM users can be used for installing isap-agent. Make sure the /opt/cloud directory where you install isap-agent and use the collector has at least 100 GB of free disk space.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Identity and Access Management (IAM) is a basic service of Huawei Cloud that provides permissions management to help you securely control access to SecMaster. With IAM, you can add users to a user group and configure policies to control their access to SecMaster resources.
"iam:permissions:grantRoleToAgencyOnProject", "iam:policies:*", "iam:agencies:*", "iam:roles:*", "iam:users:listUsers", "iam:tokens:assume" ], "Effect": "Allow" },
Resource Planning Account A non-administrator IAM account that has the SecMaster data collection management permission. ECS Specifications The following table lists the specifications of the tenant cloud server (ECS) where the collector (isap-agent + Logstash) is installed.
If your account does not need individual IAM users, then you may skip over this section. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups.
Limitations and Constraints If an IP address or IP address range or an IAM user is added to the blacklist, CFW, WAF, VPC, and IAM will block requests from that IP address without checking whether the requests are malicious.
When a policy needs to be delivered to IAM, each time a maximum of 50 IAM users can be added as blocked objects for each account.
When a policy needs to be delivered to IAM, each time a maximum of 50 IAM users can be added as blocked objects for each account.
"iam:permissions:grantRoleToAgencyOnDomain", "iam:agencies:createAgency", "iam:permissions:grantRoleToAgency", "iam:permissions:grantRoleToAgencyOnProject" ] } ] } Click OK.
Domain_name Enter the domain account information of the IAM user used to log in to the console. User_name Enter the user information of the IAM user used to log in to the console. Password Enter the password of the current login IAM user.
When a policy needs to be delivered to IAM, each time a maximum of 50 IAM users can be added as blocked objects for each account. Label Label of the custom emergency policy. Operation Connection Select the operation connections for the policy.
If the user credentials are permanent IAM user credentials, delete them on the IAM console. For details, see Deleting an IAM User. If the user credentials are temporary credentials obtained from IAM, they can be associated with the IAM role.
Failed to obtain the IAM token. Symptoms If information shown in the following figure is displayed in the log, the call to obtain IAM token failed. Figure 3 IAM token failure Troubleshooting and Solution Check whether the IAM account or username in the command is correct.
Prerequisites The IAM account has been authorized. For details, see How Do I Grant Permissions to an IAM User? You have purchased SecMaster. Procedure Log in to the management console. Click in the upper left corner of the management console and select a region or project.
If it has been attached, skip this step and go to Step 4: Create a Non-administrator IAM User. If it has not been attached, go to 2. Figure 1 Attached data disks On the Disks tab, click Attach Disk.
Preparing for the Upgrade IAM is used for data collection authorization. You need to create an IAM user with the minimum permission to access SecMaster APIs and disable verification rules such as MFA for the user. Log in to the management console.
