检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
On the IAM console, create a user group and attach the VPCEndpoint Administrator policy to the group. Create an IAM user and add it to the created user group. Create an IAM user and add it to the user group created in 1. Log in as the IAM user and verify permissions.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Identity and Access Management Permissions Management You can use Identity and Access Management (IAM) to control access to your VPC Endpoint resources. IAM permissions define which actions on your cloud resources are allowed or denied.
If your HUAWEI ID does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
name "password": $ADMIN_PASS, //IAM user password.
Minimum: 1 Maximum: 64 Table 2 Query Parameters Parameter Mandatory Type Description permission No String Specifies the permission account ID in iam:domain::domain_id format. domain_id indicates the account ID of the authorized user, for example, iam:domain::6e9dfd51d1124e8d8498dce894923a0d
code: 200 The server has successfully processed the request. { "permissions" : [ "iam:domain::5fc973eea581490997e82ea11a1d0101", "iam:domain::5fc973eea581490997e82ea11a1d0102" ] } SDK Sample Code The SDK sample code is as follows.
Table 4 EpsAddPermissionRequest Parameter Mandatory Type Description permission Yes String The permission format is iam:domain::domain_id or organizations:orgPath::org_path. iam:domain:: and organizations:orgPath:: are fixed formats. domain_id indicates the ID of the account in which
users and controlling their access to VPC Endpoint resources IAM Permissions Configured as a gateway VPC endpoint service by default.
With IAM, you can use your Huawei Cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific Huawei Cloud resources.
Constraints A VPC endpoint policy is defined in the JSON document of IAM policies. VPC endpoint policies must comply with the grammar and structure of IAM permission policies.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling the IAM API.
Table 6 EpsPermission Parameter Type Description id String Specifies primary key IDs of whitelist records of a VPC endpoint service. permission String The permission format is iam:domain::domain_id or organizations:orgPath::org_path. iam:domain:: and organizations:orgPath:: are fixed
Table 6 EpsPermission Parameter Type Description id String Specifies primary key IDs of whitelist records of a VPC endpoint service. permission String The permission format is iam:domain::domain_id or organizations:orgPath::org_path. iam:domain:: and organizations:orgPath:: are fixed
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Array Length: 0 - 10 policy_document Object Specifies the IAM 5.0 policies.
It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token. Content-Type No String Specifies the MIME type of the request body. Default value application/json is recommended.
