检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating an IAM User and Granting VPC Permissions This section describes how to use IAM to implement fine-grained permissions control for your VPC resources. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
) Creating an IAM User and Granting VPC Permissions Cloud Eye Cloud Eye Monitoring Cloud Trace Service (CTS) CTS Auditing Tag Management Service (TMS) Using TMS to Identify VPC Resources
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of an IAM account } } } }, "scope": { "project":
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Create a VPC. Send POST https://VPC endpoint/v1/{project_id}/vpcs. Parameter project_id indicates the project ID.
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
For example, to obtain an IAM token in the UAE-Abu Dhabi region, obtain the endpoint of IAM (iam.ae-ad-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Obtain the NIC information based on the ECS ID. Send GET https://VPC endpoint/v1/{project_id}/ports?device_id={ecs_id}.
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of an IAM account } } } }, "scope": { "project":
Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
In this example, the ID is 3c24f6f885294XXXXX93ce075fbd. name: IAM username. In this example, the username is cts-test-01, which is an IAM user under account cts-test. id: IAM user ID. In this example, the ID is a26ee7e7224XXXXXe4a28a9ce503.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently obtaining the token. Procedure Send POST https://VPC endpoint/v1/{project_id}/vpcs. Parameter project_id indicates the project ID.
With IAM, you can create IAM users, and assign permissions to control their access to specific resources.
Permissions Management Creating an IAM User and Granting VPC Permissions VPC Custom Policies
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by VPC to the user group.
