检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating an IAM User and Granting VPC Permissions This section describes how to use IAM to implement fine-grained permissions control for your VPC resources. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by VPC to the user group.
With IAM, you can create IAM users, and assign permissions to control their access to specific resources.
Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM.
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of an IAM account } } } }, "scope": { "project":
) Creating an IAM User and Granting VPC Permissions Cloud Eye Cloud Eye Monitoring Cloud Trace Service (CTS) CTS Auditing Tag Management Service (TMS) Using TMS to Identify VPC Resources
Permissions Management Creating an IAM User and Granting VPC Permissions VPC Custom Policies
In this example, the ID is 3c24f6f885294XXXXX93ce075fbd. name: IAM username. In this example, the username is cts-test-01, which is an IAM user under account cts-test. id: IAM user ID. In this example, the ID is a26ee7e7224XXXXXe4a28a9ce503.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Create a VPC. Send POST https://VPC endpoint/v1/{project_id}/vpcs. Parameter project_id indicates the project ID.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Obtain the NIC information based on the ECS ID. Send GET https://VPC endpoint/v1/{project_id}/ports?device_id={ecs_id}.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Assign a virtual IP address. Send POST https://VPC endpoint/v2.0/ports. Add X-Auth-Token to the request header.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequent calling. Procedure Assign a virtual IPv6 address. Send POST https://VPC endpoint/v2.0/ports. Add X-Auth-Token to the request header.
