检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific Huawei Cloud resources.
Cloud Eye Identity and Access Management (IAM) Allows you to assign different permissions to different users. It enables fine grained control over your VPN resources.
VPN Connection Monitor Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN connection monitor POST /v5/{project_id}/connection-monitors vpn:connectionMonitors:create - √ √ Querying the VPN connection monitor list GET /v5/{project_id}/connection-monitors
VPN Connection Monitor Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN connection monitor POST /v5/{project_id}/connection-monitors vpn:connectionMonitors:create - √ √ Querying the VPN connection monitor list GET /v5/{project_id}/connection-monitors
VPN Tag Permission API Action Dependencies IAM Project Enterprise Project Creating a resource tag POST /v5/{project_id}/{resource_type}/{resource_id}/tags/create vpn:resourceInstanceTags:create - √ √ Deleting tags of a resource POST /v5/{project_id}/{resource_type}/{resource_id}/tags
VPN Tag Permission API Action Dependencies IAM Project Enterprise Project Creating a resource tag POST /v5/{project_id}/{resource_type}/{resource_id}/tags/create vpn:resourceInstanceTags:create - √ √ Deleting tags of a resource POST /v5/{project_id}/{resource_type}/{resource_id}/tags
Check whether your account is an IAM account. Ensure that your IAM account has the VPN FullAccess permission. For details, see Creating a User Group and Assigning Permissions and Adding Users to or Removing Users from a User Group. Parent topic: Account Permissions
Check whether your account is an IAM user account. If yes, perform operations on the IAM console as the Huawei Cloud account user to authorize you the VPC operation permissions. Ensure that your account has the VPC Administrator, Tenant Guest, and VPN Administrator permissions.
VPN Quota Permission API Action Dependencies IAM Project Enterprise Project Querying VPN quotas GET /v5/{project_id}/vpn/quotas vpn:quota:list - √ × Parent topic: Actions Supported by Public Service APIs
VPN Quota Permission API Action Dependencies IAM Project Enterprise Project Querying VPN quotas GET /v5/{project_id}/vpn/quotas vpn:quota:list - √ × Parent topic: Actions Supported by Public Service APIs
The response header shown in Figure 1 is returned for the API used to create an IAM user as an administratorcreate an IAM user as an administrator. Figure 1 Response header for the API used to create an IAM user as an administrator Response Body The response body is optional.
Request This section describes the structure of a REST API request, and uses the IAM API for creating an IAM user as an administratorcreating an IAM user as an administrator as an example to demonstrate how to call an API.
Instead, you are advised to create Identity and Access Management (IAM) users and grant routine management permissions to the users. User You can use your account to create IAM users for routine management of specific cloud services.
Creating a User and Granting VPN Permissions Use the Identity and Access Management (IAM) service to implement fine-grained permissions control over your VPN resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
IAM or enterprise projects on which actions take effect. Policies that contain actions supporting both IAM and enterprise projects can be used and take effect in both IAM and Enterprise Management.
Customer Gateway Permission API Action Dependencies IAM Project Enterprise Project Creating a customer gateway POST /v5/{project_id}/customer-gateways vpn:customerGateways:create - √ x Querying details about a customer gateway GET /v5/{project_id}/customer-gateways/{customer_gateway_id
Customer Gateway Permission API Action Dependencies IAM Project Enterprise Project Creating a customer gateway POST /v5/{project_id}/customer-gateways vpn:customerGateways:create - √ x Querying details about a customer gateway GET /v5/{project_id}/customer-gateways/{customer_gateway_id
The VPN gateways and connections created by a Huawei Cloud account are invisible to IAM user accounts. A message will be displayed indicating that the system is busy if you create a VPN gateway or connection using an IAM user account.
Access Policy Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN access policy POST /v5/{project_id}/p2c-vpn-gateways/vpn-servers/{vpn_server_id}/access-policies vpn:p2cVpnGateway:createAccessPolicy - √ x Querying the VPN access policy list GET /v5/{project_id
Access Policy Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN access policy POST /v5/{project_id}/p2c-vpn-gateways/vpn-servers/{vpn_server_id}/access-policies vpn:p2cVpnGateway:createAccessPolicy - √ x Querying the VPN access policy list GET /v5/{project_id
