检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Key pairs created by an IAM user on the management console can be used only by the user. If multiple IAM users need to use the same key pair, you can create an account key pair.
Restrictions The KMS Administrator right must be granted to the user in the region of RDS by using Identity and Access Management (IAM). For details about how to assign permissions to user groups, see "How Do I Manage User Groups and Grant Permissions to Them?"
NOTE: Use this ID as the value of Path if you are creating a custom policy in IAM and have selected Specify resource path for KeyId. Status Status of a CMK, which can be one of the following: Enabled The CMK is enabled. Disabled The CMK is disabled.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
Identity and Access Management (IAM) provides the permission management function for DEW.
Modified DEW system policy names in section "Permissions Management" in chapter "Service Overview" based on IAM GUI changes: changed DEW Keypair Admin to DEW KeypairFullAccess, DEW Keypair Viewer to DEW KeypairReadOnlyAccess, and KMS CMK Admin to KMS CMKFullAccess. 2019-12-03 This
In this case, if you or the IAM users under your account perform critical operations such as viewing secret value or deleting a key, you are required to enter a verification code, avoiding risks and loss for your service.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
Rotating IAM Secrets Using FunctionGraph Using CSMS to Automatically Rotate Security Passwords
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. Table 3 Request body parameters Parameter Mandatory Type Description keystore_alias Yes String Alias of the dedicated keystore.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. Table 3 Request body parameters Parameter Mandatory Type Description key_alias Yes String Alias of a non-default master key.
Encryption Key Management Permission API Action Dependent Permission IAM Project (Project) Enterprise Project (Enterprise Project) Creating a CMK POST /v1.0/{project_id}/kms/create-key kms:cmk:create - √ √ Enabling a CMK POST /v1.0/{project_id}/kms/enable-key kms:cmk:enable - √ √
IAM. * - KMS_REGION_ID: regions supported by KMS. For details, see https://developer.huaweicloud.com/intl/en-us/endpoint?DEW. * - KMS_ENDPOINT: endpoint for accessing KMS. For details, see https://developer.huaweicloud.com/intl/en-us/endpoint?
Can be obtained by calling the IAM API for obtaining the user token (the value of X-Subject-Token in the response header).
Can be obtained by calling the IAM API for obtaining the user token (the value of X-Subject-Token in the response header).
Can be obtained by calling the IAM API for obtaining the user token (the value of X-Subject-Token in the response header).
