检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
Image Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Creating an Image Using an ECS (Discarded) POST /v2.1/{project_id}/servers/{server_id}/action ecs:servers:createImage evs:volumes:get evs:snapshots:create
ECS Management Through Console Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Obtaining a VNC-based Remote Login Address (Discarded) POST /v2.1/{project_id}/servers/{server_id}/remote-consoles ecs:servers:createConsole
To do so, perform the following operations: On the User Groups page of the IAM console, locate the target user group and click Authorize in the Operation column. Select policies or roles from the list. Click Next and select Region-specific projects.
The user token (no special permission requirements) of an IAM user is required if the user is requesting to verify their own token. This example uses the IAM user and the X-Auth-Token is the same as the token to be verified X-Subject-Token: Token to be verified.
Tenant Quota Management Permission API Action Dependencies IAM Project Enterprise Project Attach by Instance Authorization by Tag Querying quotas of a tenant GET /v1/{project_id}/cloudservers/limits ecs:cloudServerQuotas:get - Supported Supported Not supported Not supported Querying
Specifications Query Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying details about flavors and extended flavor information GET /v1/{project_id}/cloudservers/flavors ecs:cloudServerFlavors:get - Supported Supported
When you or the IAM users under your account perform critical operations, for example, deleting ECS resources, you are required to enter a verification code based on the selected verification method.
SSH Key Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Creating and Importing an SSH Key Pair (Discarded) POST /v2.1/{project_id}/os-keypairs ecs:serverKeypairs:create - Supported Not supported Not supported
Authorizing Redeployment for Instances that Not Using Local Disks Authorize Redeployment for Instances Using Local Disks Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
Batch Operations Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Stopping ECSs in a batch POST /v1/{project_id}/cloudservers/action ecs:cloudServers:stop - Supported Supported Supported Supported Restarting ECSs in a
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
IAM The Identity and Access Management (IAM) provides permissions management to securely manage access to your Huawei Cloud services and resources. Parent Topic: QingTian Enclave Overview
In addition, several PCRs included in attestation documents can be used to create condition keys of IAM access control policies for stronger access control. For details, see PCR.
Password Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Resetting the password for logging in to an ECS with a few clicks for enterprise projects PUT /v1/{project_id}/cloudservers/{server_id}/os-reset-password
Floating IP Address Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Allocating a floating IP address (native OpenStack API) POST /v2.1/{project_id}/os-floating-ips ecs:serverFloatingIps:use vpc:floatingIps
Operation protection takes effect for your account and IAM users created using your account. For details, see Protection for Mission-Critical Operations.
If you log in as an IAM user, obtain the IAM user ID of that IAM user. agency_name No String Specifies the IAM agency name. An agency is created by a tenant administrator on Identity and Access Management (IAM) to provide temporary credentials for ECSs to access cloud services.
Value 1 indicates ECSs. cascaded.instance_extrainfo String Specifies the extended information about the internal ECSs. image_name String Specifies the image name of the ECS. agency_name String Specifies the IAM agency name.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
