检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Cloud Eye Identity and Access Management (IAM) Allows you to assign different permissions to different users. It enables fine grained control over your VPN resources.
The API for obtaining the project ID is GET https://{IAM endpoint}/v3/projects. For details about API authentication, see Authentication. The following is an example response.
VPN Gateway Permission API Action Dependencies IAM Project Enterprise Project Subscribing to a yearly/monthly P2C VPN gateway POST /v5/{project_id}/p2c-vpn-gateways/subscribe/{order_id} vpn:p2cVpnGateway:subscribe vpn:system:listAvailabilityZones vpc:vpcs:list vpc:subnets:get vpc:
VPN Gateway Permission API Action Dependencies IAM Project Enterprise Project Subscribing to a yearly/monthly P2C VPN gateway POST /v5/{project_id}/p2c-vpn-gateways/subscribe/{order_id} vpn:p2cVpnGateway:subscribe vpn:system:listAvailabilityZones vpc:vpcs:list vpc:subnets:get vpc:
The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling.
VPN Connection Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN connection POST /v5/{project_id}/vpn-connection vpn:vpnConnections:create ces:metricData:list ces:currentRegionSupportedMetrics:list vpc:vpcs:list vpc:vpcs:get vpc:subnets:get vpc:subnets
If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
VPN Connection Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN connection POST /v5/{project_id}/vpn-connection vpn:vpnConnections:create ces:metricData:list ces:currentRegionSupportedMetrics:list vpc:vpcs:list vpc:vpcs:get vpc:subnets:get vpc:subnets
The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling.
The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling. Calling the APIs related to access policies is an asynchronous process. The configuration takes effect after a period of time.
Server Permission API Action Dependencies IAM Project Enterprise Project Creating a P2C VPN server POST /v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers vpn:p2cVpnGateway:createServer scm:cert:get scm:cert:list scm:cert:download vpc:publicIps:get vpc:routeTables:update vpc
Server Permission API Action Dependencies IAM Project Enterprise Project Creating a P2C VPN server POST /v5/{project_id}/p2c-vpn-gateways/{p2c_vgw_id}/vpn-servers vpn:p2cVpnGateway:createServer scm:cert:get scm:cert:list scm:cert:download vpc:publicIps:get vpc:routeTables:update vpc
User Management Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN user POST /v5/{project_id}/p2c-vpn-gateways/vpn-servers/{vpn_server_id}/users vpn:p2cVpnUser:create - √ x Creating VPN users in batches POST /v5/{project_id}/p2c-vpn-gateways/vpn-servers
User Management Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN user POST /v5/{project_id}/p2c-vpn-gateways/vpn-servers/{vpn_server_id}/users vpn:p2cVpnUser:create - √ x Creating VPN users in batches POST /v5/{project_id}/p2c-vpn-gateways/vpn-servers
VPN Gateway Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN gateway POST /v5/{project_id}/vpn-gateways vpn:vpnGateways:create er:instances:list er:instances:get vpc:vpcs:list vpc:vpcs:get vpc:subnets:get vpc:subnets:list vpc:subnets:create vpc:subnets
VPN Gateway Permission API Action Dependencies IAM Project Enterprise Project Creating a VPN gateway POST /v5/{project_id}/vpn-gateways vpn:vpnGateways:create er:instances:list er:instances:get vpc:vpcs:list vpc:vpcs:get vpc:subnets:get vpc:subnets:list vpc:subnets:create vpc:subnets
The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling. Calling the APIs related to users and user groups is an asynchronous process. The configuration takes effect after a period of time.
The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling.
The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling.
The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling. Data Preparation A VPN server supports two authentication modes: certificate authentication and password authentication.
