检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Tag iam Trigger Type Periodic Filter Type Account Configure Rule Parameters None Applicable Scenario Multi-factor authentication (MFA) adds an additional layer of security protection on top of the identity credentials for an account.
for all non-console access into the CDE for personnel with administrative access. iam-user-mfa-enabled Enable MFA for all IAM users.
String Specifies the resource ID. name String Specifies the resource name. provider String Specifies the cloud service name. type String Specifies the cloud resource type. region_id String Specifies the ID of the region where the resource is located. project_id String Specifies the IAM
For example, IAM is not supposed to report secret access keys (SKs) to Config, and Config will not display SK data. Why Some Tags Cannot Be Used to Perform Operations (For Example, Filtering Resources) on Config?
Resource Tag Permissions API Action Dependencies IAM Project Enterprise Project Listing resources POST /v1/resource-manager/{resource_type}/resource-instances/filter rms:resources:listResourcesByTag - √ x Querying the number of resources POST /v1/resource-manager/{resource_type}/resource-instances
Advanced Queries Permissions API Action IAM Project Enterprise Project Running advanced queries POST /v1/resource-manager/domains/{domain_id}/run-query rms:resources:runQuery √ x Creating an advanced query POST /v1/resource-manager/domains/{domain_id}/stored-queries rms:storedQueries
Compliance Permission API Action Dependencies IAM Project Enterprise Project Querying all built-in policies GET /v1/resource-manager/policy-definitions rms:policyDefinitions:get - √ x Querying a built-in policy GET /v1/resource-manager/policy-definitions/{policy_definition_id} rms
1667374060248, "evaluation_hash" : "89342b8f338165651991afb8bd471396" } Example Responses Status code: 200 Operation succeeded. { "domain_id" : "d0123456789", "region_id" : "global", "resource_id" : "abc0123456789", "resource_name" : "test_user", "resource_provider" : "iam
Guideline Description Rule Solution I-2 Depending on the cloud deployment model adopted, these may include multi-tenancy risks, as well as those concerning concentration risk and supply chain risks more generally. iam-group-has-users-check Assign different permissions to IAM users
${agency_name}: the name of the custom IAM agency For details about how to create an IAM agency, see Cloud Service Agency. Set the authorization object to Config in the agency.
For details about how to obtain an account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
For example, a resource attribute can be the number of CPU cores of an ECS, the capacity of an EVS disk, or the password strength of an IAM user. For more details, see How Can I Obtain Resource Attributes Reported to Config?.
Table 3 resource Parameter Type Description id String Resource ID. name String Resource name. provider String Cloud service name. type String Resource type. region_id String The ID of the region where the resource resides. project_id String IAM project ID. project_name String IAM
This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. iam-policy-no-statements-with-admin-access Grant IAM users only necessary permissions to perform required operations to ensure compliance with the least privilege
resourceHistoryRequest).toString()); } catch (ConnectionException | RequestTimeoutException | ServiceResponseException ex) { System.out.println(ex); } } } Response class ShowResourceDetailResponse { id: 81fi****a864 name: zh****ng provider: iam
Set Function Type to Event Function and configure other parameters, including the function name and IAM agency. The agency grants the function required permissions and must include the rms:policyStates:update permission. Click Create Function.
Resource Query Permission API Action IAM Project Enterprise Project Querying change records of a resource GET /v1/resource-manager/domains/{domain_id}/resources/{resource_id}/history rms:resources:getHistory √ x Querying resource relationships GET /v1/resource-manager/domains/{domain_id
If you select Custom granting to customize authorization for the resource recorder, you need to create an agency with IAM, and the agency must include either the permissions for sending notifications using an SMN topic or the permissions for writing data into an OBS bucket based on
Conformance Packages Permissions API Action Dependencies IAM Project Enterprise Project Creating a conformance package POST /v1/resource-manager/domains/{domain_id}/conformance-packs rms:conformancePacks:create rf:stack:createStack rf:stack:getStackMetadata rf:stack:listStackResources
