检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can use your Huawei Cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
To perform these operations, you need related IAM agencies. The following lists the details. To create IAM agencies, you need the iam:agencies:createAgency and iam:permissions:grantRoleToAgency permissions.
IAM user import Identity and Access Management (IAM) To import IAM users, the IAM ReadOnlyAccess permission is required. Table 3 lists the common operations for each system-defined policy or role of CSE. Select policies or roles as needed.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
The change will be applied to all IAM users and federated users (SP initiated) of the account. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
By integrating IAM permissions with Kubernetes cluster permissions, you can use IAM to oversee Kubernetes resource access for various users.
For details, see the IAM Product Introduction. Parent topic: Service Overview
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Making an API Request This section describes the structure of a REST API request, and uses the IAM API for obtaining a user token through password authentication as an example to demonstrate how to call an API.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, the endpoint of IAM in the AP-Singapore region is iam.ap-southeast-3.myhuaweicloud.com. resource-path Resource path, that is, the API access path, which is obtained from the URI of a specific API.
Replace the bold fields with the actual values. accountid indicates the ID of the account to which the IAM user belongs. username indicates the IAM username to be created. email indicates the email address of the IAM user. ******** indicates the login password of the IAM user.
With IAM, you can create IAM users for employees in your organization and assign permissions to control their access to Huawei Cloud resources.
Before using this API, the administrator must have the Security Administrator permission configured in IAM, and access keys must be configured for the IAM users.
If your Huawei Cloud account does not require IAM for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
