检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a Stack Set Note: If the error shown in the following figure is displayed, grant permissions to the user by referring to Granting Permissions to Use the RFS Frontend Based on IAM Policies. 1.
Grant the user sufficient permissions on IAM and then perform IAM user synchronization on the Dashboard tab page." is displayed. Solution: Before you submit the job, go to the Dashboard page, and click Synchronize on the right side of IAM User Sync. Parent topic: Job Management
IAM projects or enterprise projects: Scope of users a permission is granted to. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and only take effect for IAM.
If your Huawei Cloud account does not need individual IAM users for permissions management, skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, to obtain an IAM token in the ALL region, obtain the endpoint of IAM (iam.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
If your Huawei Cloud account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see Identity and Access Management Service Overview.
IAM projects or enterprise projects: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
For example, to obtain an IAM token in the AP-Singapore region, obtain the endpoint of IAM (iam.ap-southeast-3.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For example, you have obtained the IAM endpoint (iam.xxx.com) of a region and found the resource-path (/v3/auth/tokens) in the URI of the API that is used to obtain a user token.
NOTE: You can only choose an SMN topic in the default IAM project of the region where you currently use MgC. To enable this function, you need to authorize MgC when the system prompts you. Select one or more trigger conditions.
Procedure Log in to the Huawei Cloud console using your account, or log in as the IAM user created in "Assigning Permissions to an IAM User (by a Delegated Party)".
IAM is used to control resource operation permissions on the CSS management plane. If you need to assign different permissions to employees in your organization to access your CSS resources, IAM is a good choice for fine-grained permissions management.
IAM provides identity authentication, permissions management, and access control, helping you to securely access your Huawei Cloud resources. If your HUAWEI ID does not require IAM for permissions management, you can skip this section. IAM can be used on Huawei Cloud for free.
IAM projects or enterprise projects: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
For example, to obtain an IAM token in the AP-Singapore region, obtain the endpoint of IAM (iam.ap-southeast-3.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Custom Authentication Information Obtaining Class The IdentityGenerator class is used to obtain IAM authentication information (token, permanent AK/SK, and temporary AK/SK and securityToken) for accessing LakeFormation.
