检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Introduction In addition to IAM and app authentication, APIG also supports custom authentication with your own system, which can better adapt to your business capabilities. This chapter guides you through the process of creating a FunctionGraph API that uses a custom authorizer.
If your Huawei Cloud account does not need individual IAM users, you can skip this section. By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups.
When you use the new domain name, the IAM API for authentication is called, and the Huawei Cloud account and password need to be carried in the request.
When configuring alarm rules, only Huawei Cloud accounts or IAM users with the Tenant Administrator permissions can select all resources. For details about how to assign the Tenant Administrator permissions to an IAM user, see Creating a User Group and Assigning Permissions.
On the Dashboard page, click Synchronize on the right of IAM User Sync to synchronize IAM users. On the Dashboard page, click Manage Agency on the right side of Select Agency to select the agency created in Creating an ECS Agency, and click OK to bind it to the cluster.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For more information about IAM, see IAM Service Overview. CCI Permissions By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently calling the IAM API.
Login Authentication Policy Access Control MPC supports access control through IAM fine-grained authorization policies.
Related Services IAM Identity and Access Management (IAM) authenticates access to GES on Huawei Cloud. VPC GES uses Virtual Private Cloud (VPC) to provide clusters with network topologies to isolate clusters and control access.
For example, the endpoint of IAM in the AP-Singapore region is iam.ap-southeast-3.myhuaweicloud.com. resource-path The resource path, that is, the API access path, is obtained from the URI of a specific API.
On the displayed API Credentials page, obtain the IAM user ID. After the grant is created, the IAM user can use the specified keys. Account Account ID: To obtain the account ID, hover the cursor over the username in the upper right corner, and choose My Credentials.
With IAM, you can create IAM users, and assign permissions to the users to control their access to specific resources.
Related Services IAM Identity and Access Management (IAM) lets you control user authentication and access to OCR. Cloud Eye Cloud Eye monitors the metrics of OCR listed in Table 1. You use these metrics to monitor OCR usage.
Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center. In the navigation pane, choose Multi-Account Permissions > Accounts. By default, accounts are displayed in an organizational hierarchy structure.
Parameters Status code: 200 Table 4 Parameters in the response body Parameter Type Description group_memberships Array of objects Listed group members page_info Object Pagination information Table 5 group_memberships Parameter Type Description group_id String Globally unique ID of an IAM
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
Enter the account ID and IAM user ID in the format of Account ID/IAM user ID. To specify multiple IAM users, enter each one on a separate line. An asterisk (*) indicates all accounts or IAM users. NOTE: The account ID and IAM user ID can be obtained on the My Credentials page.
On the displayed page, specify the expiration time, select Synchronize IAM account for Adding Method, then select the IAM account created in 4 for Users to Select, and click OK.
APIG.0301 Error There are two possibilities to check: If error message "Incorrect IAM authentication information: decrypt token fail" and error code APIG.0301 are displayed, the token fails to decrypt.
