检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Maximum length: 2048 Table 3 Parameters in the request body Parameter Mandatory Type Description managed_role_id Yes String Unique ID of the IAM system-defined policy.
URI GET /v1/instances/{instance_id}/mfa-devices/management-settings Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance.
URI POST /v1/instances/{instance_id}/mfa-devices/management-settings Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance.
URI POST /v1/instances/{instance_id}/disassociate-profile Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance.
Restrictions To obtain the bucket tags, you must be the bucket owner or have the required permission (obs:bucket:GetBucketTagging in IAM or GetBucketTagging in a bucket policy).
Alarm Description When Guardian calls an IAM API to obtain the temporary AK/SK, it needs to first obtain related metadata via the ECS Metadata API. This alarm is generated when Guardian fails to call the Metadata API.
Preparing a Huawei Account Before using MgC, prepare a HUAWEI ID or an IAM user that can access MgC and obtain an AK/SK pair for the account or IAM user. For more information, see Preparations.
Error information: httpcode=401,code=APIGW.0301,Msg=Incorrect IAM authentication information: current ip:xx.xx.xx.xx refused Possible Causes Access control is configured in IAM. By default, IAM allows access from any IP addresses.
Maximum length: 2048 Table 3 Parameters in the request body Parameter Mandatory Type Description managed_policy_id Yes String Unique ID of the IAM system-defined identity policy.
In IAM, the administrator sets Access Type to Programmatic access.
The token obtained from Identity and Access Management (IAM) is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently calling the IAM API.
Solution Contact the administrator (account to which the IAM user belongs) to add the SMN access permission. To add the permission, do as follows: Log in to IAM as the administrator, and add the SMN access permission to the IAM user.
Related Services IAM FRS uses Identity and Access Management (IAM) for authentication and authorization. OBS FRS allows users to read facial images from Object Storage Service (OBS).
You can search for cbc_customerorgagent on the Identity and Access Management (IAM) console. If the agency is displayed, go to 2. If there is no data available, the agency has been deleted.
For example, to list instances in IAM Identity Center, obtain the endpoint of IAM Identity Center (identitycenter.myhuaweicloud.com) and find resource-path (/v1/instances) in the URI of the API for Listing Instances.
IAM Authentication IAM uses token-based authentication. The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the API used to obtain a user token. Ensure that the token is valid while you use it.
Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center. Choose Settings in the navigation pane. Click the Authentication tab. In Who Can Manage MFA Devices, select Users can bind and manage their own MFA devices.
To obtain a token, use the standard API of Identity and Access Management (IAM).
What Are the Differences Between an IAM Permission and a Bucket Policy in Access Control? Why Is the Message "Access denied" Still Appearing After OBS System Permissions Are Allowed?
Create an IAM User If you want to allow multiple users to manage your resources without sharing your password or private key, you can create users using IAM and grant permissions to the users.
