检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
URI GET /v1/instances/{instance_id}/permission-sets/{permission_set_id}/accounts Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance permission_set_id Yes String Globally unique ID of a permission
URI GET /v1/instances/{instance_id}/permission-sets/provisioned-to-accounts Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance Table 2 Query parameters Parameter Mandatory Type Description limit
URI GET /v1/instances/{instance_id}/permission-sets/provisioning-status/{request_id} Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance request_id Yes String Unique ID of a request Request Parameters
URI PUT /v1/instances/{instance_id}/permission-sets/{permission_set_id}/custom-policy Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance permission_set_id Yes String Globally unique ID of a permission
Symptom You have set an API access control policy, but IAM users who do not meet the policy requirements can still access Huawei Cloud using APIs. Solution The API access control policy has not taken effect yet. API access control policies take effect within 2 hours once set.
Free Tier FunctionGraph offers a free tier for your account, which you can share with your IAM users. Requests: 1 million free requests every month. Execution duration: 400,000 GB-seconds free execution duration every month.
Preparing a Huawei Account Before using MgC, prepare a HUAWEI ID or an IAM user that can access MgC and obtain an AK/SK pair for the account or IAM user. For details, see Making Preparations.
Constraints CCI resources cannot be operated using ccictl in IAM 5.0 (Landing Zone).
With IAM, you can: With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to GaussDB(DWS) resources.
URI GET /v1/instances/{instance_id}/permission-sets/{permission_set_id} Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance permission_set_id Yes String Globally unique ID of a permission set Request
URI GET /v1/instances/{instance_id}/permission-sets/provisioning-statuses Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance Table 2 Query parameters Parameter Mandatory Type Description limit No
restrict permissions for access token authorization Response Parameters Status code: 200 Table 2 Parameters in the response body Parameter Type Description token_info Object Token information Table 3 token_info Parameter Type Description access_token String Opaque token used to access IAM
URI POST /v1/instances/{instance_id}/permission-sets/{permission_set_id}/provision Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance permission_set_id Yes String Globally unique ID of a permission
Obtaining Authentication Information Obtaining AK/SK Access Key ID/Secret Access Key (AK/SK) is created on Identity and Access Management (IAM) to authenticate calls to application programming interfaces (APIs) on the public cloud.
Obtaining Authentication Information Obtaining AK/SK Access Key ID/Secret Access Key (AK/SK) is created on Identity and Access Management (IAM) to authenticate calls to application programming interfaces (APIs) on the public cloud.
Prerequisites An IAM agency has been created by following the procedure in Automatically Creating an Agency. This IAM agency entrusts DIS to access your OBS resources. Parent topic: Interconnecting with OBS
It is possible that: "error_msg":"Incorrect IAM authentication information: decrypt token fail","error_code":"APIG.0301"indicates that the token fails to be decrypted.
It is possible that: "error_msg":"Incorrect IAM authentication information: decrypt token fail","error_code":"APIG.0301"indicates that the token fails to be decrypted.
Attribute path Minimum length: 1 Maximum length: 255 attribute_value Yes String Attribute value Minimum length: 1 Maximum length: 255 Response Parameters Status code: 200 Table 7 Parameters in the response body Parameter Type Description group_id String Globally unique ID of an IAM
Minimum length: 1 Maximum length: 255 Response Parameters Status code: 200 Table 7 Parameters in the response body Parameter Type Description identity_store_id String Globally unique ID of the identity source Minimum length: 1 Maximum length: 36 user_id String Globally unique ID of an IAM
