检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Log In to a CBH Instance Console as an IAM User Function This API is used to log in to a CBH instance console as an IAM user. Calling Method For details, see Calling APIs.
Parent topic: Using IAM to Grant Access to CBH
Using IAM Identity Policies to Grant Access to CBH If you need to manage the permissions for your CBH resources, you can use Identity and Access Management (IAM). With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Using IAM to Grant Access to CBH Using IAM Roles or Policies to Grant Access to CBH Using IAM Identity Policies to Grant Access to CBH
Does CBH Support IAM Fine-Grained Management? Can I Use a CBH System to Centrally Manage My Cloud ERP or SAP Services? What Does Automatic O&M Include? How Do I Obtain an Enterprise Agreement Number? How Can I Configure Ports for a Bastion Host?
Does CBH Support IAM Fine-Grained Management? Yes. Identity and Access Management (IAM) is a basic service for permission management. By default, new IAM users do not have any permissions. You need to grant different permissions to IAM users based on their duties.
IAM Identity and Access Management (IAM) helps you to manage permissions and identity authentication for users of CBH instances. For more details, see Permissions Management.
You can log in to the bastion host using IAM Login or Admin Login without entering a password. However, you must use an account or key to log in to the bastion host using Local Login.
Check the current instance status 401 CBH.10020100 The IAM token is invalid. The IAM token is invalid. Please check if your token is correct. 403 CBH.10020002 Tenant has no authority. Tenant has no authority. The tenant has no permissions.
IAM_USER_CONFLICT(1016): IAM user conflict. HOST_NOT_MANAGE(1): The host is not managed. HOST_ACCOUNT_NOT_EXIST(553): The host account is unavailable. IAM_USER_NO_PERMISSION(901): The IAM user does not have the permission to operate the host.
If you log in to a bastion host through the service console, you can select Local Login, IAM Login (available in V3.3.44.0 or later), or Admin Login (available in V3.3.52.1 or later, but not supported by Kunpeng bastion hosts).
cbh StartInstance Stopping a bastion host instance cbh StopInstance Restarting a bastion host instance cbh RebootInstance Upgrading a bastion host instance cbh UpgradeInstance Rolling back a bastion host instance cbh RollbackInstance Logging in to a bastion instance console as an IAM
POST /v2/{project_id}/cbs/agency/authorization cbh::operateAuthorization iam:agencies:listAgencies iam:permissions:listRolesForAgencyOnProject iam:agencies:createAgency iam:agencies:deleteAgency iam:permissions:grantRoleToAgencyOnProject iam:permissions:revokeRoleFromAgencyOnProject
To learn more about how IAM is different from Organizations for access control, see How IAM Is Different from Organizations for Access Control?. This section describes the elements used by IAM custom identity policies and Organizations SCPs.
During remote logins, you can select local, IAM, or admin login mode. In local or IAM login mode, use the accounts as required. In admin login mode, you can log in to a bastion host as user admin without entering passwords.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies). IAM supports role/policy-based authorization and identity policy-based authorization.
agencies:listAgencies iam:permissions:listRolesForAgencyOnProject iam:agencies:createAgency iam:permissions:revokeRoleFromAgencyOnProject iam:roles:createRole iam:agencies:deleteAgency CBH ReadOnlyAccess Read-only permissions for CBH instances.
When you use an IAM, SAML, or Azure AD account to log in to a bastion host, if the system displays a message indicating that the local password is not set, set the local password in the Profile center or contact the administrator.
Operation Management Obtaining the CBH Instance List Obtaining the Status of a CBH Instance Starting a CBH Instance Stopping a CBH Instance Restarting a CBH Instance Upgrading a CBH Instance Log In to a CBH Instance Console as an IAM User Resetting the admin Password of a CBH Instance
