检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Log In to a CBH Instance Console as an IAM User Function This API is used to log in to a CBH instance console as an IAM user.
Parent topic: Using IAM to Grant Access to CBH
Using IAM Identity Policies to Grant Access to CBH If you need to manage the permissions for your CBH resources, you can use Identity and Access Management (IAM). With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Using IAM to Grant Access to CBH Using IAM Roles or Policies to Grant Access to CBH Using IAM Identity Policies to Grant Access to CBH
Does CBH Support IAM Fine-Grained Management? Yes. Identity and Access Management (IAM) is a basic service for permission management. By default, new IAM users do not have any permissions. You need to grant different permissions to IAM users based on their duties.
You can log in to the bastion host using IAM Login or Admin Login without entering a password. However, you must use an account or key to log in to the bastion host using Local Login.
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String User token It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
Incorrect server ID. 401 CBH.10020100 Invalid IAM token. IAM authentication failed. Check the token. 403 CBH.10020002 Tenant has no permissions. Permissions required. The tenant does not have the permission. Check the user permission on IAM. 500 CBH.10020000 Unknown error.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
IAM_USER_CONFLICT(1016): There were IAM user conflicts. HOST_NOT_MANAGE(1): The server requested has not be managed by CBH. HOST_ACCOUNT_NOT_EXIST(553): The account for logging in to the server is unavailable.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description publicip_id Yes String EIP ID, in UUID format.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String ID of the instance you want to roll back.
For details, see "Obtaining the Token of an IAM User."
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
During remote logins, you can select local, IAM, or admin login mode. In local or IAM login mode, use the accounts as required. In admin login mode, you can log in to a bastion host as user admin without entering passwords.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String CBH instance ID, in UUID format. reboot_type Yes String Restart mode, which is case insensitive.
For details, see "Obtaining the Token of an IAM User." Response Parameters Status code: 200 Table 3 Response body parameters Parameter Type Description authorization AgencyAuthorizeInfoRsp object Response body for the request for querying CBH agencies.
agencies:listAgencies iam:permissions:listRolesForAgencyOnProject iam:agencies:createAgency iam:permissions:revokeRoleFromAgencyOnProject iam:roles:createRole iam:agencies:deleteAgency CBH ReadOnlyAccess Read-only permissions for CBH instances.
