检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Relationship Between IAM Identities and Operators Huawei Cloud IAM provides the following types of identities: IAM users, IAM agencies, cloud service agencies, IAM Identity Center users, and federated users.
Wait for the notification regarding the creation of an IAM user on the email terminal. You have received the email alarm about creating an IAM user. CTS can monitor the operation of creating an IAM user. Links to FAQs What Should I Do If I Cannot Enable CTS as an IAM User?
Must I Use an OBS Bucket as an IAM User When Configuring Transfer on CTS as an IAM User?
What If I Cannot Enable CTS as an IAM User? Background If you fail to enable CTS as an Identity and Access Management (IAM) user, perform the following steps. Procedure Check whether the IAM user has the permission. If yes, go to 2.
Must I Use an OBS Bucket as an IAM User When Configuring Transfer on CTS as an IAM User? No. You only need to ensure that you have the permissions to perform operations on OBS buckets. Parent topic: Trace Transfer
The token obtained from IAM is valid for only 24 hours. If you want to use the same token for authentication, you can cache it to avoid frequent calling of the IAM API.
Access Control To assign different CTS access permissions to employees in your enterprise, IAM is a good choice for refined permissions management.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
If you log in to the console as an IAM user, contact the administrator (Huawei Cloud account or a user in the user group admin) to grant the following permissions to the IAM user. For details, see Assigning Permissions to an IAM User.
The user field shows details of the IAM user who created the ECS. The format is {"name": "Account name", "id": "Account ID", "domain"{"name": "IAM user name", "id": "IAM user ID"}}. If the ECS was created by an account, the IAM user name and the account name are the same.
Granting Only the Minimum Permissions to IAM Users to Prevent Data Leakage To assign different permissions to employees in your enterprise to access your CTS resources, IAM is a good choice for fine-grained permissions management.
Replace the fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: name of the IAM user to be created. email: email address of the IAM user. **********: password of the IAM user. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permissions. For details, see Assigning Permissions to an IAM User.
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
How Do I Find Out the Login IP Address of an IAM User? Background If you want to check if there are security risks in your account by examining the login IP addresses and login time of IAM users, you can view traces recorded by CTS. Prerequisites You have enabled CTS.
The cts_admin_trust agency of IAM contains the following permissions: OBS Administrator KMS Administrator SMN Administrator Parent topic: Product Consulting
agencies:listAgencies iam:agencies:createAgency iam:permissions:grantRoleToAgencyOnProject iam:permissions:listRolesForAgencyOnProject iam:projects:listProjects iam:groups:listGroups iam:users:listUsers iam:users:listUsersForGroup Creating a key event notification cts:notification
For an IAM user, the format is iam::<account-id>:user:<user-name>. For an IAM agency session identity, the format is sts::<account-id>:assumed-agency:<agency-name>/<agency-session-name>.
Trace References Trace Structure Example Traces Relationship Between IAM Identities and Operators
Permissions Management You can use Identity and Access Management (IAM) for fine-grained permissions control for your CTS. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
