检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Obtaining Account, IAM User, Project, User Group, Region, and Agency Information Obtaining Account, IAM User, and Project Information Using the console Your username, user ID, account name, account ID, project name, and project ID need to be specified in the URL and request body for
Which Permissions Are Required for an IAM User to Use FunctionGraph?
IAM: IAM authentication. This mode grants access permissions to IAM users only and is of medium security. For details, see IAM Authentication None: No authentication. This mode grants access permissions to all users. None Protocol Mandatory.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. Content-Type Yes String Message body type (format). Response Parameters None Example Requests Enable asynchronous status notification.
IAM account authorization: FunctionGraph can use IAM to grant different function operation permissions to IAM users. Parent Topic: Security
For example, to obtain an IAM token in the AP-Bangkok region, obtain the endpoint of IAM (iam.ap-southeast-2.myhwclouds.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM projects and enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
Fine-grained Permission Control and Identity Authentication When configuring agency permissions, AKs, and SKs for functions through Identity and Access Management (IAM), comply with the principle of least privilege to ensure that the functions can access only specified resources.
Free Tier FunctionGraph offers a free tier for your account, which you can share with your IAM users. Requests: 1 million free requests every month. Execution duration: 400,000 GB-seconds free execution duration every month.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. IAM user A user is created by an account to use cloud services. Each user has its own identity credentials (password or access keys).
To obtain a token, use the standard API of Identity and Access Management (IAM).
Appendix Status Codes Error Codes Obtaining Account, IAM User, Project, User Group, Region, and Agency Information FunctionGraph Metrics
IAM: IAM authentication. Only IAM users are allowed to access the system. The security level is medium. For details, see IAM Authentication. None: No authentication. This mode grants access permissions to all users. protocol False Enum Request protocol. Default: HTTPS.
X-CFF-Security-Access-Key A temporary access key and SecurityToken are issued by the system to IAM users. The temporary AK/SK and SecurityToken follow the principle of least privilege. A temporary AK/SK and SecurityToken must be used together.
Create a user group on the IAM console using an IAM account, and assign the FunctionGraph Invoker role to the group. Create an IAM user and add it to the user group. Create a user on the IAM console using an IAM account and add the user to the group created in 1.
Introduction In addition to IAM and app authentication, APIG also supports custom authentication with your own system, which can better adapt to your business capabilities. This chapter guides you through the process of creating a FunctionGraph API that uses a custom authorizer.
Creating an Agency Log in to the Identity and Access Management (IAM) console. On the IAM console, choose Agencies from the navigation pane, and click Create Agency in the upper right corner. Figure 2 Creating an agency Configure the agency.
Figure 7 Content of the credentials.csv file If you do not have access to the console, request the administrator to create an access key for you on the IAM console in case your access key is lost or needs to be reset. For details, see Managing Access Keys for an IAM User.
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
