检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to IMS Creating a User and Granting Permissions Creating a Custom Policy
How Do I Create an IAM Agency? Scenarios During cross-region image replication, an agency is required to verify cloud service permissions in the destination region. So, create a cloud service agency before the replication.
Parent topic: Using IAM to Grant Access to IMS
The following is an example deny policy: { "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "ims:images:delete" ] } ] } Parent topic: Using IAM to Grant Access to IMS
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Access Control for IMS You can use Identity and Access Management (IAM) to control access to your images. IAM permissions define which actions on your cloud resources are allowed or denied.
If your account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You pay only for the resources in your account. For more information about IAM, see What Is IAM?
If an action supports only IAM projects, the policy will take effect only for user groups assigned in IAM. For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
name "password": $ADMIN_PASS, //IAM user password.
Can I Use a Private Image of an IAM User Under My Account to Create an ECS? Yes. Private images created by an IAM user are visible to the account that the IAM user belongs to as well as all other IAM users (if any) under this account.
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently calling the IAM API.
To ensure account security, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Image Quota Permission API Action Dependencies IAM Project Enterprise Project Querying the Image Quota GET /v1/cloudimages/quota ims:quotas:get - √ √ Parent topic: Permissions and Supported Actions
How Do I Create an IAM Agency? What Do I Do If I Enabled EPS But Now I Cannot Find Private Images in My Enterprise Project? What Do I Do If I Cannot Create an Image from a CSBS Backup or BMS Using a Sub-account with the Allow_all Permission After EPS Is Enabled?
For details, see Assigning Permissions to an IAM User. Parent topic: Accounts and Permissions
Image Schema Permission API Action Dependencies IAM Project Enterprise Project Querying an Image Schema (Native OpenStack API) GET /v2/schemas/image N/A - √ x Querying an Image List Schema (Native OpenStack API) GET /v2/schemas/images N/A - √ x Querying an Image Sharing Member Schema
IAM Agency: Select an IAM agency. (Optional) Description: Describe the replication. Disclaimer: Read the disclaimer and select I have read and agree to the disclaimer. Click OK. Switch to the destination region.
Image Tagging Permission API Action Dependencies IAM Project Enterprise Project Adding a Tag (Native OpenStack API) PUT /v2/images/{image_id}/tags/{tag} ims:images:get ims:images:update - √ x Deleting a Tag (Native OpenStack API) DELETE /v2/images/{image_id}/tags/{tag} ims:images:
For details about how to create an IAM agency, see How Do I Create an IAM Agency? vault_id No String Specifies the vault ID. This parameter is mandatory if you are replicating a full-ECS image.
