检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to IMS Creating a User and Granting Permissions Creating a Custom Policy
Access Control for IMS You can use Identity and Access Management (IAM) to control access to your images. IAM permissions define which actions on your cloud resources are allowed or denied.
If your account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You pay only for the resources in your account. For more information about IAM, see What Is IAM?
Can I Use a Private Image of an IAM User Under My Account to Create an ECS? Yes. Private images created by an IAM user are visible to the account that the IAM user belongs to as well as all other IAM users (if any) under this account.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. For details about the required permissions, see Permissions and Supported Actions.
To ensure account security, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
How Do I Create an IAM Agency? Scenarios During cross-region image replication, an agency is required to verify cloud service permissions in the destination region. So, create a cloud service agency before the replication.
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently calling the IAM API.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. For details about the required permissions, see Permissions and Supported Actions.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
If an action supports only IAM projects, the policy will take effect only for user groups assigned in IAM. For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. For details about the required permissions, see Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. For details about the required permissions, see Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. For details about the required permissions, see Permissions and Supported Actions.
The following is an example deny policy: { "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "ims:images:delete" ] } ] } Parent topic: Using IAM to Grant Access to IMS
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. For details about the required permissions, see Permissions and Supported Actions.
Parent topic: Using IAM to Grant Access to IMS
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. For details about the required permissions, see Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. For details about the required permissions, see Permissions and Supported Actions.
