检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to IMS Creating a User and Granting Permissions Creating a Custom Policy
For details, see Assigning Permissions to an IAM User. Parent topic: Accounts and Permissions
Access Control for IMS You can use Identity and Access Management (IAM) to control access to your images. IAM permissions define which actions on your cloud resources are allowed or denied.
If your account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You pay only for the resources in your account. For more information about IAM, see What Is IAM?
Can I Use a Private Image of an IAM User Under My Account to Create an ECS? Yes. Private images created by an IAM user are visible to the account that the IAM user belongs to as well as all other IAM users (if any) under this account.
name "password": $ADMIN_PASS, //IAM user password.
To ensure account security, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
How Do I Create an IAM Agency? Scenarios During cross-region image replication, an agency is required to verify cloud service permissions in the destination region. So, create a cloud service agency before the replication.
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
The token obtained from IAM is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently calling the IAM API.
Image Quota Permission API Action Dependencies IAM Project Enterprise Project Querying the Image Quota GET /v1/cloudimages/quota ims:quotas:get - √ √ Parent topic: Permissions and Supported Actions
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
If an action supports only IAM projects, the policy will take effect only for user groups assigned in IAM. For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
Image Tagging Permission API Action Dependencies IAM Project Enterprise Project Adding a Tag (Native OpenStack API) PUT /v2/images/{image_id}/tags/{tag} ims:images:get ims:images:update - √ x Deleting a Tag (Native OpenStack API) DELETE /v2/images/{image_id}/tags/{tag} ims:images:
The following is an example deny policy: { "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "ims:images:delete" ] } ] } Parent topic: Using IAM to Grant Access to IMS
How Do I Create an IAM Agency? What Do I Do If I Enabled EPS But Now I Cannot Find Private Images in My Enterprise Project? What Do I Do If I Cannot Create an Image from a CSBS Backup or BMS Using a Sub-account with the Allow_all Permission After EPS Is Enabled?
Parent topic: Using IAM to Grant Access to IMS
Image Schema Permission API Action Dependencies IAM Project Enterprise Project Querying an Image Schema (Native OpenStack API) GET /v2/schemas/image N/A - √ x Querying an Image List Schema (Native OpenStack API) GET /v2/schemas/images N/A - √ x Querying an Image Sharing Member Schema
IAM Agency: Select an IAM agency. (Optional) Description: Describe the replication. Disclaimer: Read the disclaimer and select I have read and agree to the disclaimer. Click OK. Switch to the destination region.
