检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Granting LTS Permissions to IAM Users You can use Identity and Access Management (IAM) for fine-grained permissions control for your LTS. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
If the delegator account deletes the agency from IAM after cross-account ingestion is configured, LTS will not detect the deletion and the ingestion configuration will continue to take effect.
Create an IAM user (for example, UserB) on the IAM console and add the user to GroupC by referring to Adding Users to a User Group. Ensure that the IAM user can use LTS through programmatic access or on the console.
Create an IAM user (for example, UserB) on the IAM console and add the user to GroupC by referring to Adding Users to a User Group. Ensure that the IAM user can use LTS through programmatic access or on the console.
LTS supports three identity authentication modes based on IAM: username and password, access key (AK/SK), and temporary access key. It also provides login protection and login authentication policies.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
This section describes how to create a custom policy for OBS bucket actions in IAM and attach the policy to a user group, thereby granting its users the specified permissions. Prerequisites An OBS bucket has been created.
For the API for creating an IAM user as an administrator, the following message body is returned. The following is part of the response body: { "user": { "id": "c131886aec...
For security purposes, create an IAM user and grant the minimum permissions to the IAM user. The procedure is as follows: Log in to the IAM console. On the Users page, click Create User.
IAM helps you secure access to your LTS resources. With IAM, you can create IAM users and grant them permission to access only specific resources.
Usage Overview Usage Function Support Login Without Huawei Account Development Workload Account Permission Huawei Cloud console All LTS functions Not supported None Huawei Cloud IAM Embedding the LTS Log Query Page into a User-built System All functions on the LTS console The iframe
The token obtained from Identity and Access Management (IAM) is valid for only 24 hours. If you want to use the same token for authentication, cache it to avoid frequent calling of the IAM API.
Log Ingestion Overview Using ICAgent to Collect Host Logs Using ICAgent to Collect Container Logs Configuring ICAgent Structuring Parsing Ingesting Cloud Service Logs to LTS Using APIs to Ingest Logs to LTS Using SDKs to Ingest Logs to LTS Ingesting Logs to LTS Across IAM Accounts
IAM or enterprise projects: Type of projects for which permissions can be granted. Policies that contain actions for both IAM and enterprise projects take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects take effect only for IAM.
When installing ICAgent, you can create an IAM agency, and ICAgent will automatically obtain an AK/SK pair and generate the ICAgent installation command. Creating an Agency Log in to the IAM console. In the navigation pane, choose Agencies.
Replace the fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: username of the IAM user to be created. email: email address of the IAM user. **********: password of the IAM user.
Permissions Management This chapter describes how to use Identity and Access Management (IAM) to implement fine-grained permissions control for your LTS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
With IAM, you can use your account to create IAM users for your employees, and assign permissions to the users to control their access to LTS resources.
The API for obtaining a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Access Control To assign different LTS access permissions to employees in your enterprise, IAM is a good choice for refined permissions management.
