检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Granting LTS Permissions to IAM Users You can use Identity and Access Management (IAM) for fine-grained permissions control for your LTS. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
Ingesting Logs to LTS Across IAM Accounts If you choose Cross-Account Ingestion - Log Stream Mapping as the log ingestion type, you can create an agency to map the log stream of the delegator account to that of the delegated account.
Create an IAM user (for example, UserB) on the IAM console and add the user to GroupC by referring to Adding Users to a User Group. Ensure that the IAM user can use LTS through programmatic access or on the console.
Create an IAM user (for example, UserB) on the IAM console and add the user to GroupC by referring to Adding Users to a User Group. Ensure that the IAM user can use LTS through programmatic access or on the console.
LTS supports three identity authentication modes based on IAM: username and password, access key (AK/SK), and temporary access key. It also provides login protection and login authentication policies.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
For the API for creating an IAM user as an administrator, the following message body is returned. The following is part of the response body: { "user": { "id": "c131886aec...
Log search and analysis Embedding the LTS Log Query Page into a User-built System This practice describes how to use the federation proxy mechanism of Identity and Access Management (IAM) for custom identity broker and embed a login link to your systems so you can view LTS logs in
For security purposes, create an IAM user and grant the minimum permissions to the IAM user. The procedure is as follows: Log in to the IAM console. On the Users page, click Create User.
IAM helps you secure access to your LTS resources. With IAM, you can create IAM users and grant them permission to access only specific resources.
Usage Overview Usage Function Support Login Without Huawei Account Development Workload Account Permission Huawei Cloud console All LTS functions Not supported None Huawei Cloud IAM Embedding the LTS Log Query Page into a User-built System All functions on the LTS console The iframe
The token obtained from Identity and Access Management (IAM) is valid for only 24 hours. If you want to use the same token for authentication, cache it to avoid frequent calling of the IAM API.
Log Ingestion Overview Using ICAgent to Collect Host Logs Using ICAgent to Collect Container Logs Configuring ICAgent Structuring Parsing Ingesting Cloud Service Logs to LTS Using APIs to Ingest Logs to LTS Using SDKs to Ingest Logs to LTS Ingesting Logs to LTS Across IAM Accounts
IAM or enterprise projects: Type of projects for which permissions can be granted. Policies that contain actions for both IAM and enterprise projects take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects take effect only for IAM.
When installing ICAgent, you can create an IAM agency, and ICAgent will automatically obtain an AK/SK pair and generate the ICAgent installation command. Creating an Agency Log in to the IAM console. In the navigation pane, choose Agencies.
Replace the fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: username of the IAM user to be created. email: email address of the IAM user. **********: password of the IAM user.
By setting enterprise projects for log streams, you can set different log stream access permissions for different Identity and Access Management (IAM) users.
Prerequisites If the IAM users under your account want to use LTS, you need to grant them the permissions required. For details, see Granting LTS Permissions to IAM Users. Creating a Log Group Log in to the LTS console. On the Log Management page, click Create Log Group.
The API for obtaining a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Access Control To assign different LTS access permissions to employees in your enterprise, IAM is a good choice for refined permissions management.
