检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Step 4: Create a Non-administrator IAM User This topic walks you through how to create a non-administrator IAM user. IAM authentication is used for tenant log collection.
Using IAM Identity Policies to Grant Access to SecMaster You can perform identity policy-based authorization for SecMaster using Identity and Access Management (IAM).
Using IAM Roles or Policies to Grant Access to SecMaster You can perform role/policy-based authorization using Identity and Access Management (IAM). Create IAM users under your account for employees based on your enterprise's organizational structure.
Using IAM to Manage SecMaster Permissions Using IAM Roles or Policies to Grant Access to SecMaster Using IAM Identity Policies to Grant Access to SecMaster
If the user credentials are permanent IAM user credentials, delete them on the IAM console. For details, see Deleting an IAM User. If the user credentials are temporary credentials obtained from IAM, they can be associated with the IAM role.
Domain_name Enter the domain account information of the IAM user used to log in to the console. User_name Enter the user information of the IAM user used to log in to the console. Password Enter the password of the current login IAM user.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
Identity and Access Management (IAM) is a basic service of Huawei Cloud that provides permissions management to help you securely control access to SecMaster. With IAM, you can add users to a user group and configure policies to control their access to SecMaster resources.
Only non-administrator IAM users can be used for installing isap-agent. Make sure the /opt/cloud directory where you install isap-agent and use the collector has at least 100 GB of free disk space.
", "iam:agencies:listAgencies", "iam:permissions:grantRoleToAgencyOnDomain", "iam:agencies:createAgency", "iam:permissions:grantRoleToAgency", "iam:permissions:grantRoleToAgencyOnProject"
How Do I Grant Permissions to an IAM User? If you want to authorize an IAM user to operate the SecMaster service, you need to use the primary account to grant permissions to the user. Granting Permissions to an IAM User Log in to the SecMaster console as an administrator.
For a policy to be delivered to IAM, each time a maximum of 500 IAM users can be added as blocked objects by each account.
Length: 1 to 10,240 characters. owner String IAM user ID. script_params Array of AnalysisScriptParam objects Analysis script parameters. create_by String IAM user ID. create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
Length: 1 to 10,240 characters. owner String IAM user ID. script_params Array of AnalysisScriptParam objects Analysis script parameters. create_by String IAM user ID. create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
If your HUAWEI ID does not need individual IAM users, you may skip this section. With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies).
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations?. This section describes the elements used by IAM custom identity policies and Organizations SCPs.
Length: 1 to 10,240 characters. owner String IAM user ID. script_params Array of AnalysisScriptParam objects Analysis script parameters. create_by String IAM user ID. create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
Resource Planning Account A non-administrator IAM account that has the SecMaster data collection management permission. ECS Specifications The following table lists the specifications of the tenant cloud server (ECS) where the collector (isap-agent + Logstash) is installed.
"iam:permissions:grantRoleToAgency" ] } ]} iam:permissions:grantRoleToAgencyOnDomain, iam:permissions:grantRoleToAgency, iam:permissions:grantRoleToAgencyOnProject, and iam:agencies:createAgency are permissions required for using SecMaster.
For a policy to be delivered to IAM, each time a maximum of 500 IAM users can be added as blocked objects by each account.
