检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can use your Huawei Cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific Huawei Cloud resources.
Using IAM to Grant Access to VPC Endpoint Creating a User and Granting VPC Endpoint Permissions
code: 200 The server has successfully processed the request. { "permissions" : [ "iam:domain::5fc973eea581490997e82ea11a1d0101", "iam:domain::5fc973eea581490997e82ea11a1d0102" ] } SDK Sample Code The SDK sample code is as follows.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling the IAM API.
Table 4 EpsAddPermissionRequest Parameter Mandatory Type Description permission Yes String The permission format is iam:domain::domain_id or organizations:orgPath::org_path. iam:domain:: and organizations:orgPath:: are fixed formats. domain_id indicates the ID of the account in which
name "password": $ADMIN_PASS, //IAM user password.
users and controlling their access to VPC Endpoint resources IAM Permissions Configured as a gateway VPC endpoint service by default.
On the IAM console, create a user group and attach the VPCEndpoint Administrator policy to the group. Create an IAM user and add it to the created user group. Create an IAM user and add it to the user group created in 1. Log in as the IAM user and verify permissions.
VPC Endpoints Table 1 Actions for managing VPC endpoints Permission API Action Dependent Action IAM Project Enterprise Project Creating a VPC endpoint POST /{project_id}/vpc-endpoints vpcep:endpoints:create - √ × Querying VPC endpoints GET /{project_id}/vpc-endpoints vpcep:endpoints
Constraints A VPC endpoint policy is defined in the JSON document of IAM policies. VPC endpoint policies must comply with the grammar and structure of IAM permission policies.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
Tags Table 1 Actions for managing tags Permission API Action Dependent Action IAM Project Enterprise Project Querying VPCEP resources by tag POST /v1/{project_id}/{resource_type}/resource_instances/action vpcep:resource:list - √ × Adding or deleting a resource tag POST /v1/{project_id
Table 2 Query Parameters Parameter Mandatory Type Description permission No String Specifies the permission account ID in iam:domain::domain_id format. domain_id indicates the account ID of the authorized user, for example, iam:domain::6e9dfd51d1124e8d8498dce894923a0d.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Resource Quotas Table 1 Actions for managing resource quotas Permission API Action Dependent Action IAM Project Enterprise Project Querying quotas GET /v1/{project_id}/quotas vpcep:quotas:get - √ × Parent Topic: Permissions Policies and Supported Actions
If your HUAWEI ID does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Identity and Access Management Permissions Management You can use Identity and Access Management (IAM) to control access to your VPC Endpoint resources. IAM permissions define which actions on your cloud resources are allowed or denied.