检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Must I Use an OBS Bucket as an IAM User When Configuring Transfer on CTS as an IAM User?
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
User Creation Operations 04:35 Monitoring IAM User Creation Operations
Assigning Least Privilege to IAM Users to Prevent Data Leakage To assign different permissions to employees in your enterprise to access your CTS resources, IAM is a good choice for fine-grained permissions management.
If you log in to the console as an IAM user, contact the administrator (Huawei Cloud account or a user in the user group admin) to grant the following permissions to the IAM user. For details, see Assigning Permissions to an IAM User.
If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permission. For details, see Assigning Permissions to an IAM User.
Trace References Trace Structure Example Traces Relationship Between IAM Identities and Operators
For services that do not differentiate regions, such as IAM, enable CTS and create a tracker named system in the central region CN-Hong Kong so that traces can be reported in other regions.
Using CTS to Monitor the Operation of Creating an IAM User This section describes how to use operation audit and key event notification of CTS to monitor the operation of creating an Identity and Access Management (IAM) user and send an alarm by email.
) IAM operations that can be recorded by CTS (IAM 3.0) IAM operations that can be recorded by CTS (IAM 5.0) Tag Management Service (TMS) TMS operations that can be recorded by CTS Resource Access Manager (RAM) RMS operations that can be recorded by CTS Log Tank Service (LTS) LTS operations
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permissions. For details, see Assigning Permissions to an IAM User.
What Do I Do If I Cannot Enable CTS as an IAM User? Does the cts_admin_trust Agency Include OBS Authorization? Does CTS Support Integrity Verification of Trace Files? Can I Disable CTS? How Will CTS Be Affected If My Account Balance Is Insufficient?
If you log in to Huawei Cloud as an IAM user, first contact your CTS administrator (account owner or a user in the admin user group) to obtain the CTS FullAccess permission. For details, see Assigning Permissions to an IAM User.
However, users with the enterprise project management function enabled must also be granted certain IAM permissions to use this capability. For global services, you must configure trackers and key event notifications on the CTS console in the central region (CN-Hong Kong).
) IAM User Guide > Operations that can be recorded by CTS Log Tank Service (LTS) LTS User Guide > Operations that can be recorded by CTS Application Services Application Operations Management (AOM) AOM User Guide > Operations that can be recorded by CTS Simple Message Notification
) IAM User Guide > Operations that can be recorded by CTS Log Tank Service (LTS) LTS User Guide > Operations that can be recorded by CTS Application Services Application Operations Management (AOM) AOM User Guide > Operations that can be recorded by CTS Simple Message Notification
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
How Do I Find Out the Login IP Address of an IAM User? Does CTS Record ECS Creation Failures? How Do I Find Out Who Created a Specific ECS? Why Is an Operation Recorded Twice in the Trace List? Why Are There Some Null Fields on the View Trace Page?
For an IAM user, the format is iam::<account-id>:user:<user-name>. For an IAM assumed-agency session identity, the format is sts::sts::<account-id>:assumed-agency:<agency-name>/<agency-session-name>.
