检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
KMS can ingest attestation documents from QingTian Enclave instances and validates the measurements in the attestation documents against these specified in the IAM policies to determine whether QingTian Enclave instances can access KMS APIs.
ECS Management Through Console Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Obtaining the address for logging in to the console using VNC POST /v2.1/{project_id}/servers/{server_id}/remote-consoles ecs:servers:createConsole
To do so, perform the following operations: On the User Groups page of the IAM console, locate the target user group and click Authorize in the Operation column. Select policies or roles from the list. Click Next and select Region-specific projects.
Image Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Creating an image (native OpenStack API) (discarded) POST /v2.1/{project_id}/servers/{server_id}/action ecs:servers:createImage ecs:servers:list evs:volumes
The user token (no special permission requirements) of an IAM user is required if the user is requesting to verify their own token. This example uses the IAM user and the X-Auth-Token is the same as the token to be verified X-Subject-Token: Token to be verified.
When you or the IAM users under your account perform critical operations, for example, deleting ECS resources, you are required to enter a verification code based on the selected verification method.
Specifications Query Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying details about flavors and extended flavor information GET /v1/{project_id}/cloudservers/flavors ecs:cloudServerFlavors:get - Supported Supported
Tenant Quota Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying quotas of a tenant GET /v1/{project_id}/cloudservers/limits ecs:cloudServerQuotas:get - Supported Supported Not supported Not supported
The ECS recycle bin is enabled by IAM project. If multi-project management is used, you need to enable recycle bin for each project. Prerequisites To enable ECS recycle bin, you need to enable EVS recycle bin first. For details, see Enabling the Recycle Bin.
Authorizing Redeployment for Instances that Not Using Local Disks Authorize Redeployment for Instances Using Local Disks Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
Batch Operations Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Stopping ECSs in a batch POST /v1/{project_id}/cloudservers/action ecs:cloudServers:stop - Supported Supported Supported Supported Restarting ECSs in a
SSH Key Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Creating and importing an SSH key pair (native OpenStack API) (discarded) POST /v2.1/{project_id}/os-keypairs ecs:serverKeypairs:create - Supported Not
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
Operation protection takes effect for your account and IAM users created using your account. For details, see Protection for Mission-Critical Operations.
Figure 2 Changing VPCs In the displayed box, from the IAM Agency drop-down list, select an agency that has granted ECS access and related permissions to COC. If no agency is available, create one by clicking Create Agency.
IAM The Identity and Access Management (IAM) provides permissions management to securely manage access to your Huawei Cloud services and resources. Parent Topic: QingTian Enclave Overview
In addition, several PCRs included in attestation documents can be used to create condition keys of IAM access control policies for stronger access control. For details, see PCR.
Floating IP Address Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Allocating a floating IP address (native OpenStack API) POST /v2.1/{project_id}/os-floating-ips ecs:serverFloatingIps:use vpc:floatingIps
