检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
KMS can ingest attestation documents from QingTian Enclave instances and validates the measurements in the attestation documents against these specified in the IAM policies to determine whether QingTian Enclave instances can access KMS APIs.
ECS Management Through Console Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Obtaining the address for logging in to the console using VNC POST /v2.1/{project_id}/servers/{server_id}/remote-consoles ecs:servers:createConsole
To do so, perform the following operations: On the User Groups page of the IAM console, locate the target user group and click Authorize in the Operation column. Select policies or roles from the list. Click Next and select Region-specific projects.
Image Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Creating an image (native OpenStack API) (discarded) POST /v2.1/{project_id}/servers/{server_id}/action ecs:servers:createImage ecs:servers:list evs:volumes
The user token (no special permission requirements) of an IAM user is required if the user is requesting to verify their own token. This example uses the IAM user and the X-Auth-Token is the same as the token to be verified X-Subject-Token: Token to be verified.
When you or the IAM users under your account perform critical operations, for example, deleting ECS resources, you are required to enter a verification code based on the selected verification method.
Specifications Query Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying details about flavors and extended flavor information GET /v1/{project_id}/cloudservers/flavors ecs:cloudServerFlavors:get - Supported Supported
Tenant Quota Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying quotas of a tenant GET /v1/{project_id}/cloudservers/limits ecs:cloudServerQuotas:get - Supported Supported Not supported Not supported
The ECS recycle bin is enabled by IAM project. If multi-project management is used, you need to enable recycle bin for each project. Prerequisites To enable ECS recycle bin, you need to enable EVS recycle bin first. For details, see Enabling the Recycle Bin.
Authorizing Redeployment for Instances that Not Using Local Disks Authorize Redeployment for Instances Using Local Disks Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
Batch Operations Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Stopping ECSs in a batch POST /v1/{project_id}/cloudservers/action ecs:cloudServers:stop - Supported Supported Supported Supported Restarting ECSs in a
SSH Key Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Creating and importing an SSH key pair (native OpenStack API) (discarded) POST /v2.1/{project_id}/os-keypairs ecs:serverKeypairs:create - Supported Not
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
IAM The Identity and Access Management (IAM) provides permissions management to securely manage access to your Huawei Cloud services and resources. Parent Topic: QingTian Enclave Overview
In addition, several PCRs included in attestation documents can be used to create condition keys of IAM access control policies for stronger access control. For details, see PCR.
Operation protection takes effect for your account and IAM users created using your account. For details, see Protection for Mission-Critical Operations.
Floating IP Address Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Allocating a floating IP address (native OpenStack API) POST /v2.1/{project_id}/os-floating-ips ecs:serverFloatingIps:use vpc:floatingIps
Password Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Resetting the password for logging in to an ECS with a few clicks for enterprise projects PUT /v1/{project_id}/cloudservers/{server_id}/os-reset-password
Value 1 indicates ECSs. cascaded.instance_extrainfo String Specifies the extended information about the internal ECSs. image_name String Specifies the image name of the ECS. agency_name String Specifies the IAM agency name.
If you log in as an IAM user, obtain the IAM user ID of that IAM user. agency_name No String Specifies the IAM agency name. An agency is created by a tenant administrator on Identity and Access Management (IAM) to provide temporary credentials for ECSs to access cloud services.
