检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
Authorization Each account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. If you are using role/policy-based authorization, see the required permissions in Permissions and Supported Actions.
"iam:agencies:list*", "iam:agencies:createAgency", "iam:agencies:createServiceLinkedAgencyV5", "coc:agency:get", "coc:agency:create", "iam:permissions:grantRoleToAgency",
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Application identity federation is built to allow tenant applications to use SAML and OIDC to securely exchange external tokens with Huawei Cloud IAM tokens. All IAM users are disabled.
Using an IAM agency for an instance You can configure an IAM agency when creating an ECS. An IAM agency for an instance is a virtual identity created by an IAM administrator. It represents the IAM identity for ECSs to access cloud service resources.
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
IAM PDP supports multiple types of access control policies, including VPCEP policies, IAM identity policies, and cloud service resource policies. IAM access control policies support a variety of condition attributes.
Create a custom policy policyTest using the account and attach the policy to an IAM user. Log in to the IAM console using the account.
In the condition keys of KMS key policies, you can use the SHA384 hash value of IAM agency as PCR3. This ensures that only QingTian Enclaves running on instances with the correct IAM agency can perform specific KMS actions on KMS keys.
The following shows part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
When you or the IAM users under your account perform critical operations, for example, deleting ECS resources, you are required to enter a verification code based on the selected verification method.
username "password": "$ADMIN_PASS", //IAM user password.
Prerequisites If you need to perform operations as an IAM user, ensure that the IAM user has been granted the required permissions.
The data security administrator sets PCR0 and PCR8 as condition keys of the IAM access control policies (controlling the kms-decrypt API). On the IAM console, use an account with administrator permissions to create a custom identity policy.
