检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Operation protection takes effect for your account and IAM users created using your account. For details, see Protection for Mission-Critical Operations.
Figure 2 Changing VPCs In the displayed box, from the IAM Agency drop-down list, select an agency that has granted ECS access and related permissions to COC. If no agency is available, create one by clicking Create Agency.
IAM The Identity and Access Management (IAM) provides permissions management to securely manage access to your Huawei Cloud services and resources. Parent Topic: QingTian Enclave Overview
In addition, several PCRs included in attestation documents can be used to create condition keys of IAM access control policies for stronger access control. For details, see PCR.
An account key pair can be used by multiple IAM users in the account. A private key pair can only be used by the IAM user. You can create key pairs as needed. On the Key Pair Service page, click Import Key Pair.
Floating IP Address Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Allocating a floating IP address (native OpenStack API) POST /v2.1/{project_id}/os-floating-ips ecs:serverFloatingIps:use vpc:floatingIps
Password Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Resetting the password for logging in to an ECS with a few clicks for enterprise projects PUT /v1/{project_id}/cloudservers/{server_id}/os-reset-password
Create an IAM user and grant permissions to the user. In the upper right corner of the IAM console, click Go to New Console. Choose Users from the left navigation pane.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
For IAM users, permissions for COC operations need to be granted. For details, see Configuring Custom Policies for ECS Self-Service O&M. UniAgent must be installed. UniAgent is a unified data collection agent that supports script delivery and execution.
If you log in as an IAM user, obtain the IAM user ID of that IAM user. Constraints N/A Range N/A Default Value N/A agency_name No String Definition Specifies the IAM agency name.
Metadata Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying ECS metadata (native OpenStack API) (discarded) GET /v2.1/{project_id}/servers/{server_id}/metadata ecs:servers:listMetadata - Supported Not
ECS Group Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Deleting an ECS group DELETE /v1/{project_id}/cloudservers/os-server-groups/{server_group_id} ecs:cloudServers:deleteServerGroup - Supported Supported
These hashes are measurements of the instance and can be used as condition keys in IAM authorization policies to implement conditional access control over KMS APIs. For details, see PCR. Parent Topic: Examples of Using QingTian Enclave
Before performing the replication, create an IAM agency. Create an IAM agency. In the upper right corner of the page, click the username and select Identity and Access Management. In the navigation pane, choose Agencies. Click Create Agency.
Range N/A agency_name String Definition Specifies the IAM agency name. An agency is created by a tenant administrator on IAM to provide temporary credentials for ECSs to access cloud services.
Preparations Prepare a HUAWEI ID or an IAM user that has required permissions to use MgC. For details, see Preparations. On the MgC console, create an independent project for the migration and select Application migration for Project Type. For details, see Managing Projects.
Tag Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Adding tags to an ECS in a batch/Deleting tags from an ECS in a batch POST /v1/{project_id}/cloudservers/{server_id}/tags/action ecs:cloudServers:batchSetServerTags
For IAM users, permissions for COC operations need to be granted. For details, see Configuring Custom Policies for ECS Self-Service O&M. N/A Plug-in dependency A UniAgent needs to be installed.
If you have created an agency in IAM, you can select the agency from the drop-down list and obtain specified operation permissions. For more information about agencies, see Account Delegation. CPU Options This configuration is optional.
