检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Password Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Resetting the password for logging in to an ECS with a few clicks for enterprise projects PUT /v1/{project_id}/cloudservers/{server_id}/os-reset-password
Value 1 indicates ECSs. cascaded.instance_extrainfo String Specifies the extended information about the internal ECSs. image_name String Specifies the image name of the ECS. agency_name String Specifies the IAM agency name.
If you log in as an IAM user, obtain the IAM user ID of that IAM user. agency_name No String Specifies the IAM agency name. An agency is created by a tenant administrator on Identity and Access Management (IAM) to provide temporary credentials for ECSs to access cloud services.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Create an IAM user and grant permissions to the user. In the upper right corner of the IAM console, click Go to New Console. Choose Users from the left navigation pane.
Before performing the replication, create an IAM agency. Create an IAM agency. In the upper right corner of the page, click the username and select Identity and Access Management. In the navigation pane, choose Agencies. Click Create Agency.
Metadata Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Querying ECS metadata (native OpenStack API) (discarded) GET /v2.1/{project_id}/servers/{server_id}/metadata ecs:servers:listMetadata - Supported Not
ECS Group Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Deleting an ECS group DELETE /v1/{project_id}/cloudservers/os-server-groups/{server_group_id} ecs:cloudServers:deleteServerGroup - Supported Supported
These hashes are measurements of the instance and can be used as condition keys in IAM authorization policies to implement conditional access control over KMS APIs. For details, see PCR. Parent Topic: Examples of Using QingTian Enclave
Preparations Prepare a HUAWEI ID or an IAM user that has required permissions to use MgC. For details, see Preparations. On the MgC console, create an independent project for the migration and set Project Type to Application migration. For details, see Managing Projects.
Tag Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Adding tags to an ECS in a batch/Deleting tags from an ECS in a batch POST /v1/{project_id}/cloudservers/{server_id}/tags/action ecs:cloudServers:batchSetServerTags
If you have created an agency in IAM, you can select the agency from the drop-down list and obtain specified operation permissions. For more information about agencies, see Account Delegation. CPU Options This configuration is optional.
NIC Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Binding a private IP address to an ECS NIC PUT /v1/{project_id}/cloudservers/nics/{nic_id} ecs:cloudServerNics:update - Supported Not supported Not supported
ECS Status Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Changing an ECS OS POST /v2/{project_id}/cloudservers/{server_id}/changeos ecs:cloudServers:changeOS - Supported Supported Supported Supported Changing
You can assign these permissions to the IAM user by referring to ECS Custom Policies. A deleted or unsubscribed ECS cannot be moved to the recycle bin if: Your account is in arrears, restricted, or frozen. The ECS is faulty.
Security Group Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Creating a security group (native OpenStack API) (discarded) POST /v2.1/{project_id}/os-security-groups ecs:securityGroups:use vpc:securityGroups
Lifecycle Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Creating ECSs (pay-per-use or yearly/monthly) POST /v1.1/{project_id}/cloudservers Assigning a New EIP ecs:cloudServers:createServers Using an Existing
Disk Management Permission API Action Dependencies IAM Project Enterprise Project Authorization by Instance Authorization by Tag Detaching a disk from an ECS DELETE /v1/{project_id}/cloudservers/{server_id}/detachvolume/{volume_id} ecs:cloudServers:detachVolume - Supported Supported
KMS can ingest attestation documents from QingTian Enclave instances and validates the measurements in the attestation documents against these specified in the IAM policies to determine whether QingTian Enclave instances can access KMS APIs.
Using a V2 API without a microversion GET: https://{Endpoint}/v2/74610f3a5ad941998e91f076297ecf27/servers/detail {Endpoint} indicates the IAM endpoint. For details, see Endpoints.
