检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For example, a resource attribute can be the number of CPU cores of an ECS, the capacity of an EVS disk, or the password strength of an IAM user. For more details, see How Can I Obtain Resource Attributes Reported to Config?.
Table 3 resource Parameter Type Description id String Resource ID. name String Resource name. provider String Cloud service name. type String Resource type. region_id String The ID of the region where the resource resides. project_id String IAM project ID. project_name String IAM
resourceHistoryRequest).toString()); } catch (ConnectionException | RequestTimeoutException | ServiceResponseException ex) { System.out.println(ex); } } } Response class ShowResourceDetailResponse { id: 81fi****a864 name: zh****ng provider: iam
This includes ensuring that any third parties working on behalf of the SME have appropriate security measures in place. iam-policy-no-statements-with-admin-access Grant IAM users only necessary permissions to perform required operations to ensure compliance with the least privilege
Set Function Type to Event Function and configure other parameters, including the function name and IAM agency. The agency grants the function required permissions and must include the rms:policyStates:update permission. Click Create Function.
Resource Query Permission API Action IAM Project Enterprise Project Querying change records of a resource GET /v1/resource-manager/domains/{domain_id}/resources/{resource_id}/history rms:resources:getHistory √ x Querying resource relationships GET /v1/resource-manager/domains/{domain_id
For details about how to obtain the ID, see Obtaining Account, IAM User, and Project Information. log_group_id: log group ID. For details about how to obtain the ID, see Managing Log Groups. log_topic_id: log stream ID.
type = string } variable "ConfigAgencyName" { description = "Specifies the IAM agency name which must include permissions for sending notifications through SMN and for writing data into OBS."
If you select Custom granting to customize authorization for the resource recorder, you need to create an agency with IAM, and the agency must include either the permissions for sending notifications using an SMN topic or the permissions for writing data into an OBS bucket based on
If you want to use a template in your OBS bucket to create a conformance package, configure a proper IAM policy and an OBS bucket policy to ensure that the template can be accessed.
Conformance Packages Permissions API Action Dependencies IAM Project Enterprise Project Creating conformance packages POST /v1/resource-manager/domains/{domain_id}/conformance-packs rms:conformancePacks:create rf:stack:createStack rf:stack:getStackMetadata rf:stack:listStackResources
Password authentication must be used. iam-user-mfa-enabled Enable MFA for all IAM users. MFA provides an additional layer of protection in addition to the username and password. 8.1.4.7 a.
Example Responses Status code: 200 Operation succeeded. { "policy_states" : [ { "domain_id" : "39f4a9434e0c4bf3806e5aff54adea39", "region_id" : "region1", "resource_id" : "04d5a1a31c314ebba8c73daa66c6cd12", "resource_name" : "group1", "resource_provider" : "iam
Resource Aggregation Permissions API Action Dependencies IAM Project Enterprise project Authorizing a resource aggregator account PUT /v1/resource-manager/domains/{domain_id}/aggregators/aggregation-authorization rms: aggregationAuthorizations:create - √ x Deleting authorization for
Specify a valid value for limit. 401 RMS.00010079 Incorrect IAM authentication information: Authorization header is missing. Incorrect IAM authentication information: Authorization header is missing. Add authentication header. 403 RMS.00010006 access denied. Access denied.
Set Function Type to Event Function and configure the required IAM agency. The agency grants the function required permissions, including rms:policyStates:update. Click Create Function and then on the Code tab, configure the code. Click Deploy.
Only the {"agency_name": value_name} structure is supported, where value_name indicates the IAM agency name configured for Config. custom_policy specifies the URN of the function in the custom policy and the authentication type for invoking the function. parameters The values of rule
Example Requests None Example Responses Status code: 200 Operation succeeded. { "value" : [ { "automatic" : false, "resource_id" : "id-001", "resource_provider" : "iam", "resource_type" : "users", "invocation_time" : "2024-01-17T09:39:19Z", "state" : "FAILED
Example Responses Status code: 200 Operation successful. { "value" : [ { "compliance_state" : "NonCompliant", "resource" : { "resource_id" : "011414082b134059b1c5eafe0697cd15", "resource_name" : "ServiceLinkedAgencyForSecMaster", "resource_provider" : "iam
parameters Parameter Type Description channel ChannelConfigBody object Specifies configurations for the tracker. selector SelectorConfigBody object Specifies the selector. retention_period_in_days Integer Specifies the number of days for data storage. agency_name String Specifies the IAM
