检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
user_id Yes String IAM user ID. access_key_id Yes String Permanent access key ID (AK).
Only the following users can use IAM: Account root user (with permissions to access all services, including IAM) IAM users added to the admin group (with full permissions for all services, including IAM) IAM users with IAMFullAccessPolicy permissions (IAM administrator, with permissions
This identity policy allows the IAM user to create, update, read, and delete accessible resources. Step 1: Attach a Tag to an IAM User Log in to the new IAM console as an administrator and choose Users in the navigation pane.
As mentioned, IAM is responsible for the security of the service itself and provides a secure data protection mechanism. Users are responsible for the secure use of IAM services, including security parameter configuration and permission splitting and granting by enterprises.
For example, for an external access finding, the IAM policy contains public permissions required by workflows, or for an unused access finding, an unused access key may still be necessary.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Reviewing Findings After you enable IAM Access Analyzer, you can review any findings to determine whether the access identified in the finding is intended or unintended. If the access is unintended, you can make adjustments as needed.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Account Summary Query Used to obtain summary information about the IAM principal usage and IAM quota of an account. Account Function Query Used to obtain the function status of an account. Resource Tag Management Used to create, query, and delete tags for IAM resources.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
console, IAM automatically verifies the identity policy grammar.
Example Requests Listing all groups GET https://{endpoint}/v5/groups Listing all groups to which IAM user xxx belongs GET https://{endpoint}/v5/groups?
Category Item Default Quota Maximum Value Adjustable User IAM users 50 2000 Yes Characters allowed in a username 64 - No Identity policies you can attach to a user 10 20 √ User groups a user can belong to 10 - No AK/SK pairs that a user can create 2 - No Virtual MFA devices you can
Table 3 Configuration Parameter Mandatory Type Description iam_agency No IAMAgency object IAM trust agency. obs_bucket No OBSBucket object OBS bucket. kms_cmk No KMSCmk object KMS key.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies iam:groups:deleteGroupV5 Write group * - - - URI DELETE /v5/groups/{group_id} Table 1 Path Parameters Parameter Mandatory Type Description group_id Yes String Group ID.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies iam:groups:updateGroupV5 Write group * - - - URI PUT /v5/groups/{group_id} Table 1 Path Parameters Parameter Mandatory Type Description group_id Yes String Group ID.
