检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies iam:groups:deleteGroupV5 Write group * - - - URI DELETE /v5/groups/{group_id} Table 1 Path Parameters Parameter Mandatory Type Description group_id Yes String Group ID.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies iam:groups:updateGroupV5 Write group * - - - URI PUT /v5/groups/{group_id} Table 1 Path Parameters Parameter Mandatory Type Description group_id Yes String Group ID.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Notes and Constraints IAM Access Analyzer analyzes the permissions associated with the service-linked agency authorized by a tenant. It can be created only on the new IAM console.
IAM user login: IAM users are created by an administrator to use specific cloud services. Logging In as an IAM User: An account and IAM users share a parent-child relationship. IAM users can only use specific cloud services based on assigned permissions.
Currently, the following six resource types are supported: IAM, OBS, DEW, SWR, CBR, and IMS. Your analyzer might have active findings for other resources not listed here. Findings of Unused Access Log in to the new IAM console.
For details, see IAM Policy Evaluation Logic. Parent topic: Policies and Permissions
Unlike IAM identity policies, resource policies require you to specify who can access the resources. IAM agencies allow you to grant cross-account resource access without checking if cloud services support resource policies.
Maximum: 36 resource_type String Resource type. iam:agency: IAM agency iam:user: IAM user kms:cmk: DEW shared key obs:bucket: OBS bucket swr:repo: SWR image repository cbr:backup: CBR backup ims:image: IMS image sources Array of strings Source of findings, indicating how to grant
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies iam:groups:attachPolicyV5 Permission_management group * - - - - iam:PolicyURN URI POST /v5/policies/{policy_id}/attach-group Table 1 Path Parameters Parameter Mandatory Type Description policy_id Yes
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies iam:credentials:createCredentialV5 Write user * g:ResourceTag/<tag-key> - - URI POST /v5/users/{user_id}/access-keys Table 1 Path Parameters Parameter Mandatory Type Description user_id Yes String IAM
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Action Access Level Resource Type (*: required) Condition Key Alias Dependencies iam:groups:getGroupV5 Read group * - - - URI GET /v5/groups/{group_id} Table 1 Path Parameters Parameter Mandatory Type Description group_id Yes String Group ID.
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Example Requests Disabling the virtual MFA device whose serial number is iam::accountid:mfa:name and disassociating it from IAM user xxx POST https://{endpoint}/v5/mfa-devices/disable { "user_id" : "xxx", "serial_number" : "iam::accountid:mfa:name" } Example Responses None Status
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
In order to minimize the service interruptions caused by hardware failures, natural disasters, or other disastrous events, Huawei Cloud provides a DR plan for all data centers: As a basic identity authentication service, Huawei Cloud IAM has been deployed in multiple zones to provide
Authorization Information Each account has all the permissions required to call all APIs, but IAM users must be assigned the following required identity policy-based permissions. For details about the required permissions, see Permissions Policies and Supported Actions.
Example Requests Enabling the virtual MFA device whose serial number is iam::accountid:mfa:name and associating it with IAM user xxx POST https://{endpoint}/v5/mfa-devices/enable { "user_id" : "xxx", "serial_number" : "iam::accountid:mfa:name", "authentication_code_first" :
