检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
After creating IAM user groups for employees, you can create enterprise projects on the Enterprise Management console and grant permissions to the user groups in the enterprise projects to implement personnel authorization and permission control.
Instance Management Listing Instances Querying the Region Where a Service Instance Is Enabled Obtaining Identity Source Configurations Selecting a Region for Enabling a Service Instance Querying Service Instance Status Enabling an IAM Identity Center Instance Deleting a Service Instance
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling.
Restrictions To obtain the bucket tags, you must be the bucket owner or have the required permission (obs:bucket:GetBucketTagging in IAM or GetBucketTagging in a bucket policy).
Table 6 SignInOptionsDto Parameter Type Description origin String Method of redirecting to an application from IAM Identity Center. application_url String URL for receiving application authentication requests.
Alarm Description When Guardian calls an IAM API to obtain the temporary AK/SK, it needs to first obtain related metadata via the ECS Metadata API. This alarm is generated when Guardian fails to call the Metadata API.
Maximum length: 2048 Table 3 Parameters in the request body Parameter Mandatory Type Description managed_role_id Yes String Unique ID of the IAM system-defined policy.
URI GET /v1/instances/{instance_id}/mfa-devices/management-settings Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance.
URI POST /v1/instances/{instance_id}/mfa-devices/management-settings Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance.
URI POST /v1/instances/{instance_id}/disassociate-profile Table 1 Path parameters Parameter Mandatory Type Description instance_id Yes String Globally unique ID of an IAM Identity Center instance.
Preparing a Huawei Account Before using MgC, prepare a HUAWEI ID or an IAM user that can access MgC and obtain an AK/SK pair for the account or IAM user. For more information, see Preparations.
Parent topic: IAM User SSO via SAML
Error information: httpcode=401,code=APIGW.0301,Msg=Incorrect IAM authentication information: current ip:xx.xx.xx.xx refused Possible Causes Access control is configured in IAM. By default, IAM allows access from any IP addresses.
In IAM, the administrator sets Access Type to Programmatic access.
The token obtained from Identity and Access Management (IAM) is valid for only 24 hours. If you want to use a token for authentication, you can cache it to avoid frequently calling the IAM API.
Solution Contact the administrator (account to which the IAM user belongs) to add the SMN access permission. To add the permission, do as follows: Log in to IAM as the administrator, and add the SMN access permission to the IAM user.
You can search for cbc_customerorgagent on the Identity and Access Management (IAM) console. If the agency is displayed, go to 2. If there is no data available, the agency has been deleted.
Related Services IAM FRS uses Identity and Access Management (IAM) for authentication and authorization. OBS FRS allows users to read facial images from Object Storage Service (OBS).
Maximum length: 2048 Table 3 Parameters in the request body Parameter Mandatory Type Description managed_policy_id Yes String Unique ID of the IAM system-defined identity policy.
