检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Supported: IAM projects Supported: Enterprise projects GET /v3/{project_id}/storage-type?
IAM project name, project id and project name should not be empty at same time --sk string IAM secret access key --token-only Return token only for other tool integration --user-name string IAM user name.
Mandatory for MRS, GaussDB(DWS), and DLI permission management iam:users:listUsers iam:groups:listGroups iam:users:listUsersForGroup iam:roles:createRole iam:roles:deleteRole iam:roles:updateRole iam:permissions:grantRoleToGroup iam:permissions:listRoleAssignments iam:permissions:
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
Mandatory for MRS, GaussDB(DWS), and DLI permission management iam:users:listUsers iam:groups:listGroups iam:users:listUsersForGroup iam:roles:createRole iam:roles:deleteRole iam:roles:updateRole iam:permissions:grantRoleToGroup iam:permissions:listRoleAssignments iam:permissions:
IAM project: The name of an IAM project or region. If you select IAM project and enter a project name, the IAM project view is displayed. Parent topic: Permissions Management
and custom identity policies: "iam:policies:createV5", "iam:policies:listV5", "iam:groups:attachPolicyV5", "iam:groups:detachPolicyV5", "iam:policies:deleteV5", "iam:policies:listVersionsV5", "iam:policies:createVersionV5", "iam:policies:deleteVersionV5" Precautions By default,
Rule Logic If an IAM user does not have an access key, the IAM user is compliant. If an IAM user is disabled, the IAM user is compliant. If an IAM user is in the enabled state, and its access key has been rotated within the specified period, this user is compliant.
Handling Suspected Access Key Leakage for an IAM User Scenario 1: If the access key has not been used, disable and delete the access key of the IAM user on the IAM console. If you do not have the permission, contact an administrator who has the required IAM permissions.
Creating a HUAWEI ID and Enabling Huawei Cloud Services IAM user Optional.
Solution Event Scenario Solution An IAM user attempts to purchase resources. An IAM user attempts to change resources. Add the IAM user to the admin user group. Add the IAM user to the group having the EdgeSec_FullAccess Permission.
Operation Constraints Table 3 Operation constraints Scenario Item Description Creating IAM users IAM users that can be created at a time A maximum of 10 users can be created at a time. IAM username A new username must be different from existing IAM usernames.
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
For details about how to create an IAM user, see Creating an IAM User.
The system establishes identity federation with IAM Identity Center, eliminating the need for separate federation with each account's IAM system. Related cloud services and tools IAM Identity Center IAM OneAccess Parent topic: SEC02 Identity Authentication
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
If your account does not require individual IAM users for permissions management, skip this section. IAM is a free service of Huawei Cloud. You only pay for the resources in your account. For more information about IAM, see What Is IAM?
access-analyzer-verified If an IAM policy allows any blocked actions on KMS keys, this policy is noncompliant. iam-group-has-users-check iam If an IAM user group has no user, this user group is noncompliant. iam-password-policy iam If the password of an IAM user does not meet the
