Before You Start
Overview
Welcome to Identity and Access Management (IAM). IAM provides identity authentication, permissions management, and access control. With IAM, you can create and manage users and grant them permissions to allow or deny their access to cloud resources.
IAM supports the console access and programmatic access (API access). This document describes how to use APIs to perform operations on IAM, such as creating users and user groups, and obtaining tokens. If you intend to access IAM through APIs, ensure that you are familiar with IAM concepts. For details, see Service Overview.
API Calling
Welcome to Identity and Access Management (IAM). IAM provides identity authentication, permissions management, and access control. With IAM, you can create and manage users and grant them permissions to allow or deny their access to cloud resources.
IAM supports the console access and programmatic access (API access). This document describes how to use APIs to perform operations on IAM, such as creating users and user groups, and obtaining tokens. If you intend to access IAM through APIs, ensure that you are familiar with IAM concepts. For details, see Service Overview.
Endpoints
An endpoint is the request address for calling an API. Endpoints vary depending on services and regions. For the endpoint of each service, see Regions and Endpoints.
Table 1 lists IAM endpoints. IAM is a global service with all data stored in the Global service project. All APIs of IAM can be called using the endpoint of a global service. To facilitate access from region-specific services using APIs or the CLI, IAM provides some APIs for other regions except the Global region. You can use the endpoint of the region closest to you to call these APIs (learn about the Notes and Constraints).
|
Region Name |
Region ID |
Endpoint |
|---|---|---|
|
Global |
global |
iam.myhuaweicloud.com |
|
CN North-Beijing1 |
cn-north-1 |
iam.cn-north-1.myhuaweicloud.com |
|
CN North-Beijing2 |
cn-north-2 |
iam.cn-north-2.myhuaweicloud.com |
|
CN North-Beijing4 |
cn-north-4 |
iam.cn-north-4.myhuaweicloud.com |
|
CN East-Shanghai1 |
cn-east-3 |
iam.cn-east-3.myhuaweicloud.com |
|
CN East-Shanghai2 |
cn-east-2 |
iam.cn-east-2.myhuaweicloud.com |
|
CN South-Guangzhou |
cn-south-1 |
iam.cn-south-1.myhuaweicloud.com |
|
CN South-Shenzhen |
cn-south-2 |
iam.cn-south-2.myhuaweicloud.com |
|
CN Southwest-Guiyang1 |
cn-southwest-2 |
iam.cn-southwest-2.myhuaweicloud.com |
|
CN-Hong Kong |
ap-southeast-1 |
iam.ap-southeast-1.myhuaweicloud.com |
|
AP-Bangkok |
ap-southeast-2 |
iam.ap-southeast-2.myhuaweicloud.com |
|
AP-Singapore |
ap-southeast-3 |
iam.ap-southeast-3.myhuaweicloud.com |
|
AP-Jakarta |
ap-southeast-4 |
iam.ap-southeast-4.myhuaweicloud.com |
|
AF-Johannesburg |
af-south-1 |
iam.af-south-1.myhuaweicloud.com |
|
LA-Santiago |
la-south-2 |
iam.la-south-2.myhuaweicloud.com |
|
EU-Dublin |
eu-west-101 |
iam.myhuaweicloud.eu |
|
EU-Paris |
eu-west-0 |
iam.eu-west-0.myhuaweicloud.com |
|
TR-Istanbul |
tr-west-1 |
iam.tr-west-1.myhuaweicloud.com |
|
ME-Abu Dhabi-OP5 |
ae-ad-1 |
iam.ae-ad-1.myhuaweicloud.com |
|
AP-Kuala Lumpur-OP6 |
my-kualalumpur-1 |
iam.my-kualalumpur-1.myhuaweicloud.com |
URI Parameters
The following table lists a few API parameters and their names displayed on the console.
|
API Parameter |
Name Displayed on the Console |
How to Obtain on the Console |
|---|---|---|
|
domain |
Account |
|
|
domain_id or tenant_id |
Account ID |
|
|
domain_name |
Account name |
|
|
user |
IAM user |
|
|
user_id |
IAM user ID |
|
|
user_name |
IAM user name |
|
|
group |
User group |
|
|
group_id |
User group ID |
|
|
group_name |
User group name |
|
|
project |
Project |
|
|
project_id |
Project ID |
|
|
project_name |
Project Name |
|
|
agency |
Agency |
|
|
agency_id |
Agency ID |
|
|
agency_name |
Agency Name |
Basic Concepts
Common concepts used when you call APIs are described as follows:
- Account
An account is created upon successful registration with Huawei Cloud. The account has full access permissions for all of its cloud services and resources. It can be used to reset user passwords and grant user permissions. The account is a payment entity and should not be used directly to perform routine management. For security purposes, create IAM users and grant them permissions for routine management.
- IAM user
An IAM user is created by an account to use cloud services. Each IAM user has its own identity credentials (password or access keys).
An IAM user can view the account ID and IAM user ID on the My Credentials page of the console. The account name, username, and password will be required for API authentication.
- Region
Regions are divided based on geographical location and network latency. Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region. Regions are classified into universal regions and dedicated regions. A universal region provides universal cloud services for common tenants. A dedicated region provides specific services for specific tenants.
- AZ
An availability zone (AZ) comprises one or more physical data centers equipped with independent ventilation, fire, water, and electricity facilities. Compute, network, storage, and other resources in an AZ are logically divided into multiple clusters. AZs within a region are interconnected by optical fibers for high-availability networking.
- Project
Projects group and isolate resources (including compute, storage, and network resources) across physical regions. A default project is provided for each Huawei Cloud region, and subprojects can be created under each default project. Users can be granted permissions to access all resources in a specific project. If you need more refined access control, you can create subprojects under a default project and purchase resources in subprojects. Then you can grant users the permissions required to access only the resources in specific subprojects.
Figure 1 Project isolating model
- Enterprise Project
Enterprise projects allow you to group and manage resources across regions. Resources in enterprise projects are logically isolated from each other. An enterprise project can contain resources of multiple regions, and you can easily add resources to or remove resources from enterprise projects.
For details about how to obtain enterprise project IDs and features, see the Enterprise Management User Guide.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
