Esta página ainda não está disponível no idioma selecionado. Estamos trabalhando para adicionar mais opções de idiomas. Agradecemos sua compreensão.
- What's New
- Function Overview
- Service Overview
- Billing
-
Getting Started
- Creating a Function from Scratch and Executing the Function
- Creating a Function Using a Template and Executing the Function
- Creating an HTTP Function Using a Container Image and Executing the Function
- Creating an Event Function Using a Container Image and Executing the Function
- Getting Started with Common Practices
-
User Guide
- Replacing the Temporary AK/SK
- Before You Start
- Building Functions
-
Configuring Functions
- Configuring Initialization
- Configuring Basic Settings
- Configuring Agency Permissions
- Configuring the Network
- Configuring Disk Mounting
- Configuring Environment Variables
- Configuring Asynchronous Execution Notification
- Configuring Single-Instance Multi-Concurrency
- Managing Versions
- Managing Aliases
- Configuring Dynamic Memory
- Configuring Heartbeat Function
- Configuring Tags
- Configuring Snapshot-based Cold Start
- Configuring a Log Group and Log Stream
- Shared VPC
- Online Debugging
-
Creating Triggers
- Managing Triggers
- Using a Timer Trigger
- Using an APIG (Dedicated) Trigger
- Using a Kafka Trigger
- Using a DIS Trigger
- Using an SMN Trigger
- Using an LTS Trigger
- Using a CTS Trigger
- Using a DDS Trigger
- Using a GeminiDB Mongo Trigger
- Using an APIG Trigger
- Using an APIC Trigger
- Using a DMS (for RabbitMQ) Trigger
- Using an Open-Source Kafka Trigger
- Cron Expressions for a Function Timer Trigger
- Using an EG Trigger
- Invoking the Function
- Monitoring
- Function Management
- Dependency Management
- Reserved Instance Management (Old)
- Reserved Instance Management
- Flow Management
- Increasing Resource Quota
- GPU Function Management
- Application Center
- Sharing
- Programmable CDN Function
- CLI Command Reference
- Audit
-
Best Practices
- FunctionGraph Best Practices
- Processing DIS Data
- Integrating with LTS to Analyze Logs in Real Time
- Integrating with CTS to Analyze Login/Logout Security
- Periodically Starting or Stopping Huawei Cloud ECSs
- Building an HTTP Function with Spring Boot
- Creating a FunctionGraph Backend API That Uses a Custom Authorizer
- Uploading Files with FunctionGraph and APIG
- Processing IoT Data
- Workflow + Function: Automatically Processing Data in OBS
- Filtering Logs in Real Time by Using FunctionGraph and LTS
- Building an HTTP Function with Go
- Using FunctionGraph HTTP Functions to Process gRPC Requests
- Cold Start Optimization Practices
-
Developer Guide
- Overview
- Initializer
- Node.js
- Python
- Java
- Go
- C#
- PHP
- Development Tools
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Examples
- Extension and OpenTelemetry APIs
-
APIs
- Function Invocation
- Function Quotas
- Dependencies
- Test Events
- Function Tracing
-
Function Lifecycle Management
- Querying Functions
- Creating a Function
- Deleting a Function or Function Version
- Querying the Code of a Function
- Modifying the Code of a Function
- Querying the Metadata of a Function
- Modifying the Metadata of a Function
- Updating Max. Instances of a Function
- Querying Function Tags
- Enabling or Disabling the Snapshot Function
- Querying ServiceBridge Functions Bound to a Specified Function
- Querying Snapshot Status
- Querying Resource Tags
- Querying Resources
- Deleting Resource Tags
- Creating Resource Tags
- Creating a VPC Endpoint
- Deleting a VPC Endpoint
- Updating the Pinning Status of a Function
- Querying the Available ServiceBridge Version
- Versions and Aliases
- Function Metrics
- Function Logs
- Function Templates
- Reserved Instances
- Function Import and Export
- Function Triggers
-
Function Flows
- Executing a Flow Synchronously
- Executing a Flow Asynchronously
- Deleting Flows
- Querying a Flow
- Creating a Flow
- Querying Instances of a Flow
- Querying a Flow Instance
- Querying Metadata of a Flow Instance
- Modifying Metadata of a Flow Instance
- Querying Flow Metrics
- Querying Metrics of a Flow
- Re-executing a Flow
- Stopping a Flow
- Querying Records of a Flow in Pagination Mode
- Calling Back a Flow
-
Asynchronous Execution Notification
- Querying Asynchronous Execution Notification Settings of a Function Version
- Deleting Asynchronous Execution Notification Settings
- Configuring Asynchronous Execution Notification
- Querying Asynchronous Execution Notification Settings of a Function's All Versions
- Querying Asynchronous Invocation Requests
- Querying Active Asynchronous Invocation Requests
- Stopping an Asynchronous Invocation Request
- Permissions Policies and Supported Actions
- Appendix
- Change History
- SDK Reference
-
FAQs
-
General FAQs
- What Is FunctionGraph?
- Do I Need to Apply for Any Compute, Storage, or Network Services When Using FunctionGraph?
- Do I Need to Deploy My Code After Programming?
- How Do I Obtain a Token?
- What Runtimes Does FunctionGraph Support?
- How Much Disk Space Is Allocated to Each FunctionGraph Function?
- Does FunctionGraph Support Function Versioning?
- How Does a Function Read or Write Files?
- How Do I Set a Proxy When Using CLI?
- Does FunctionGraph Support Function Extension?
- Which Permissions Are Required for an IAM User to Use FunctionGraph?
- How Can I Create an ODBC Drive-based Python Dependency Package for Database Query?
- What Is the Quota of FunctionGraph?
- What Chinese Fonts Does FunctionGraph Support?
- How Does FunctionGraph Resolve a Private DNS Domain Name?
- How Does a Container Image–based Function Resolve a Private DNS Domain Name?
- How Do I Use a Domain Name to Access an API Registered with API Gateway (Dedicated)?
- What Are the Common Application Scenarios of FunctionGraph?
- Why Can't the API Gateway Domain Name Bound to a Service Be Resolved During Function Invocation?
- Does FunctionGraph Support Synchronous Transmission at the Maximum Intranet Bandwidth?
- What If the VPC Quota Is Used Up?
- How Can I Print Info, Error, or Warn Logs?
- Can I Set the Domain Name of an API to My Own Domain Name?
- Can I Change the Runtime?
- Can I Change a Function's Name?
- Why Is Message "failed to mount exist system path" Displayed?
- How Do I Obtain Uploaded Files?
- Why Can't I Receive Responses for Synchronous Invocation?
- What Should I Do If the os.system("command &") Execution Logs Are Not Collected?
- Which Directories Can Be Accessed When a Custom Runtime Is Used?
- Which Minor Versions of Python 3.6 and 3.9 Are Supported?
- Which Actions Can Be Used Instead of a VPC Administrator Agency for VPC Access?
- What Are the Possible Causes for Function Timeout?
- How Do I Obtain the Code of a Function?
- Do You Have Sample Code for Initializers?
- How Do I Enable Structured Log Query?
- Can I Enable a Listening Port in a Function to Receive External TCP Requests via EIP?
- Does FunctionGraph Support Domain Name Resolution?
- How Do I Obtain the Source IP Address of an HTTP Request Initiated by a Function?
- Function Creation FAQs
-
Trigger Management FAQs
- What Events Can Trigger a FunctionGraph Function?
- What If Error Code 500 Is Reported When Functions that Use APIG Triggers Return Strings?
- What Do LATEST and TRIM_HORIZON Mean in DIS Trigger Configuration?
- How Do I Use an APIG Trigger to Invoke a Function?
- How Does a Function Obtain the Request Path or Parameters When Using an APIG Trigger?
- Can I Configure a Kafka Trigger in a Different Subnet from My Function?
-
Dependency Management FAQs
- What Is a Dependency?
- When Do I Need a Dependency?
- What Are the Precautions for Using a Dependency?
- What Dependencies Does FunctionGraph Support?
- Does FunctionGraph Support Class Libraries?
- How Do I Use Third-Party Dependencies on FunctionGraph?
- How Do I Create Function Dependencies?
- How Do I Create a Dependency on the FunctionGraph Console?
- How Do I Add a Dependency to a Function?
-
Function Execution FAQs
- How Long Does It Take to Execute a FunctionGraph Function?
- Which Steps Are Included in Function Execution?
- How Does FunctionGraph Process Concurrent Requests?
- What If Function Instances Have Not Been Executed for a Long Time?
- How Can I Speed Up Initial Access to a Function?
- How Do I Know the Actual Memory Used for Function Execution?
- Why Is My First Request Slow?
- What Do I Do If an Error Occurs When Calling an API?
- How Do I Read the Request Header of a Function?
- Can the Synchronous Execution Interface Be Invoked on a Private Network?
- Why Does a Function Use More Memory Than Estimated and Even Trigger the Out of Memory Alarm?
- How Do I Check the Memory Usage When Seeing "runtime memory limit exceeded"?
- How Do I Troubleshoot "CrashLoopBackOff"?
- After I Updated an Image with the Same Name, Reserved Instances Still Use the Old Image. What Can I Do?
- Function Configuration FAQs
- External Resource Access FAQs
-
Other FAQs
- How Do I View the Alarm Rules Configured for a Function?
- Does FunctionGraph Support ZIP Decompiling During Video Transcoding?
- Will Resources Created During FunctionGraph 2.0 OBT Be Automatically Released When They Expire? Will Them Be Billed?
- What Is an App in FunctionGraph?
- Do I Need to Pay for Cold Start Time?
- Why Am I Seeing a Message Indicating that My Account Was Suspended When Creating a Function?
- Will the Requests of All My Functions in Different Regions Be Billed?
- Migration from FunctionGraph V1 to V2
-
General FAQs
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Before You Start
- Building Functions
-
Configuring Functions
- Configuring Initialization
- Configuring Basic Settings
- Configuring Agency Permissions
- Configuring the Network
- Configuring Disk Mounting
- Configuring Environment Variables
- Configuring Asynchronous Execution Notification
- Configuring Single-Instance Multi-Concurrency
- Managing Versions
- Managing Aliases
- Configuring Dynamic Memory
- Configuring Heartbeat Function
- Online Debugging
- Creating Triggers
- Invoking the Function
- Monitoring
- Function Management
- Dependency Management
- Reserved Instance Management
- Increasing Resource Quota
- Audit
-
FAQs
-
General FAQs
- What Is FunctionGraph?
- Do I Need to Apply for Any Compute, Storage, or Network Services When Using FunctionGraph?
- Do I Need to Deploy My Code After Programming?
- What Runtimes Does FunctionGraph Support?
- How Much Disk Space Is Allocated to Each FunctionGraph Function?
- Does FunctionGraph Support Function Versioning?
- How Does a Function Read or Write Files?
- Does FunctionGraph Support Function Extension?
- Which Permissions Are Required for an IAM User to Use FunctionGraph?
- How Can I Create an ODBC Drive-based Python Dependency Package for Database Query?
- What Is the Quota of FunctionGraph?
- How Does FunctionGraph Resolve a Private DNS Domain Name?
- How Does a Container Image–based Function Resolve a Private DNS Domain Name?
- How Do I Use a Domain Name to Access an API Registered with API Gateway (Dedicated)?
- What Are the Common Application Scenarios of FunctionGraph?
- Why Can't the API Gateway Domain Name Bound to a Service Be Resolved During Function Invocation?
- Does FunctionGraph Support Synchronous Transmission at the Maximum Intranet Bandwidth?
- What If the VPC Quota Is Used Up?
- How Can I Print Info, Error, or Warn Logs?
- Can I Set the Domain Name of an API to My Own Domain Name?
- Can I Change the Runtime?
- Can I Change a Function's Name?
- Why Is Message "failed to mount exist system path" Displayed?
- How Do I Obtain Uploaded Files?
- Why Can't I Receive Responses for Synchronous Invocation?
- What Should I Do If the os.system("command &") Execution Logs Are Not Collected?
- Which Directories Can Be Accessed When a Custom Runtime Is Used?
- Which Minor Versions of Python 3.6 and 3.9 Are Supported?
- Which Actions Can Be Used Instead of a VPC Administrator Agency for VPC Access?
- What Are the Possible Causes for Function Timeout?
- How Do I Obtain the Code of a Function?
- Do You Have Sample Code for Initializers?
- How Do I Enable Structured Log Query?
- Can I Enable a Listening Port in a Function to Receive External TCP Requests via EIP?
- Function Creation FAQs
-
Trigger Management FAQs
- What Events Can Trigger a FunctionGraph Function?
- What If Error Code 500 Is Reported When Functions that Use APIG Triggers Return Strings?
- What Do LATEST and TRIM_HORIZON Mean in DIS Trigger Configuration?
- Why Can't I Enable or Disable OBS Triggers by Calling APIs?
- How Do I Use an APIG Trigger to Invoke a Function?
- How Does a Function Obtain the Request Path or Parameters When Using an APIG Trigger?
- Can I Create an OBS Trigger with an Existing Bucket?
-
Dependency Management FAQs
- What Is a Dependency?
- When Do I Need a Dependency?
- What Are the Precautions for Using a Dependency?
- What Dependencies Does FunctionGraph Support?
- Does FunctionGraph Support Class Libraries?
- How Do I Use Third-Party Dependencies on FunctionGraph?
- How Do I Create Function Dependencies?
- How Do I Create a Dependency on the FunctionGraph Console?
- How Do I Add a Dependency to a Function?
-
Function Execution FAQs
- How Long Does It Take to Execute a FunctionGraph Function?
- Which Steps Are Included in Function Execution?
- How Does FunctionGraph Process Concurrent Requests?
- What If Function Instances Have Not Been Executed for a Long Time?
- How Can I Speed Up Initial Access to a Function?
- How Do I Know the Actual Memory Used for Function Execution?
- Why Is My First Request Slow?
- What Do I Do If an Error Occurs When Calling an API?
- How Do I Read the Request Header of a Function?
- Why Does a Function Use More Memory Than Estimated and Even Trigger the Out of Memory Alarm?
- How Do I Check the Memory Usage When Seeing "runtime memory limit exceeded"?
- How Do I Troubleshoot "CrashLoopBackOff"?
- After I Updated an Image with the Same Name, Reserved Instances Still Use the Old Image. What Can I Do?
- Function Configuration FAQs
- External Resource Access FAQs
- Other FAQs
-
General FAQs
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
- Function Model Definition
-
Function Management Zone APIs
- Querying a Function List
- Querying the Metadata of a Function
- Querying the Code of a Function
- Creating a Function
- Deleting a Function or Function Version
- Modifying the Code of a Function
- Modifying the Metadata of a Function
- Publishing a Function Version
- Querying the Versions of a Function
- Creating an Alias for a Function Version
- Modifying the Alias Information About a Function Version
- Deleting an Alias of a Function Version
- Querying the Alias Information About a Function Version
- Querying the Version Alias List of a Function
- Querying All Triggers of a Function
- Querying the Information About a Trigger
- Deleting All Triggers of a Function
- Creating a Trigger
- Deleting a Trigger
- Function Data Zone APIs
- Permissions Policies and Supported Actions
- Appendix
- Change History
- Developer Guide (ME-Abu Dhabi Region)
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
- Before You Start
- Building Functions
-
Configuring Functions
- Configuring Initialization
- Configuring Basic Settings
- Configuring Agency Permissions
- Configuring the Network
- Configuring Disk Mounting
- Configuring Environment Variables
- Configuring Asynchronous Execution Notification
- Configuring Single-Instance Multi-Concurrency
- Managing Versions
- Managing Aliases
- Configuring Dynamic Memory
- Online Debugging
- Creating Triggers
- Invoking the Function
- Monitoring
- Function Management
- Dependency Management
- Reserved Instance Management
- Audit
-
FAQs
-
General FAQs
- What Is FunctionGraph?
- Do I Need to Apply for Any Compute, Storage, or Network Services When Using FunctionGraph?
- Do I Need to Deploy My Code After Programming?
- What Runtimes Does FunctionGraph Support?
- How Much Disk Space Is Allocated to Each FunctionGraph Function?
- Does FunctionGraph Support Function Versioning?
- How Does a Function Read or Write Files?
- Does FunctionGraph Support Function Extension?
- Which Permissions Are Required for an IAM User to Use FunctionGraph?
- How Can I Create an ODBC Drive-based Python Dependency Package for Database Query?
- What Is the Quota of FunctionGraph?
- How Does a Container Image–based Function Resolve a Private DNS Domain Name?
- How Do I Use a Domain Name to Access an API Registered with API Gateway (Dedicated)?
- What Are the Common Application Scenarios of FunctionGraph?
- Why Can't the API Gateway Domain Name Bound to a Service Be Resolved During Function Invocation?
- Does FunctionGraph Support Synchronous Transmission at the Maximum Intranet Bandwidth?
- What If the VPC Quota Is Used Up?
- How Can I Print Info, Error, or Warn Logs?
- Can I Set the Domain Name of an API to My Own Domain Name?
- Can I Change the Runtime?
- Can I Change a Function's Name?
- Why Is Message "failed to mount exist system path" Displayed?
- How Do I Obtain Uploaded Files?
- Why Can't I Receive Responses for Synchronous Invocation?
- What Should I Do If the os.system("command &") Execution Logs Are Not Collected?
- Which Directories Can Be Accessed When a Custom Runtime Is Used?
- Which Minor Versions of Python 3.6 and 3.9 Are Supported?
- Which Actions Can Be Used Instead of a VPC Administrator Agency for VPC Access?
- What Are the Possible Causes for Function Timeout?
- How Do I Obtain the Code of a Function?
- Do You Have Sample Code for Initializers?
- How Do I Enable Structured Log Query?
- Can I Enable a Listening Port in a Function to Receive External TCP Requests via EIP?
- Function Creation FAQs
-
Trigger Management FAQs
- What If Error Code 500 Is Reported When Functions that Use APIG Triggers Return Strings?
- What Do LATEST and TRIM_HORIZON Mean in DIS Trigger Configuration?
- Why Can't I Enable or Disable OBS Triggers by Calling APIs?
- How Do I Use an APIG Trigger to Invoke a Function?
- How Does a Function Obtain the Request Path or Parameters When Using an APIG Trigger?
- Can I Create an OBS Trigger with an Existing Bucket?
-
Dependency Management FAQs
- What Is a Dependency?
- When Do I Need a Dependency?
- What Are the Precautions for Using a Dependency?
- What Dependencies Does FunctionGraph Support?
- Does FunctionGraph Support Class Libraries?
- How Do I Use Third-Party Dependencies on FunctionGraph?
- How Do I Create Function Dependencies?
- How Do I Create a Dependency on the FunctionGraph Console?
- How Do I Add a Dependency to a Function?
-
Function Execution FAQs
- How Long Does It Take to Execute a FunctionGraph Function?
- Which Steps Are Included in Function Execution?
- How Does FunctionGraph Process Concurrent Requests?
- What If Function Instances Have Not Been Executed for a Long Time?
- How Can I Speed Up Initial Access to a Function?
- How Do I Know the Actual Memory Used for Function Execution?
- Why Is My First Request Slow?
- What Do I Do If an Error Occurs When Calling an API?
- How Do I Read the Request Header of a Function?
- Why Does a Function Use More Memory Than Estimated and Even Trigger the Out of Memory Alarm?
- How Do I Check the Memory Usage When Seeing "runtime memory limit exceeded"?
- How Do I Troubleshoot "CrashLoopBackOff"?
- After I Updated an Image with the Same Name, Reserved Instances Still Use the Old Image. What Can I Do?
- Function Configuration FAQs
- External Resource Access FAQs
- Other FAQs
-
General FAQs
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
- Examples
-
APIs
- Function Invocation
- Function Quotas
- Dependencies
- Test Events
- Function Tracing
-
Function Lifecycle Management
- Querying Functions
- Creating a Function
- Deleting a Function or Function Version
- Querying the Code of a Function
- Modifying the Code of a Function
- Querying the Metadata of a Function
- Modifying the Metadata of a Function
- Updating Max. Instances of a Function
- Enabling or Disabling the Snapshot Function
- Querying Snapshot Status
- Querying Resource Tags
- Querying Resources
- Deleting Resource Tags
- Creating Resource Tags
- Creating a VPC Endpoint
- Deleting a VPC Endpoint
- Versions and Aliases
- Function Metrics
- Function Logs
- Reserved Instances
- Function Import and Export
- Function Triggers
-
Asynchronous Execution Notification
- Querying Asynchronous Execution Notification Settings of a Function Version
- Deleting Asynchronous Execution Notification Settings
- Configuring Asynchronous Execution Notification
- Querying Asynchronous Execution Notification Settings of a Function's All Versions
- Querying Asynchronous Invocation Requests
- Stopping an Asynchronous Invocation Request
- Appendix
- Developer Guide (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- Videos
- General Reference
Copied.
Configuring Agency Permissions
Overview
FunctionGraph works with other cloud services in most scenarios. Create a cloud service agency so that FunctionGraph can perform resource O&M in other cloud services on your behalf.
Scenario
Before using FunctionGraph in the following scenarios, create an agency. Adjust the permissions granted to the agency to meet your service requirements. For example, grant the Admin permission in the development phase, and change it to the fine-grained minimum permission in the product environment. This ensures the required permissions while eliminating risks. Select the required action by referring to Table 1.
Scenario |
Admin Permission |
Fine-Grained Minimum Permission |
Description |
---|---|---|---|
Using a custom image |
SWR Administrator |
Unavailable |
SWR Admin: administrator who has all permissions for the Software Repository for Container (SWR) service. For details about how to create a custom image, see Deploying a Function Using a Container Image. |
Mounting an SFS Turbo file system |
SFS Turbo ReadOnlyAccess |
sfsturbo:shares:getShare (Query details about a file system) sfsturbo:shares:showFsDir (Check whether a directory exists) |
SFS Turbo ReadOnlyAccess: read-only permissions for SFS Turbo. sfsturbo:shares:getShare: permission for querying a file system in SFS. sfsturbo:shares:showFsDir: permission for checking whether a directory exists in SFS. For details about how to mount an SFS Turbo file system, see Mounting an SFS Turbo File System. |
Mounting an ECS shared directory |
ECS ReadOnlyAccess |
ecs:cloudServers:get (Query details about an ECS) |
ECS ReadOnlyAccess: read-only permissions for ECS. ecs:cloudServers:get: permission for querying an ECS. For details about how to mount an ECS shared directory, see Mounting an ECS Shared Directory. |
Configuring a reserved instance policy |
AOM ReadOnlyAccess |
aom:metric:get (Query a metric) aom:metric:list (Query metric list) |
AOM ReadOnlyAccess: read-only permissions for AOM. aom:metric:get: permissions for querying a metric in AOM. aom:metric:list: permissions for querying metric list in AOM. |
Using a DIS trigger |
DIS Administrator |
Unavailable |
Administrator who has all permissions for the DIS service. For details about how to create a DIS trigger, see Using a DIS Trigger. |
Using a DMS trigger |
DMS ReadOnlyAccess |
dms:instance:get (Query instance details) |
DMS ReadOnlyAccess: read-only permissions for DMS. dms:instance:get: permissions for querying instance details in DMS. |
Configuring cross-domain VPC access |
VPC Administrator |
vpc:ports:get (Query a port) vpc:ports:create (Create a port) vpc:vpcs:get (Query a VPC) vpc:subnets:get (Query a subnet) vpc:vips:delete (Unbind a virtual IP address from a VM) vpc:securityGroups:get (Query security groups or details about a security group) |
Users with the VPC Administrator permissions can perform any operations on all cloud resources of the VPC. To configure cross-VPC access, specify an agency with VPC management permissions. Fine-grained minimum permission for VPC: permissions for unbinding a virtual IP address from a VM, querying a port, creating a port, querying a VPC, querying a subnet, and querying security groups or details about a security group. For details about how to configure cross-domain VPC access, see Configuring the Network. |
DNS Resolution |
DNS ReadOnlyAccess |
dns:recordset:get (Query a record set) dns:zone:get (Query a tenant zone) dns:recordset:list (Query record set list) dns:zone:list (Query the zone list) |
DNS ReadOnlyAccess: user with the permissions only to view DNS resources. To call a DNS API to resolve private domain names, specify an agency with the permissions to read DNS resources. Fine-grained minimum permission for DNS: permission for querying record sets or querying tenant zone list in DNS. For details about how to call the DNS API to resolve private domain names, see How Does FunctionGraph Resolve a Private DNS Domain Name? |
Configuring asynchronous notification |
If the target service is OBS: OBS Administrator |
obs:bucket:HeadBucket (Obtain bucket metadata) obs:bucket:CreateBucket (Create a bucket) obs:object:PutObject (Upload objects using PUT method, upload objects using POST method, copy objects, append an object, initialize a multipart task, upload parts, and merge parts) |
OBS Administrator: administrator who has all permissions for OBS. Fine-grained minimum permission for OBS: permissions for obtaining bucket metadata, creating a bucket, uploading objects using POST method, copying objects, appending an object, initializing a multipart task, uploading parts, and merging parts. For details about how to configure asynchronous notification, see Configuring Asynchronous Execution Notification. |
If the target service is SMN: SMN Administrator |
smn:topic:publish (Publish a message) smn:topic:list (Query the topic list) |
SMN Administrator: administrator who has all permissions for SMN. Fine-grained minimum permission for using SMN: permissions for publishing a message and querying the topic list. For details about how to configure asynchronous notification, see Configuring Asynchronous Execution Notification. |
|
If the target service is DIS: DIS Administrator |
Unavailable |
DIS Administrator: administrator who has all permissions for DIS. For details about how to configure asynchronous notification, see Configuring Asynchronous Execution Notification. |
Creating an Agency
In the following example, the VPC Administrator permission is assigned to FunctionGraph and this setting takes effect only in the authorized regions.
Create an agency by referring to Creating an Agency and set parameters as follows:
- Log in to the IAM console.
- On the IAM console, choose Agencies from the navigation pane, and click Create Agency in the upper right corner.
Figure 1 Creating an agency
- Configure the agency.
Figure 2 Setting basic information
- For Agency Name, enter serverless-trust.
- For Agency Type, select Cloud service.
- For Cloud Service, select FunctionGraph.
- For Validity Period, select Unlimited.
- Description: Enter the description.
- Click Next. On the displayed page, search for the permissions to be added in the search box on the right and select the permissions. The VPC Administrator permission is used as an example.
Figure 3 Selecting policies
Table 2 Example of agency permissions Policy Name
Scenario
VPC Administrator
VPC administrator
- Click Next and select the scope, for example, Region-specific project.
Figure 4 Selecting the required permissions
If the default policies do not meet your requirements, you can create custom policies in the visual editor or JSON view, and attach custom policies to user groups for refined access control. For details, see Creating Custom Policies.
Configuring an Agency
- In the left navigation pane of the management console, choose Compute > FunctionGraph. On the FunctionGraph console, choose Functions > Function List from the navigation pane.
- Click the function to be configured to go to the function details page.
- Choose Configuration > Permissions, click Create Agency, and set an agency based on site requirements by referring to 2–5.
Table 3 Agency configuration parameters Parameter
Description
Configuration Agency
Select a function that you have created.
Execution Agency
Mandatory if you select Specify an exclusive agency for function execution.
NOTE:
- To ensure optimal performance, select Specify an exclusive agency for function execution and set different agencies for function configuration and execution. You can also use no agency or specify the same agency for both purposes. Figure 5 shows the agency options.
- Configuration Agency: For example, to create Data Ingestion Service (DIS) triggers, first specify an agency with DIS permissions. If such an agency is not specified or the specified agency does not exist, no DIS triggers can be created.
- Execution Agency: This type of agency enables you to obtain a token and AK/SK from the context in the function handler for accessing other cloud services.
- Click Save.
Modifying an Agency
Modifying an agency: You can modify the permissions, validity period, and description of an agency on the IAM console.
- After an agency is modified, it takes about 10 minutes for the modification (for example, context.getToken) to take effect.
- The agency information obtained using the context method is valid for 24 hours. Refresh it before it expires.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot