SupportConsoleDevelopersStart a trialContact

Chapter 5. Ceph Object Gateway and the IAM API

The Ceph Object Gateway supports RESTful management of account users, roles, and associated policies. This REST API is served by the same HTTP endpoint as the Ceph Object Gateway S3 API.

By default, only Account Root Users are authorized to use the IAM API, and can only see the resources under their own account. The account root user can use policies to delegate these permissions to other users or roles in the account.

5.1. Feature support

The following tables describe the currently supported IAM actions.

Table 5.1. Users
ActionRemarks

CreateUser

 

GetUser

 

UpdateUser

 

DeleteUser

 

ListUsers

 

CreateAccessKey

 

UpdateAccessKey

 

DeleteAccessKey

 

ListAccessKeys

 

PutUserPolicy

 

GetUserPolicy

 

DeleteUserPolicy

 

ListUserPolicies

 

AttachUserPolicies

 

DetachUserPolicy

 

ListAttachedUserPolicies

 
Table 5.2. Groups
ActionRemarks

CreateGroup

 

GetGroup

 

UpdateGroup

 

DeleteGroup

 

ListGroups

 

AddUserToGroup

 

RemoveUserFromGroup

 

ListGroupsForUser

 

PutGroupPolicy

 

GetGroupPolicy

 

DeleteGroupPolicy

 

ListGroupPolicies

 

AttachGroupPolicies

 

DetachGroupPolicy

 

ListAttachedGroupPolicies

 
Table 5.3. Roles
CreateRole 

GetRole

 

UpdateRole

 

UpdateAssumeRolePolicy

 

DeleteRole

 

ListRoles

 

TagRole

 

UntagRole

 

ListRoleTags

 

PutRolePolicy

 

GetRolePolicy

 

DeleteRolePolicy

 

ListRolePolicies

 

AttachRolePolicies

 

DetachRolePolicy

 

ListAttachedRolePolicies

 
Table 5.4. OpenIDConnectProvider
CreateOpenIDConnectProvider 

GetOpenIDConnectProvider

 

DeleteOpenIDConnectProvider

 

ListOpenIDConnectProviders

 

5.2. Managed policies

The following managed policies are available for use with AttachGroupPolicy, AttachRolePolicy, and AttachUserPolicy.

IAMFullAccess
Arn
arn:aws:iam::aws:policy/IAMFullAccess
Version
v2 (default)
IAMReadOnlyAccess
Arn
arn:aws:iam::aws:policy/IAMReadOnlyAccess
Version
v4 (default)
AmazonSNSFullAccess
Arn
arn:aws:iam::aws:policy/AmazonSNSFullAccess
Version
v1 (default)
AmazonSNSReadOnlyAccess
Arn
arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess
Version
v1 (default)
AmazonS3FullAccess
Arn
arn:aws:iam::aws:policy/AmazonS3FullAccess
Version
v2 (default)
AmazonS3ReadOnlyAccess
Arn
arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
Version
v3 (default)
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.