Questo contenuto non è disponibile nella lingua selezionata.
Chapter 5. Ceph Object Gateway and the IAM API
The Ceph Object Gateway supports RESTful management of account users, roles, and associated policies. This REST API is served by the same HTTP endpoint as the Ceph Object Gateway S3 API.
By default, only Account Root Users are authorized to use the IAM API, and can only see the resources under their own account. The account root user can use policies to delegate these permissions to other users or roles in the account.
5.1. Feature support
The following tables describe the currently supported IAM actions.
Action | Remarks |
---|---|
CreateUser | |
GetUser | |
UpdateUser | |
DeleteUser | |
ListUsers | |
CreateAccessKey | |
UpdateAccessKey | |
DeleteAccessKey | |
ListAccessKeys | |
PutUserPolicy | |
GetUserPolicy | |
DeleteUserPolicy | |
ListUserPolicies | |
AttachUserPolicies | |
DetachUserPolicy | |
ListAttachedUserPolicies |
Action | Remarks |
---|---|
CreateGroup | |
GetGroup | |
UpdateGroup | |
DeleteGroup | |
ListGroups | |
AddUserToGroup | |
RemoveUserFromGroup | |
ListGroupsForUser | |
PutGroupPolicy | |
GetGroupPolicy | |
DeleteGroupPolicy | |
ListGroupPolicies | |
AttachGroupPolicies | |
DetachGroupPolicy | |
ListAttachedGroupPolicies |
CreateRole | |
---|---|
GetRole | |
UpdateRole | |
UpdateAssumeRolePolicy | |
DeleteRole | |
ListRoles | |
TagRole | |
UntagRole | |
ListRoleTags | |
PutRolePolicy | |
GetRolePolicy | |
DeleteRolePolicy | |
ListRolePolicies | |
AttachRolePolicies | |
DetachRolePolicy | |
ListAttachedRolePolicies |
CreateOpenIDConnectProvider | |
---|---|
GetOpenIDConnectProvider | |
DeleteOpenIDConnectProvider | |
ListOpenIDConnectProviders |
5.2. Managed policies
The following managed policies are available for use with AttachGroupPolicy
, AttachRolePolicy
, and AttachUserPolicy
.
IAMFullAccess
- Arn
-
arn:aws:iam::aws:policy/IAMFullAccess
- Version
- v2 (default)
IAMReadOnlyAccess
- Arn
-
arn:aws:iam::aws:policy/IAMReadOnlyAccess
- Version
- v4 (default)
AmazonSNSFullAccess
- Arn
-
arn:aws:iam::aws:policy/AmazonSNSFullAccess
- Version
- v1 (default)
AmazonSNSReadOnlyAccess
- Arn
-
arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess
- Version
- v1 (default)
AmazonS3FullAccess
- Arn
-
arn:aws:iam::aws:policy/AmazonS3FullAccess
- Version
- v2 (default)
AmazonS3ReadOnlyAccess
- Arn
-
arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
- Version
- v3 (default)