Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 5. Ceph Object Gateway and the IAM API
The Ceph Object Gateway supports RESTful management of account users, roles, and associated policies. This REST API is served by the same HTTP endpoint as the Ceph Object Gateway S3 API.
By default, only Account Root Users are authorized to use the IAM API, and can only see the resources under their own account. The account root user can use policies to delegate these permissions to other users or roles in the account.
5.1. Feature support
The following tables describe the currently supported IAM actions.
| Action | Remarks |
|---|---|
| CreateUser | |
| GetUser | |
| UpdateUser | |
| DeleteUser | |
| ListUsers | |
| CreateAccessKey | |
| UpdateAccessKey | |
| DeleteAccessKey | |
| ListAccessKeys | |
| PutUserPolicy | |
| GetUserPolicy | |
| DeleteUserPolicy | |
| ListUserPolicies | |
| AttachUserPolicies | |
| DetachUserPolicy | |
| ListAttachedUserPolicies |
| Action | Remarks |
|---|---|
| CreateGroup | |
| GetGroup | |
| UpdateGroup | |
| DeleteGroup | |
| ListGroups | |
| AddUserToGroup | |
| RemoveUserFromGroup | |
| ListGroupsForUser | |
| PutGroupPolicy | |
| GetGroupPolicy | |
| DeleteGroupPolicy | |
| ListGroupPolicies | |
| AttachGroupPolicies | |
| DetachGroupPolicy | |
| ListAttachedGroupPolicies |
| CreateRole | |
|---|---|
| GetRole | |
| UpdateRole | |
| UpdateAssumeRolePolicy | |
| DeleteRole | |
| ListRoles | |
| TagRole | |
| UntagRole | |
| ListRoleTags | |
| PutRolePolicy | |
| GetRolePolicy | |
| DeleteRolePolicy | |
| ListRolePolicies | |
| AttachRolePolicies | |
| DetachRolePolicy | |
| ListAttachedRolePolicies |
| CreateOpenIDConnectProvider | |
|---|---|
| GetOpenIDConnectProvider | |
| DeleteOpenIDConnectProvider | |
| ListOpenIDConnectProviders |
5.2. Managed policies
The following managed policies are available for use with AttachGroupPolicy, AttachRolePolicy, and AttachUserPolicy.
IAMFullAccess- Arn
-
arn:aws:iam::aws:policy/IAMFullAccess - Version
- v2 (default)
IAMReadOnlyAccess- Arn
-
arn:aws:iam::aws:policy/IAMReadOnlyAccess - Version
- v4 (default)
AmazonSNSFullAccess- Arn
-
arn:aws:iam::aws:policy/AmazonSNSFullAccess - Version
- v1 (default)
AmazonSNSReadOnlyAccess- Arn
-
arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess - Version
- v1 (default)
AmazonS3FullAccess- Arn
-
arn:aws:iam::aws:policy/AmazonS3FullAccess - Version
- v2 (default)
AmazonS3ReadOnlyAccess- Arn
-
arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess - Version
- v3 (default)
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}