Explains how cloud user get access to the cloud account and lists the available operations for managing acces keys.
Oracle Enterprise Manager Ops Center uses a central Web service to manage cloud accounts and to authenticates incoming requests. A cloud user must provide an access key to perform any operations on the resources allocated to the user account.
Use either the cloud infrastructure API actions or the cloud infrastructure CLI command to perform these operations.
Describes the role of the access key and each of the key’s components.
An access key consists of an ID, a private key, a public key, and a target account. The private key is used on the client side to sign HTTP requests. The public key is stored in the server-side database. The Web service retrieves the public key to verify incoming HTTP requests and to authenticate the cloud user.
The cloud administrator creates the private key and gives it to the cloud user. A cloud administrator has the option to manage access keys on behalf of another cloud user.
A cloud user needs an access key to get access to an account and to authenticate all other HTTP requests for an account.
Lists the API action and CLI command for creating an access key.
When using the CLI to create an access key, the private key is provided to the user after the access key is created.
When using the API to create an access key, the cloud user supplies the public key and manages the private key.
In both cases, a unique access key identifier, such as AK_5, is supplied to the cloud user for direct use of the API. The cloud user is responsible for limiting the access to the private key.
| Cloud Infrastructure API Action | Cloud Infrastructure CLI Command |
|---|---|
Example 3-1 Creating an access key using the Cloud Infrastructure API
https://<username>:<password>@<EnterpriseControllerHostname>/akm/?Action=RegisterAccessKey&Version=1&Timestamp=1330975344&Expires=1333975344&account=ACC-0162da5a-5d25-4096-af59-3dd1de27cfad&publicKey=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAufVdjdp0MmOLbNypLVMWXfmhusawid4Wg4n4FZewSmoBEYA8f8wIA0SI87Shi7RtMcWsEoXvNNHA0wcJoA1RjyVLsI3rtrq0c0k7AxQSwb4UK/rSXW1NXxMh/mE7b3gdA6d9VuwIPnZJ5ZFQUZCLyhaAotLCdACrzbgzYXdqt+rstutT1AVkE2UAMcm5O3KnIoObZKb8JtepSt74A9RgVBkcCBjmKGfLNOL1KlZconkITm85TWKRaGRFuASxdl2ZrD723ZNb66X/a9ebxTMr6vVeskcaZpPlHzvgMOpiyDGwRvxn9yM5WB83zFDGT26Lihn/bKzLJXa+F2YNkLrTJQIDAQAB
Example 3-2 Creating an access key using the Cloud Infrastructure CLI
akm-create-access-key --base-url https://<EnterpriseControllerHostname>/ --user clouuser1 --password-file ~/pwd.file --account ACC-4b83b85e-592c-45a1-ba71-3bd0774fbd0e --access-key-file ~/tmp_access_key
Lists the API action and CLI command for displaying the access key.
A cloud user can view information about the access keys that the user owns. This information is a list of the access keys with the following attributes:
Access key ID
Account ID associated with the access key
Cloud user name associated with the access key
| Cloud Infrastructure API Action | Cloud Infrastructure CLI Command |
|---|---|
Example 3-3 Viewing access key information using the Cloud Infrastructure API
https://<username>:<password>@<EnterpriseControllerHostname>/akm/?Action= DescribeAccessKeys&Version=1&Timestamp=1330954619299&Expires=1330954919299
Example 3-4 Viewing access key information using the Cloud Infrastructure CLI
akm-describe-access-keys --base-url https://<EnterpriseControllerHostname>/ --user <username> --password-file ~/pwd.file
Lists the API action and CLI command for deleting an access key.
A cloud user can remove an access key. The operation also deletes and invalidates the public key.
| Cloud Infrastructure API Action | Cloud Infrastructure CLI Command |
|---|---|
Example 3-5 Deleting an access key information using the Cloud Infrastructure API
https://<username>:<password>@<EnterpriseControllerHostname>/akm/?Action=DeleteAccessKey&Version=1&Timestamp=1318278941862&Expires=1318279241862&accessKeyId=AK_3
Example 3-6 Deleting an access key information using the Cloud Infrastructure CLI
akm-delete-access-key --base-url https://<EnterpriseControllerHostname>/ --user <username> --password-file ~/pwd.file AK_3