Adds a user to a bastion host.
Operation description
Usage notes
You can call this operation to add a user to a bastion host. You can add local users and Resource Access Management (RAM) users. After a Bastionhost administrator adds a user to a bastion host, the O&M personnel can log on to the bastion host as the user to perform O&M operations on the host on which they have permissions.
Limits
You can call this operation up to 10 times per second per account. If the number of the calls per second exceeds the limit, throttling is triggered. As a result, your business may be affected. We recommend that you take note of the limit when you call this operation.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action
policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resources
is used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
Operation | Access level | Resource type | Condition key | Associated operation |
---|---|---|---|---|
yundun-bastionhost:CreateUser | Write |
|
| none |
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
InstanceId | string | Yes | The ID of the bastion host to which you want to add a user. Note
You can call the DescribeInstances operation to query the ID of the bastion host.
| bastionhost-cn-st220aw**** |
RegionId | string | No | The region ID of the bastion host to which you want to add a user. Note
For more information about the mapping between region IDs and region names, see Regions and zones.
| cn-hangzhou |
Source | string | Yes | The source of the user that you want to add. Valid values:
| local |
UserName | string | Yes | The logon name of the user that you want to add. The logon name can contain only letters, digits, and underscores (_) and can be up to 128 characters in length. | abc_def |
Password | string | No | The logon password of the user that you want to add. The logon password can be up to 128 characters in length. Note
This parameter is required if the Source parameter is set to Local.
| 213**** |
DisplayName | string | No | The display name of the user that you want to add. This display name can be up to 128 characters in length. | Bob |
Comment | string | No | The remarks of the user that you want to add. The remarks can be up to 500 characters in length. | comment |
string | No | The email address of the user that you want to add. | username@example.com | |
Mobile | string | No | The mobile phone number of the user that you want to add. | 1359999**** |
SourceUserId | string | No | The unique identifier of the user that you want to add. Note
This parameter uniquely identifies a RAM user of the bastion host. This parameter is required if the Source parameter is set to Ram. You can call the ListUsers operation to obtain the unique identifier of the user from the UserId response parameter.
| 122748924538**** |
MobileCountryCode | string | No | The country where the mobile number of the user is registered. Default value: CN. Valid values:
| CN |
EffectiveStartTime | long | No | The beginning of the validity period of the user. The value is a UNIX timestamp. Unit: seconds. | 1669630029 |
EffectiveEndTime | long | No | The end of the validity period of the user. The value is a UNIX timestamp. Unit: seconds. | 1672502400 |
NeedResetPassword | boolean | No | Specifies whether password reset is required upon the next logon. Valid values:
| true |
TwoFactorStatus | string | No | The two-factor authentication status of the user. Valid values:
| Enable |
TwoFactorMethods | string | No | The two-factor authentication method. You can select only one method. Valid values:
Note
| ["sms"] |
All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see Common parameters.
For more information about sample requests, see the "Examples" section of this topic.
Response parameters
Examples
Sample success responses
JSON
format
{
"UserId": "1",
"RequestId": "EC9BF0F4-8983-491A-BC8C-1B4DD94976DE"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidParameter | The argument is invalid. | The argument is invalid. |
400 | UserAlreadyExists | The user already exists. | The user already exists. |
500 | InternalError | An unknown error occurred. | An unknown error occurred. |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2024-02-28 | The Error code has changed. The request parameters of the API has changed | see changesets | ||||||||||||
|