All Products
Search
Document Center

Elastic Compute Service:Add accounts to Alibaba Cloud Client

Last Updated:Oct 23, 2024

Before you use Alibaba Cloud Client to view and manage your resources, such as Elastic Compute Service (ECS) instances, elastic container instances, simple application servers, and Alibaba Cloud managed instances, you must add your Alibaba Cloud account to Alibaba Cloud Client.

Procedure

Important
  • You can add one or more Alibaba Cloud accounts to Alibaba Cloud Client and switch between the accounts based on your business requirements.

  • If you have specified Alibaba Cloud account information in Alibaba Cloud CLI, Alibaba Cloud Client imports the account information from Alibaba Cloud CLI. For more information, see What is Alibaba Cloud CLI?

  1. Download and install Alibaba Cloud Client on your device.

    For information about the URLs from which you can download Alibaba Cloud Client, see the Download methods section in the "Overview of Alibaba Cloud Client" topic.

  2. In the upper-right corner of the Alibaba Cloud Client homepage, click the 首页 icon.

  3. In the account list on the Profiles page, click the 加号 icon to add an account to Alibaba Cloud Client.

  4. Enter a name for the Alibaba Cloud Client account to help you identify the account. The Alibaba Cloud Client account is used to link to your Alibaba Cloud account.

  5. Configure the Mode parameter to specify the management mode of the Alibaba Cloud Client account and complete the account configuration.

    The valid values of the Mode parameter are described in the following table. The parameters that you must configure vary based on the account management mode that you specify. We recommend that you use the AccessKey mode.

    Note

    You can specify an account management mode and configure the corresponding parameters based on your business requirements. Valid values for the Mode parameter include AccessKey, StsToken, RamRoleArn, CredentialsURI, ExternalCommand, and Alibaba Cloud Account. Alibaba Cloud Client displays the resources in the linked Alibaba Cloud account based on the specified mode. The linked Alibaba Cloud account can be a main account or a Resource Access Management (RAM) user.

    The AccessKey, StsToken, RamRoleArn, CredentialsURI, or ExternalCommand mode

    If you select the AccessKey, StsToken, RamRoleArn, CredentialsURI, or ExternalCommand mode, perform the following operations to complete the account configuration:

    1. Configure the account parameters that are described in the following table based on the mode that you specify.

      Mode

      Description

      Configurations

      (Recommended) AccessKey

      An AccessKey pair consists of an AccessKey ID and an AccessKey secret.

      • The AccessKey ID is used to identify a user.

      • The AccessKey secret is used to verify the key of a user. You must keep your AccessKey secret confidential.

      For more information, see the What is an AccessKey pair? section in the "Create an AccessKey pair" topic.

      Configure the following parameters:

      Important

      For information about how to obtain an AccessKey pair, see Obtain an AccessKey pair.

      • AccessKey ID: Enter your AccessKey ID.

      • AccessKey Secret: Enter your AccessKey secret.

      • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

      • (Optional) Resource Group: Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

      StsToken

      You can use Security Token Service (STS) tokens to log on to Alibaba Cloud Client. For more information, see What is STS?

      Configure the following parameters:

      • AccessKey ID: Enter your AccessKey ID.

      • AccessKey Secret: Enter your AccessKey secret.

      • STS Token: Enter an STS token. STS tokens are temporary identity credentials. You can call the AssumeRole operation to obtain an STS token to assume a RAM role. For more information, see AssumeRole.

      • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

      • (Optional) Resource Group: Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

      RamRoleArn

      You can use RAM roles to log on to Alibaba Cloud Client. For information about RAM roles, see RAM role overview.

      If you select this mode, the AssumeRole operation is automatically called to obtain an STS token to assume a RAM role.

      Configure the following parameters:

      • AccessKey ID: Enter your AccessKey ID.

      • AccessKey Secret: Enter your AccessKey secret.

      • RamRoleArn: Enter the Alibaba Cloud Resource Name (ARN) of a RAM role.

      • (Optional) RoleSessionName: Enter a name for the role session.

        • You can specify the value of this parameter based on your business requirements. In most cases, you can set this parameter to the identity of the user who calls API operations. For example, set this parameter to a username. In ActionTrail logs, you can use the RoleSessionName value to distinguish different users who assume the same RAM role to perform operations. This way, you can perform user-specific auditing.

        • The value must be 2 to 64 characters in length and can contain letters, digits, periods (.), at signs (@), hyphens (-), and underscores (_).

      • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

      • (Optional) Resource Group: Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

      CredentialsURI

      You can use Alibaba Cloud identity credentials that are obtained from local or remote uniform resource identifiers (URIs) to log on to Alibaba Cloud Client. For more information, see aliyun/aliyun-cli: Alibaba Cloud CLI.

      Configure the following parameters:

      • CredentialsURI: Enter the local or remote URI from which identity credentials are obtained. The URI must respond to HTTPS or HTTP GET requests and return the HTTP status code 200 and responses in the following JSON format:

      • {
          "Code": "Success",
          "AccessKeyId": "<ak id>",
          "AccessKeySecret": "<ak secret>",
          "SecurityToken": "<security token>",
          "Expiration" "2006-01-02T15:04:05Z"
        }
      • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

      • (Optional) Resource Group: Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

      ExternalCommand

      You can use Alibaba Cloud identity credentials that are obtained by running external commands to log on to Alibaba Cloud Client. For more information, see aliyun/aliyun-cli: Alibaba Cloud CLI.

      Configure the following parameters:

      • External Command: Enter the external command that you want to run to obtain identity credentials. The command must return an output in the following JSON format:

      • {
          "Code": "Success",
          "AccessKeyId": "<ak id>",
          "AccessKeySecret": "<ak secret>",
          "SecurityToken": "<security token>",
          "Expiration" "2006-01-02T15:04:05Z"
        }
      • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

      • (Optional) Resource Group: Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

    2. Click Verify to verify whether the account information that you specified is valid.

    3. After the account information is verified, click Save.

      After you save the account information, the account is automatically used to log on to Alibaba Cloud Client.

    The Alibaba Cloud Account mode

    To use a main account or a RAM user to log on to Alibaba Cloud Client, you must perform the following operations to complete the account configuration:

    1. Configure the account parameters that are described in the following table.

      Parameter

      Description

      Mode

      Select an account management mode for Alibaba Cloud Client. In this example, Alibaba Cloud Account is used.

      Account Type

      Specify the type of the account that you want to add and the site at which you use the account to access the corresponding Alibaba Cloud logon page. Valid values:

      Important

      We recommend that you use a RAM user to log on to Alibaba Cloud Client. To prevent unintended operations caused by improper management of or improper authorizations to the RAM user, exercise caution when you attach policies to the RAM user.

      • Main account (alibabacloud.com)

      • RAM user (alibabacloud.com)

      Default Region

      Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

      (Optional) Resource Group

      Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

    2. Click Login.

    3. On the Alibaba Cloud logon page, enter your Alibaba Cloud account and password as prompted to log on to Alibaba Cloud.

      After the logon is complete, the system automatically returns to the Profiles page. In the lower part of the page, Logged In is displayed, which indicates that the Alibaba Cloud account is added to Alibaba Cloud Client.

  6. (Conditionally required) If you want to view and manage resources for multiple Alibaba Cloud accounts, repeat Step 2 to Step 5 until all the accounts are added.

What to do next

After you add accounts to Alibaba Cloud Client, you can use Alibaba Cloud Client to view and manage your resources, such as ECS instances, elastic container instances, simple application servers, and Alibaba Cloud managed instances. For more information, see the following topics:

Related operations

  • When you use Alibaba Cloud Client, you can perform the following operations based on your business requirements:

    • If you want to view resources in another account, click the image.png icon next to the current account on the Home page of Alibaba Cloud Client, and then click the account to which you want to switch.

    • If you want to modify the configurations of Alibaba Cloud Client, such as the language, color theme, and terminal configurations of Alibaba Cloud Client, perform the operations that are described in Configure the settings of Alibaba Cloud Client.

  • You can use a RAM user to manage permissions on resources in an Alibaba Cloud Client account.

    For example, if you do not want an Alibaba Cloud Client account to stop, restart, or release ECS instances, grant only the read permissions on ECS instances to the RAM user that corresponds to the Alibaba Cloud Client account. For more information, see Use RAM to manage ECS permissions. After you configure a policy that grants only the read permissions on ECS instances to the RAM user, the RAM user cannot stop, restart, or release ECS instances.