Configuring identity credentials in the Alibaba Cloud Client lets you quickly view and manage resources such as Elastic Compute Service (ECS), Elastic Container Instance (ECI), and Simple Application Server (SAS). The client supports multiple identity credentials, which lets you avoid frequent switching and improve your O&M efficiency.
Procedure
After you download and install Alibaba Cloud Client, configure your identity credentials using one of the following methods.
Method 1: Use a RAM user AccessKey (recommended)
The AccessKey of Alibaba Cloud account has full control over all resources under the account. If leaked, it poses an extremely high security risk. As a best practice, follow the principle of least privilege. Create a Resource Access Management (RAM) user with limited permissions and use their AccessKey for daily management.
Create a RAM user and then create an AccessKey pair for the user.
On the top right of the client home page, click the
icon to open the Profiles page. In the profile list, click the 
icon.Add the account:
Mode: AccessKey.
AccessKey ID and AccessKey Secret: Enter the AccessKey pair of the RAM user you created.
Default Region: This sets the default region for the resource list.
Resource Group (Optional): If you specify a Resource Group ID, the client only displays resources within that group. Otherwise, all resources are displayed.
Click Verify to validate the credentials. After successful validation, click Save.
Method 2: Configure other identity credentials
The client also supports the following identity credential configurations:
Assume RamRole: Suitable for cross-account access.
STS Token: Suitable for temporary access as a RAM role.
Console Account: Use an account and password (for both Alibaba Cloud account and RAM users) to quickly log in to the client.
CredentialsURI / CredentialsCmd: Suitable for users who need to obtain a temporary token from an internal corporate endpoint.
Assume RamRole
To configure this identity credential, you must first grant permissions to a RAM user to assume a role.
Parameter configuration:
AccessKey ID and AccessKey Secret: The AccessKey pair of the RAM role's trusted entity (a RAM user).
RamRoleArn: The ARN of the RAM role to assume. For more information, see View the information about a RAM role.
STS Token
To configure this identity credential, you must first grant permissions to a RAM user to assume a role.
Parameter configuration:
AccessKey ID and AccessKey Secret: The AccessKey pair of the RAM role's trusted entity (a RAM user).
STS Token: To obtain a temporary identity credential (an STS Token) for assuming a RAM role, call the AssumeRole API operation. For more information, see How to get an STS token.
Console Account
Procedure:
Add an account.
Mode: Select Console Account.
Account Type: Select Main Account (alibabacloud.com) or RAM Account (alibabacloud.com).
We recommend that you log in to the client as a RAM user and grant permissions to this RAM user carefully to prevent unauthorized operations caused by improper user management or authorization.
Click Login. On the Alibaba Cloud login page, follow the on-screen instructions to log in with your Alibaba Cloud account and password.
After you log in, the client automatically returns you to the Profiles page. When the status at the bottom of the page changes to Logged In, the account is successfully added.
CredentialsURI / CredentialsCmd
Parameter configuration:
CredentialsURI / CredentialsCmd: This method uses identity credentials obtained from a local or remote URI. For more information, see aliyun/aliyun-cli: Alibaba Cloud CLI. This method requires the URI to return a 200 status code from an HTTP(S) GET request with the following JSON structure:
{
"Code": "Success",
"AccessKeyId": "<ak id>",
"AccessKeySecret": "<ak secret>",
"SecurityToken": "<security token>",
"Expiration": "2006-01-02T15:04:05Z"
}What to do next
After you add an account in the Alibaba Cloud Client, you can view and manage resources (such as ECS, ECI, SAS, and managed instances) in the client. See the following topics for more information:
FAQ
Why am I already logged in after installing the Alibaba Cloud Client for the first time?
If you are already logged in when you first install the client, this occurs because the Alibaba Cloud Client automatically imports existing configurations from the Alibaba Cloud CLI.
How do I switch between multiple added accounts?
On the Home of the Alibaba Cloud Client, click the icon to the right of the current account, click and switch the account you want to check.
Why can't I see my resources after adding a RAM user account?
You must grant the RAM user the required permissions to manage the corresponding resources. For more information, see Grant permissions to a RAM user.