All Products
Search
Document Center

Simple Message Queue (formerly MNS):Configure endpoints and access credentials

Last Updated:Sep 02, 2024

To use Simple Message Queue (formerly MNS) SDK for Java to initiate requests, you must configure endpoints and access credentials. Alibaba Cloud services use access credentials to verify identity information and access permissions. You can select different types of access credentials based on authentication and authorization requirements in different scenarios. This topic describes how to configure endpoints, temporary access credentials, and long-term access credentials.

Configure endpoints

Configure a public or internal endpoint of SMQ in the aliyun-mns.properties file. In most cases, this file is stored in the ${user.home}/.aliyun-mns.properties directory.

In the Linux or macOS operating system, the aliyun-mns.properties file is stored in the ~/.aliyun-mns.properties directory.

In the Windows operating system, the aliyun-mns.properties file is stored in the %USERPROFILE%\.aliyun-mns.properties directory.

Configure the aliyun-mns.properties file based on the following sample code:

mns.accountendpoint=http://120228xxxxxxx.mns.cn-xxxxxx.aliyuncs.com

You can view the information about the endpoint of SMQ in the Endpoint section of the Queue Details or Topic Details page in the SMQ console.image

Configure access credentials

The following types of access credentials are supported:

  • Long-term access credentials: To ensure data security, we recommend that you do not use long-term access credentials. For scenarios that require convenience, long-term access credentials eliminate the need for multiple refreshes within an extended period of time. We recommend that you change your long-term access credentials every three months to ensure the security of your Alibaba Cloud account. If long-term access credentials are leaked or no longer used, you can delete or disable the long-term access credentials to reduce security risks.

  • Temporary access credentials: For scenarios that require high security, such as temporarily authorizing an application to access SMQ, we recommend that you use temporary access credentials. Temporary access credentials are valid only within a specific period of time to prevent credential leaks. Temporary access credentials support fine-grained access control to prevent security risks caused by excessive permissions.

Configure long-term access credentials

If you want to use SDK for Java to access SMQ in an application or a service for a long period of time, you can use one of the following methods to configure a long-term access credential:

Configure an AccessKey pair for a Resource Access Management (RAM) user: If you want to access SMQ for a long period of time, you can use the AccessKey pair of a RAM user.

  1. Obtain the AccessKey pair of a RAM user.

    For more information, see the Create an AccessKey pair for a RAM user section of the "Create an AccessKey pair" topic.

    Important

    We recommend that you rotate the AccessKey pair of a RAM user that is used for more than three months. We recommend that you disable and delete the AccessKey pair of a RAM user that is not used for a long period of time. This reduces the risk of AccessKey pair leaks.

  2. Configure the AccessKey pair of the RAM user as access credentials.

    Configure environment variables

    1. Run the following command to configure environment variables:

      macOS

      1. Open the terminal.

      2. Run the following command:

        nano ~/.bash_profile
      3. Add the AccessKey pair of the RAM user to the end of the file.

        export ALIBABA_CLOUD_ACCESS_KEY_ID=LTA****
        export ALIBABA_CLOUD_ACCESS_KEY_SECRET=moiEs**** 
      4. Press Ctrl+X, press Y to save the file, and then press Enter to close the file.

      5. Run the following command to make the changes take effect:

        source ~/.bash_profile
      6. Run the following command to verify the configurations of the environment variables:

        echo $ALIBABA_CLOUD_ACCESS_KEY_ID
        echo $ALIBABA_CLOUD_ACCESS_KEY_SECRET

        Sample success response:

        LTA****
        moiEs****  

      Linux

      1. Open the terminal.

      2. Run the following command:

        sudo vim /etc/profile
      3. Add the AccessKey pair of the RAM user to the end of the file.

        export ALIBABA_CLOUD_ACCESS_KEY_ID=LTA****
        export ALIBABA_CLOUD_ACCESS_KEY_SECRET=moiEs**** 
      4. Press Esc to exit the edit mode. Then, enter :wq and press Enter to save and close the file.

      5. Run the following command to make the changes take effect:

        source /etc/profile
      6. Run the following command to verify the configurations of the environment variables:

        echo $ALIBABA_CLOUD_ACCESS_KEY_ID
        echo $ALIBABA_CLOUD_ACCESS_KEY_SECRET

        Sample success response:

        LTA****
        moiEs**** 

      Windows

      Use the GUI

      In this example, Windows 10 is used. You can perform the following steps to configure the AccessKey pair of the RAM user by using environment variables on the GUI:

      1. On the Windows desktop, right-click This PC and select Properties. On the page that appears, click Advanced system settings. In the System Properties dialog box, click Environment Variables on the Advanced tab. In the Environment Variables dialog box, click New in the User variables or System variables section.

      2. Specify the environment variables. The following table describes the environment variables.

        Variable

        Example

        ALIBABA_CLOUD_ACCESS_KEY_ID

        LTA****

        ALIBABA_CLOUD_ACCESS_KEY_SECRET

        moiEs****

      3. Run the following command to verify the configurations of the environment variables:

        echo $ALIBABA_CLOUD_ACCESS_KEY_ID
        echo $ALIBABA_CLOUD_ACCESS_KEY_SECRET

        Sample success response:

        LTA****
        moiEs**** 

      Use CMD

      1. Open the command-line interface (CLI).

      2. Run the following command to configure the environment variables by using the AccessKey pair:

        set ALIBABA_CLOUD_ACCESS_KEY_ID=LTA****
        set ALIBABA_CLOUD_ACCESS_KEY_SECRET=moiEs****  
      3. Run the following command to make the changes take effect:

        setx ALIBABA_CLOUD_ACCESS_KEY_ID "%MNS_ACCESS_KEY_ID%"
        setx ALIBABA_CLOUD_ACCESS_KEY_SECRET "%MNS_ACCESS_KEY_SECRET%"
      4. Run the following command to verify the configurations of the environment variables:

        echo %ALIBABA_CLOUD_ACCESS_KEY_ID%
        echo %ALIBABA_CLOUD_ACCESS_KEY_SECRET%

        Sample success response:

        LTA****
        moiEs****  

      Use Windows PowerShell

      1. Press Win+X.

      2. Specify the AccessKey pair of the RAM user.

        Valid for the current session
        1. In the message that appears, select Windows PowerShell.

        2. Specify the following environment variables for the current session:

          $env:ALIBABA_CLOUD_ACCESS_KEY_ID = "LTA****"
          $env:ALIBABA_CLOUD_ACCESS_KEY_SECRET = "moiEs****"
        Valid for all new sessions
        1. In the message that appears, select Windows PowerShell.

        2. Specify the following environment variables for all new sessions:

          [System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_ID', 'LTA****', [System.EnvironmentVariableTarget]::User)
          [System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_SECRET', 'moiEs****', [System.EnvironmentVariableTarget]::User)
        Valid for all users
        1. In the message that appears, select Windows PowerShell (Administrator).

        2. Specify the following environment variables for all users:

          [System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_ID', 'LTA****', [System.EnvironmentVariableTarget]::Machine)
          [System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_SECRET', 'moiEs****', [System.EnvironmentVariableTarget]::Machine)
      3. Run the following command to verify the configurations of the environment variables:

        Get-ChildItem env:ALIBABA_CLOUD_ACCESS_KEY_ID
        Get-ChildItem env:ALIBABA_CLOUD_ACCESS_KEY_SECRET

        Sample success response:

        LTA****
        moiEs**** 
    2. Obtain the AccessKey pair of the RAM user from the environment variables.

      // Obtain the access credentials from the environment variables. 
      CloudAccount account = new CloudAccount(ServiceSettings.getMNSAccountEndpoint());

    Embed access credentials in code

    Warning

    Security issues may occur if you embed access credentials in code. Leaked access credentials can be used by attackers to access your resources, which causes data breaches. To ensure security, we recommend that you use more secure methods, such as obtaining access credentials from environment variables.

    CloudAccount account = new CloudAccount(ServiceSettings.getMNSAccountEndpoint());

Configure temporary access credentials

If you want to use SDK for Java to temporarily access SMQ, you can use one of the following methods to configure temporary access credentials:

  • Configure temporary access credentials provided by STS: If you want to access SMQ within a specific period of time, you can use STS to configure a temporary access credential provided by STS. When you use the temporary access credential, you do not to disclose the AccessKey pair of your RAM user. This ensures secure access to SMQ.

  • Configure a RAM role: If you want to authorize a RAM user of your Alibaba Cloud account or a RAM user of another Alibaba Cloud account to access SMQ, you can configure a RAM role for the RAM user.

  • Configure a RAM role for an Elastic Compute Service (ECS) instance: If you want to access SMQ from an ECS instance, you can use a RAM role that is assigned to the ECS instance to access SMQ. You can assign a RAM role to an ECS instance and access SMQ from the ECS instance by using a specific method based on a temporary access credential provided by STS. Temporary access credentials provided by STS are automatically generated and updated. Applications can obtain such temporary access credentials by using the instance metadata URL.

Configure temporary access credentials provided by STS

  1. Create a RAM user.

    For information about how to create a RAM user, see Create a RAM user.

  2. Attach the AliyunSTSAssumeRoleAccess policy to the RAM user.

    For more information, see Grant permissions to a RAM user.

  3. Use the RAM user to call the AssumeRole operation of STS to obtain temporary access credentials.

    For more information, see AssumeRole.

  4. Configure the temporary access credentials obtained from STS.

    Configure environment variables

    1. Use the temporary access credentials obtained from STS to configure environment variables.

      macOS

      1. Open the terminal.

      2. Run the following command:

        nano ~/.bash_profile
      3. Add the temporary access credentials, including AccessKey ID, AccessKey Secret, and security token, that are obtained from STS to the end of the file.

        export MNS_ACCESS_KEY_ID=LTA****
        export MNS_ACCESS_KEY_SECRET=moiEs****
        export MNS_SESSION_TOKEN=CAES****
      4. Press Ctrl+X, press Y to save the file, and then press Enter to close the file.

      5. Run the following command to make the changes take effect:

        source ~/.bash_profile
      6. Run the following command to verify the configurations of the environment variables:

        echo $MNS_ACCESS_KEY_ID
        echo $MNS_ACCESS_KEY_SECRET
        echo $MNS_SESSION_TOKEN

        Sample success response:

        LTA****
        moiEs**** 
        CAES****

      Linux

      1. Open the terminal.

      2. Run the following command:

        sudo vim /etc/profile
      3. Add the temporary access credentials including AccessKey ID, AccessKey Secret, and security token, that are obtained from STS to the end of the file.

        export MNS_ACCESS_KEY_ID=LTA****
        export MNS_ACCESS_KEY_SECRET=moiEs****
        export MNS_SESSION_TOKEN=CAES****
      4. Press Esc to exit the edit mode. Then, enter :wq and press Enter to save and close the file.

      5. Run the following command to make the changes take effect:

        source /etc/profile
      6. Run the following command to verify the configurations of the environment variables:

        echo $MNS_ACCESS_KEY_ID
        echo $MNS_ACCESS_KEY_SECRET
        echo $MNS_SESSION_TOKEN

        Sample success response:

        LTA****
        moiEs**** 
        CAES****

      Windows

      Use the GUI

      In this example, Windows 10 is used. You can perform the following steps to configure STS temporary access credentials by using environment variables on the GUI:

      1. On the Windows desktop, right-click This PC and select Properties. On the page that appears, click Advanced system settings. In the System Properties dialog box, click Environment Variables on the Advanced tab. In the Environment Variables dialog box, click New in the User variables or System variables section.

      2. Specify the environment variables. The following table describes the environment variables.

        Variable

        Example

        MNS_ACCESS_KEY_ID

        LTA****

        MNS_ACCESS_KEY_SECRET

        moiEs****

        MNS_SESSION_TOKEN

        CAES****

      3. Run the following command to verify the configurations of the environment variables:

        echo %MNS_ACCESS_KEY_ID%
        echo %MNS_ACCESS_KEY_SECRET%
        echo %MNS_SESSION_TOKEN%

        Sample success response:

        LTA****
        moiEs**** 
        CAES****

      Use CMD

      1. Open the CLI.

      2. Run the following command to configure environment variables by using the temporary access credentials, including AccessKey ID, AccessKey secret, and security token:

        set MNS_ACCESS_KEY_ID=LTA****
        set MNS_ACCESS_KEY_SECRET=moiEs**** 
        set MNS_SESSION_TOKEN=CAES****
      3. Run the following command to make the changes take effect:

        setx MNS_ACCESS_KEY_ID "%MNS_ACCESS_KEY_ID%"
        setx MNS_ACCESS_KEY_SECRET "%MNS_ACCESS_KEY_SECRET%"
        setx MNS_SESSION_TOKEN "%MNS_SESSION_TOKEN%"
      4. Run the following command to verify the configurations of the environment variables:

        echo %MNS_ACCESS_KEY_ID%
        echo %MNS_ACCESS_KEY_SECRET%
        echo %MNS_SESSION_TOKEN%

        Sample success response:

        LTA****
        moiEs**** 
        CAES****

      Use Windows PowerShell

      1. Press Win+X.

      2. Specify STS temporary access credentials.

        Valid for the current session
        1. In the message that appears, select Windows PowerShell.

        2. Specify the following environment variables for the current session:

          $env:MNS_ACCESS_KEY_ID = "LTA****"
          $env:MNS_ACCESS_KEY_SECRET = "moiEs****"
          $env:MNS_SESSION_TOKEN = "CAE****"
        Valid for all new sessions
        1. In the message that appears, select Windows PowerShell.

        2. Specify the following environment variables for all new sessions:

          [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_ID', 'LTA****', [System.EnvironmentVariableTarget]::User)
          [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_SECRET', 'moiEs****', [System.EnvironmentVariableTarget]::User)
          [System.Environment]::SetEnvironmentVariable('MNS_SESSION_TOKEN', 'CAES****', [System.EnvironmentVariableTarget]::User)
        Valid for all users
        1. In the message that appears, select Windows PowerShell (Administrator).

        2. Specify the following environment variables for all users:

          [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_ID', 'LTA****', [System.EnvironmentVariableTarget]::Machine)
          [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_SECRET', 'moiEs****', [System.EnvironmentVariableTarget]::Machine)
          [System.Environment]::SetEnvironmentVariable('MNS_SESSION_TOKEN', 'CAES****', [System.EnvironmentVariableTarget]::Machine)
      3. Run the following command to verify the configurations of the environment variables:

        Get-ChildItem env:MNS_ACCESS_KEY_ID
        Get-ChildItem env:MNS_ACCESS_KEY_SECRET
        Get-ChildItem env:MNS_SESSION_TOKEN

        Sample success response:

        LTA****
        moiEs**** 
        CAES****
    2. Obtain the temporary access credentials obtained from STS from the environment variables.

      // Obtain the temporary access credentials of the RAM user, including AccessKey ID, AccessKey secret, and security token, from the environment variables.  
      String accessKeyId = System.getenv("MNS_ACCESS_KEY_ID"); 
      String accessKeySecret = System.getenv("MNS_ACCESS_KEY_SECRET");
      String sessionToken = System.getenv("MNS_SESSION_TOKEN"); 
      AlibabaCloudCredentials credentials = new BasicSessionCredentials(accessKeyId,accessKeySecret,sessionToken); 
      AlibabaCloudCredentialsProvider provider = new StaticCredentialsProvider(credentials);

    Embed access credentials in code

    Warning

    Security issues may occur if you embed access credentials in code. Leaked access credentials can be used by attackers to access your resources, which causes data breaches. To ensure security, we recommend that you use more secure methods, such as obtaining access credentials from environment variables.

    // Obtain the temporary access credentials of the RAM user, including AccessKey ID, AccessKey secret, and security token, from the environment variables. 
    String accessKeyId = System.getenv("MNS_ACCESS_KEY_ID");
    String accessKeySecret = System.getenv("MNS_ACCESS_KEY_SECRET");
    String sessionToken = System.getenv("MNS_SESSION_TOKEN");
    
    AlibabaCloudCredentials credentials = new BasicSessionCredentials(accessKeyId,accessKeySecret,sessionToken);
    AlibabaCloudCredentialsProvider provider = new StaticCredentialsProvider(credentials);
    
    String endpoint = ServiceSettings.getMNSAccountEndpoint();
    CloudAccount account = new CloudAccount(endpoint, provider);

Configure a RAM role

  1. Obtain the AccessKey pair of a RAM user.

    For more information, see the Create an AccessKey pair for a RAM user section of the "Create an AccessKey pair" topic.

    Important

    To reduce the leakage risk of the AccessKey pair of a RAM user, we recommend that you rotate the AccessKey pair every three months. We recommend that you disable and delete the AccessKey pair of a RAM user that is not used for a long period of time.

  2. Obtain the RamRoleArn of the RAM role.

    Note

    RamRoleArn is the Alibaba Cloud Resource Name (ARN) of the RAM role, which is the ID of the role to be assumed. Format: acs:ram::$accountID:role/$roleName. $accountID indicates the ID of the Alibaba Cloud account. $roleName indicates the name of the RAM role.

    For more information, see View the information about a RAM role.

  3. Specify the AccessKey pair of the RAM user and the ARN of the RAM role as the temporary access credentials.

    Configure environment variables.

    1. Configure environment variables by using the obtained AccessKey pair of the RAM user and RamRoleArn of the RAM role.

      macOS

      1. Open the terminal.

      2. Run the following command:

        nano ~/.bash_profile
      3. Add the AccessKey pair of the RAM user and the ARN of the RAM role to the end of the file.

        export MNS_ACCESS_KEY_ID=LTAI****
        export MNS_ACCESS_KEY_SECRET=IrVTNZNy****  
        export MNS_STS_ROLE_ARN=acs:ram::17464958********:role/mnsststest
      4. Press Ctrl+X, press Y to save the file, and then press Enter to close the file.

      5. Run the following command to make the changes take effect:

        source /etc/profile
      6. Run the following command to verify the configurations of the environment variable:

        echo $MNS_ACCESS_KEY_ID
        echo $MNS_ACCESS_KEY_SECRET
        echo $MNS_STS_ROLE_ARN

        Sample success response:

        LTAI****
        IrVTNZNy****  
        acs:ram::17464958********:role/mnsststest

      Linux

      1. Open the terminal.

      2. Run the following command:

        sudo vim /etc/profile
      3. Add the AccessKey pair of the RAM user and the ARN of the RAM role to the end of the file.

        export MNS_ACCESS_KEY_ID=LTAI****
        export MNS_ACCESS_KEY_SECRET=IrVTNZNy****  
        export MNS_STS_ROLE_ARN=acs:ram::17464958********:role/mnsststest
      4. Press Esc to exit the edit mode. Then, enter :wq and press Enter to save and close the file.

      5. Run the following command to make the changes take effect:

        source /etc/profile
      6. Run the following command to verify the configurations of the environment variable:

        echo $MNS_ACCESS_KEY_ID
        echo $MNS_ACCESS_KEY_SECRET
        echo $MNS_STS_ROLE_ARN

        Sample success response:

        LTAI****
        IrVTNZNy****  
        acs:ram::17464958********:role/mnsststest

      Windows

      Use the GUI

      In this example, Windows 10 is used. You can perform the following steps to configure the AccessKey pair of the RAM user and the ARN of the RAM role by using environment variables on the GUI:

      1. On the Windows desktop, right-click This PC and select Properties. On the page that appears, click Advanced system settings. In the System Properties dialog box, click Environment Variables on the Advanced tab. In the Environment Variables dialog box, click New in the User variables or System variables section.

      2. Configure the environment variables. The following table describes the environment variables.

        Variable

        Example

        MNS_ACCESS_KEY_ID

        LTAI****

        MNS_ACCESS_KEY_SECRET

        IrVTNZNy****

        MNS_STS_ROLE_ARN

        acs:ram::17464958********:role/mnsststest

      3. Run the following command to verify the configurations of the environment variables:

        echo $MNS_ACCESS_KEY_ID
        echo $MNS_ACCESS_KEY_SECRET
        echo $MNS_STS_ROLE_ARN

        Sample success response:

        LTAI****
        IrVTNZNy**** 
        acs:ram::17464958********:role/mnsststest

      Use CMD

      1. Open the CLI.

      2. Run the following command to configure environment variables by using the AccessKey pair of the RAM user and the ARN of the RAM role:

        set MNS_ACCESS_KEY_ID=LTAI****
        set MNS_ACCESS_KEY_SECRET=IrVTNZNy****  
        set MNS_STS_ROLE_ARN=acs:ram::17464958********:role/mnsststest
      3. Run the following command to make the changes take effect:

        setx MNS_ACCESS_KEY_ID "%MNS_ACCESS_KEY_ID%"
        setx MNS_ACCESS_KEY_SECRET "%MNS_ACCESS_KEY_SECRET%"
        setx MNS_STS_ROLE_ARN "%MNS_STS_ROLE_ARN%"
      4. Run the following command to verify the configurations of the environment variables:

        echo %MNS_ACCESS_KEY_ID%
        echo %MNS_ACCESS_KEY_SECRET%
        echo %MNS_STS_ROLE_ARN%

        Sample success response:

        LTAI****
        IrVTNZNy****  
        acs:ram::17464958********:role/mnsststest

      Use Windows PowerShell

      1. Press Win+X.

      2. Specify the AccessKey pair of the RAM user and the ARN of the RAM role.

        Valid for the current session

        1. In the message that appears, select Windows PowerShell.

        2. Specify the following environment variables for the current session:

          $env:MNS_ACCESS_KEY_ID = "LTAI****"
          $env:MNS_ACCESS_KEY_SECRET = "IrVTNZNy****"
          $env:MNS_STS_ROLE_ARN = "acs:ram::17464958********:role/ossststest"

        Valid for all new sessions

        1. In the message that appears, select Windows PowerShell.

        2. Specify the following environment variables for all new sessions:

          [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_ID', 'LTAI****', [System.EnvironmentVariableTarget]::User)
          [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_SECRET', 'IrVTNZNy****', [System.EnvironmentVariableTarget]::User)
          [System.Environment]::SetEnvironmentVariable('MNS_STS_ROLE_ARN', 'acs:ram::17464958********:role/mnsststest', [System.EnvironmentVariableTarget]::User)

        Valid for all users

        1. In the message that appears, select Windows PowerShell (Administrator).

        2. Specify the following environment variables for all users:

          [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_ID', 'LTAI****', [System.EnvironmentVariableTarget]::Machine)
          [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_SECRET', 'IrVTNZNy****', [System.EnvironmentVariableTarget]::Machine)
          [System.Environment]::SetEnvironmentVariable('MNS_STS_ROLE_ARN', 'acs:ram::17464958********:role/mnsststest', [System.EnvironmentVariableTarget]::Machine)
      3. Run the following command to verify the configurations of the environment variables:

        Get-ChildItem env:MNS_ACCESS_KEY_ID
        Get-ChildItem env:MNS_ACCESS_KEY_SECRET
        Get-ChildItem env:MNS_STS_ROLE_ARN

        Sample success response:

        LTAI****
        IrVTNZNy**** 
        acs:ram::17464958********:role/mnsststest
    2. Obtain the AccessKey pair of the RAM user and the ARN of the RAM role from the environment variables.

      // Specify the region that you want to authorize STSAssumeRole to access. In this example, the China (Hangzhou) region is used. Specify the region based on the actual case. 
      String region = "cn-hangzhou";
      // Obtain the AccessKey pair of the RAM user from the environment variables. The AccessKey pair consists of an AccessKey ID and an AccessKey secret. 
      String accessKeyId = System.getenv("MNS_ACCESS_KEY_ID");
      String accessKeySecret = System.getenv("MNS_ACCESS_KEY_SECRET");
      // Obtain the ARN of the RAM role from the environment variable, 
      String roleArn = System.getenv("MNS_STS_ROLE_ARN");
      
      // Use the AccessKey pair and RAM role ARN to create a credential provider. 
      STSAssumeRoleSessionCredentialsProvider credentialsProvider = CredentialsProviderFactory
              .newSTSAssumeRoleSessionCredentialsProvider(
                      region, 
                      accessKeyId, 
                      accessKeySecret, 
                      roleArn
              );

    Embed access credentials in code

    Warning

    Security issues may occur if you embed access credentials in code. Leaked access credentials can be used by attackers to access your resources, which causes data breaches. To ensure security, we recommend that you use more secure methods, such as obtaining access credentials from environment variables.

    // The endpoint of MNS must match the region that is specified by the regionId parameter. 
    String regionId = "cn-hangzhou";
    
    // Obtain the AccessKey pair of the RAM user from the environment variables. The AccessKey pair consists of an AccessKey ID and an AccessKey secret. 
    String accessKeyId = System.getenv("MNS_ACCESS_KEY_ID");
    String accessKeySecret = System.getenv("MNS_ACCESS_KEY_SECRET");
    // Obtain the ARN of the RAM role from the environment variable, 
    String roleArn = System.getenv("MNS_STS_ROLE_ARN");
    
    DefaultProfile profile = DefaultProfile.getProfile(regionId);
    AlibabaCloudCredentialsProvider provider = new STSAssumeRoleSessionCredentialsProvider(
        new BasicCredentials(accessKeyId, accessKeySecret),
        roleArn,
        profile
    );
    
    
    String endpoint = ServiceSettings.getMNSAccountEndpoint();
    CloudAccount account = new CloudAccount(endpoint, provider);

Configure a RAM role for an ECS instance

  1. Assign a RAM role to an ECS instance.

    For more information, see Grant ECS access to other Alibaba Cloud services by using instance RAM roles.

  2. Configure temporary access credentials by using the RAM role assigned to the ECS instance.

    // Obtain access credentials by using the RAM role attached to an ECS instance. In this example, the ecs-ram-role role is used. 
    CredentialsProvider provider = new InstanceProfileCredentialsProvider("ecs-ram-role");