All Products
Search

This Product

    Simple Message Queue (formerly MNS):Configure endpoints and access credentials

    Document Center

    Simple Message Queue (formerly MNS):Configure endpoints and access credentials

    Last Updated:Sep 26, 2024

    To use Simple Message Queue (SMQ) SDK for Python to initiate requests, you must configure endpoints and access credentials. Alibaba Cloud services use access credentials to verify your identity information and access permissions. You can select different types of access credentials based on authentication and authorization requirements in different scenarios. This topic describes how to configure endpoints, temporary access credentials, and long-term access credentials.

    Configure endpoints

    1. Download the latest version of SMQ SDK for Python, decompress the package, and then go to the aliyun-mns-python-sdk subdirectory.

    2. Open the sample.cfg file and configure the endpoint.

      • You can view the endpoints of SMQ in the Endpoint section of the Queue Details or Topic Details page.image

      • The endpoints of SMQ vary based on the region.

    Configure access credentials

    The following types of access credentials are supported:

    • Long-term access credentials: To ensure data security, we recommend that you do not use long-term access credentials. For scenarios that require convenience, long-term access credentials eliminate the need for multiple refreshes within an extended period of time. We recommend that you change your long-term access credentials every three months to ensure the security of your Alibaba Cloud account. If long-term access credentials are leaked or no longer used, you can delete or disable the long-term access credentials to reduce security risks.

    • Temporary access credentials: For scenarios that require high security, such as temporarily authorizing an application to access SMQ, we recommend that you use temporary access credentials. Temporary access credentials are valid only within a specific period of time to prevent credential leaks. Temporary access credentials support fine-grained access control to prevent security risks caused by excessive permissions.

    Configure long-term access credentials

    If you want to access SMQ in an application or a service for a long period of time, you can use the AccessKey pair of a Resource Access Management (RAM) user.

    1. Obtain the AccessKey pair of a RAM user.

      For more information, see the Create an AccessKey pair for a RAM user section of the "Create an AccessKey pair" topic.

      Important

      We recommend that you rotate the AccessKey pair of a RAM user that is used for more than three months. We recommend that you disable and delete the AccessKey pair of a RAM user that is not used for a long period of time. This reduces the risk of AccessKey pair leaks.

    2. Configure the AccessKey pair of the RAM user as access credentials.

      Configure environment variables

      1. Run the following command to configure environment variables:

        macOS

        1. Open the terminal.

        2. Run the following command: 

          nano ~/.bash_profile

        3. Add the AccessKey pair of the RAM user to the end of the file. 

          export ALIBABA_CLOUD_ACCESS_KEY_ID=LTA****
export ALIBABA_CLOUD_ACCESS_KEY_SECRET=moiEs****

        4. Press Ctrl+X, press Y to save the file, and then press Enter to close the file.

        5. Run the following command to make the changes take effect: 

          source ~/.bash_profile

        6. Run the following command to verify the configurations of the environment variables: 

          echo $ALIBABA_CLOUD_ACCESS_KEY_ID
echo $ALIBABA_CLOUD_ACCESS_KEY_SECRET

          Sample success response:

          LTA****
moiEs****

        Linux

        1. Open the terminal.

        2. Run the following command: 

          sudo vim /etc/profile

        3. Add the AccessKey pair of the RAM user to the end of the file. 

          export ALIBABA_CLOUD_ACCESS_KEY_ID=LTA****
export ALIBABA_CLOUD_ACCESS_KEY_SECRET=moiEs****

        4. Press Esc to exit the edit mode. Then, enter :wq and press Enter to save and close the file.

        5. Run the following command to make the changes take effect: 

          source /etc/profile

        6. Run the following command to verify the configurations of the environment variables: 

          echo $ALIBABA_CLOUD_ACCESS_KEY_ID
echo $ALIBABA_CLOUD_ACCESS_KEY_SECRET

          Sample success response:

          LTA****
moiEs****

        Windows

        Use the GUI

        In this example, Windows 10 is used. You can perform the following steps to configure the AccessKey pair of the RAM user by using environment variables on the GUI:

        1. On the Windows desktop, right-click This PC and select Properties. On the page that appears, click Advanced system settings. In the System Properties dialog box, click Environment Variables on the Advanced tab. In the Environment Variables dialog box, click New in the User variables or System variables section.

        2. Configure the environment variables. The following table describes the environment variables.

          Variable

          Example

          ALIBABA_CLOUD_ACCESS_KEY_ID

          LTA****

          ALIBABA_CLOUD_ACCESS_KEY_SECRET

          moiEs****

        3. Run the following command to verify the configurations of the environment variables: 

          echo $ALIBABA_CLOUD_ACCESS_KEY_ID
echo $ALIBABA_CLOUD_ACCESS_KEY_SECRET

          Sample success response:

          LTA****
moiEs****

        Use CMD

        1. Open the CLI.

        2. Run the following command to configure the environment variables by using the AccessKey pair: 

          set ALIBABA_CLOUD_ACCESS_KEY_ID=LTA****
set ALIBABA_CLOUD_ACCESS_KEY_SECRET=moiEs****

        3. Run the following command to make the changes take effect: 

          setx ALIBABA_CLOUD_ACCESS_KEY_ID "%MNS_ACCESS_KEY_ID%"
setx ALIBABA_CLOUD_ACCESS_KEY_SECRET "%MNS_ACCESS_KEY_SECRET%"

        4. Run the following command to verify the configurations of the environment variables: 

          echo %ALIBABA_CLOUD_ACCESS_KEY_ID%
echo %ALIBABA_CLOUD_ACCESS_KEY_SECRET%

          Sample success response:

          LTA****
moiEs****

        Use Windows PowerShell

        1. Press Win+X.

        2. Specify the AccessKey pair of the RAM user.

          Valid for the current session

          1. In the message that appears, select Windows PowerShell.

          2. Specify the following environment variables for the current session: 

            $env:ALIBABA_CLOUD_ACCESS_KEY_ID = "LTA****"
$env:ALIBABA_CLOUD_ACCESS_KEY_SECRET = "moiEs****"
          Valid for all new sessions

          1. In the message that appears, select Windows PowerShell.

          2. Specify the following environment variables for all new sessions: 

            [System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_ID', 'LTA****', [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_SECRET', 'moiEs****', [System.EnvironmentVariableTarget]::User)
          Valid for all users

          1. In the message that appears, select Windows PowerShell (Administrator).

          2. Specify the following environment variables for all users: 

            [System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_ID', 'LTA****', [System.EnvironmentVariableTarget]::Machine)
[System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_SECRET', 'moiEs****', [System.EnvironmentVariableTarget]::Machine)

        3. Run the following command to verify the configurations of the environment variables: 

          Get-ChildItem env:ALIBABA_CLOUD_ACCESS_KEY_ID
Get-ChildItem env:ALIBABA_CLOUD_ACCESS_KEY_SECRET

          Sample success response:

          LTA****
moiEs****

      2. Obtain the AccessKey pair of the RAM user from the environment variables. 

        // Obtain the access credentials from the environment variables. 
accid = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
acckey = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")

      Embed access credentials in code

      Warning

      Security issues may occur if you embed access credentials in code. Leaked access credentials can be used by attackers to access your resources, which causes data breaches. To ensure security, we recommend that you use more secure methods, such as obtaining access credentials from environment variables. 

      accid,acckey,endpoint,token = MNSSampleCommon.LoadConfig() 
my_account = Account(endpoint, accid, acckey, token)

    Configure temporary access credentials

    If you want to temporarily access SMQ, you can use Security Token Service (STS) to configure a temporary access credential provided by STS. When you use the temporary access credential, you do not need to disclose the AccessKey pair of your RAM user. This ensures secure access to SMQ.

    1. Create a RAM user.

      For more information, see Create a RAM user.

    2. Attach the AliyunSTSAssumeRoleAccess policy to the RAM user.

      For more information, see Grant permissions to a RAM user.

    3. Use the RAM user to call the AssumeRole operation of STS to obtain temporary access credentials.

      For more information, see AssumeRole.

    4. Configure the temporary access credentials obtained from STS.

      Configure environment variables

      1. Use the temporary access credentials obtained from STS to configure environment variables.

        macOS

        1. Open the terminal.

        2. Run the following command: 

          nano ~/.bash_profile

        3. Add the temporary access credentials, including AccessKey ID, AccessKey Secret, and security token, that are obtained from STS to the end of the file. 

          export MNS_ACCESS_KEY_ID=LTA****
export MNS_ACCESS_KEY_SECRET=moiEs****
export MNS_SESSION_TOKEN=CAES****

        4. Press Ctrl+X, press Y to save the file, and then press Enter to close the file.

        5. Run the following command to make the changes take effect: 

          source ~/.bash_profile

        6. Run the following command to verify the configurations of the environment variables: 

          echo $MNS_ACCESS_KEY_ID
echo $MNS_ACCESS_KEY_SECRET
echo $MNS_SESSION_TOKEN

          Sample success response:

          LTA****
moiEs**** 
CAES****

        Linux

        1. Open the terminal.

        2. Run the following command: 

          sudo vim /etc/profile

        3. Add the temporary access credentials, including AccessKey ID, AccessKey Secret, and security token, that are obtained from STS to the end of the file. 

          export MNS_ACCESS_KEY_ID=LTA****
export MNS_ACCESS_KEY_SECRET=moiEs****
export MNS_SESSION_TOKEN=CAES****

        4. Press Esc to exit the edit mode. Then, enter :wq and press Enter to save and close the file.

        5. Run the following command to make the changes take effect: 

          source /etc/profile

        6. Run the following command to verify the configurations of the environment variables: 

          echo $MNS_ACCESS_KEY_ID
echo $MNS_ACCESS_KEY_SECRET
echo $MNS_SESSION_TOKEN

          Sample success response:

          LTA****
moiEs**** 
CAES****

        Windows

        Use the GUI

        In this example, Windows 10 is used. You can perform the following steps to configure STS temporary access credentials by using environment variables on the GUI:

        1. On the Windows desktop, right-click This PC and select Properties. On the page that appears, click Advanced system settings. In the System Properties dialog box, click Environment Variables on the Advanced tab. In the Environment Variables dialog box, click New in the User variables or System variables section.

        2. Configure the environment variables. The following table describes the environment variables.

          Variable

          Example

          MNS_ACCESS_KEY_ID

          LTA****

          MNS_ACCESS_KEY_SECRET

          moiEs****

          MNS_SESSION_TOKEN

          CAES****

        3. Run the following command to verify the configurations of the environment variables: 

          echo %MNS_ACCESS_KEY_ID%
echo %MNS_ACCESS_KEY_SECRET%
echo %MNS_SESSION_TOKEN%

          Sample success response:

          LTA****
moiEs**** 
CAES****

        Use CMD

        1. Open the CLI.

        2. Run the following command to configure environment variables by using the temporary access credentials, including AccessKey ID, AccessKey secret, and security token: 

          set MNS_ACCESS_KEY_ID=LTA****
set MNS_ACCESS_KEY_SECRET=moiEs**** 
set MNS_SESSION_TOKEN=CAES****

        3. Run the following command to make the changes take effect: 

          setx MNS_ACCESS_KEY_ID "%MNS_ACCESS_KEY_ID%"
setx MNS_ACCESS_KEY_SECRET "%MNS_ACCESS_KEY_SECRET%"
setx MNS_SESSION_TOKEN "%MNS_SESSION_TOKEN%"

        4. Run the following command to verify the configurations of the environment variables: 

          echo %MNS_ACCESS_KEY_ID%
echo %MNS_ACCESS_KEY_SECRET%
echo %MNS_SESSION_TOKEN%

          Sample success response:

          LTA****
moiEs**** 
CAES****

        Use Windows PowerShell

        1. Press Win+X.

        2. Specify STS temporary access credentials.

          Valid for the current session

          1. In the message that appears, select Windows PowerShell.

          2. Specify the following environment variables for the current session: 

            $env:MNS_ACCESS_KEY_ID = "LTA****"
$env:MNS_ACCESS_KEY_SECRET = "moiEs****"
$env:MNS_SESSION_TOKEN = "CAE****"
          Valid for all new sessions

          1. In the message that appears, select Windows PowerShell.

          2. Specify the following environment variables for all new sessions: 

            [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_ID', 'LTA****', [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_SECRET', 'moiEs****', [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('MNS_SESSION_TOKEN', 'CAES****', [System.EnvironmentVariableTarget]::User)
          Valid for all users

          1. In the message that appears, select Windows PowerShell (Administrator).

          2. Specify the following environment variables for all users: 

            [System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_ID', 'LTA****', [System.EnvironmentVariableTarget]::Machine)
[System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_SECRET', 'moiEs****', [System.EnvironmentVariableTarget]::Machine)
[System.Environment]::SetEnvironmentVariable('MNS_SESSION_TOKEN', 'CAES****', [System.EnvironmentVariableTarget]::Machine)

        3. Run the following command to verify the configurations of the environment variables: 

          Get-ChildItem env:MNS_ACCESS_KEY_ID
Get-ChildItem env:MNS_ACCESS_KEY_SECRET
Get-ChildItem env:MNS_SESSION_TOKEN

          Sample success response:

          LTA****
moiEs**** 
CAES****

      2. Obtain the temporary access credentials obtained from STS from the environment variables. 

        accid = os.getenv("MNS_ACCESS_KEY_ID") 
acckey = os.getenv("MNS_ACCESS_KEY_SECRET") 
token = os.getenv("MNS_SESSION_TOKEN") or ""

      Embed access credentials in code

      Warning

      Security issues may occur if you embed access credentials in code. Leaked access credentials can be used by attackers to access your resources, which causes data breaches. To ensure security, we recommend that you use more secure methods, such as obtaining access credentials from environment variables. 

      accid = os.getenv("MNS_ACCESS_KEY_ID") 
acckey = os.getenv("MNS_ACCESS_KEY_SECRET") 
token = os.getenv("MNS_SESSION_TOKEN") or "" 
endpoint = "example.endpoint" 
my_account = Account(endpoint, accid, acckey, token)