All Products
Search

This Product

    Alibaba Cloud SDK:Manage access credentials

    Document Center

    Alibaba Cloud SDK:Manage access credentials

    Last Updated:Jul 02, 2024

    This topic describes how to configure access credentials to ensure that you can use SDKs for development in a secure and efficient manner.

    Use an AccessKey pair

    import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

# Initialize an SDK client.
client = AcsClient(
    os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # Obtain the AccessKey ID of the Resource Access Management (RAM) user from environment variables.
    os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # Obtain the AccessKey secret of the RAM user from environment variables.
    '<region_id>'  # The region ID.
)

# Create an API request and configure parameters.
request = DescribeRegionsRequest()

# Send the request.
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

    Use an STS token

    To ensure the security of your business, you can apply for temporary security credentials (TSC) from Security Token Service (STS) to create a temporary client. 

    import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import StsTokenCredential
from aliyunsdkecs.request.v20140526.AcceptInquiredSystemEventRequest import AcceptInquiredSystemEventRequest

cred = StsTokenCredential(
    sts_access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # Obtain the AccessKey ID provided by STS from environment variables.
    sts_access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # Obtain the AccessKey secret provided by STS from environment variables.
    sts_token=os.environ.get('ALIBABA_CLOUD_SECURITY_TOKEN')  # Obtain the STS token provided by STS from environment variables.
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = AcceptInquiredSystemEventRequest()
request.set_accept_format('json')
response = client.do_action_with_exception(request)

print(str(response, encoding='utf-8'))

    Use a RAM role

    You can assign a RAM role to a client. Then, the client can automatically apply for and maintain STS tokens before the client initiates an API request. This way, the client becomes an STS client that has a validity period. You can also manually apply for STS tokens and create an STS client. 

    import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import RamRoleArnCredential
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

cred = RamRoleArnCredential(
    sts_access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # Obtain the AccessKey ID of the RAM user from environment variables.
    sts_access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # Obtain the AccessKey secret of the RAM user from environment variables.
    role_arn='<ram_role_arn>',
    session_role_name='<session_role_name>'
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = DescribeRegionsRequest()
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

    Use the RAM role of an ECS instance

    You can assign a RAM role that is attached to an Elastic Compute Service (ECS) instance to a client. Then, the client applies for an STS token from http://100.100.100.200/latest/meta-data/ram/security-credentials/. 

    from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import EcsRamRoleCredential
from aliyunsdkecs.request.v20140526.AcceptInquiredSystemEventRequest import AcceptInquiredSystemEventRequest

cred = EcsRamRoleCredential(
    role_name='<ram_role_name>'
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = AcceptInquiredSystemEventRequest()
request.set_accept_format('json')
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

    Use the default credential

    The SDK client searches for credentials in environment variables. If the ALIYUN_ACCESS_KEY_ID and ALIYUN_ACCESS_KEY_SECRET variables are defined and specified, the specified AccessKey pair is used as the default credential. 

    from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

# Initialize an SDK client.
client = AcsClient(
    =region_id='<region_id>'  # The region ID.
)

# Create an API request and configure parameters.
request = DescribeRegionsRequest()

# Send the request.
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))