To access Simple Log Service using the Java SDK, you need to configure the access credentials. Alibaba Cloud services use the access credentials to verify your identity information and access permissions. You can select different types of access credentials based on your authentication and authorization requirements.
Access credentials
Access credential types
Credentials refer to a set of information that proves a user's identity. When users log on to the system, they need to provide the correct credentials to authenticate their identity. Commonly used credentials include the following:
Temporary access credentials
The Security Token Service (STS) token is a temporary access credential that Alibaba Cloud offers for Resource Access Management (RAM) roles. It allows you to customize the validity period and access permissions. For more information, see What is STS?
For scenarios that require high security, we recommend that you use temporary access credentials. Temporary access credentials are valid only within a specific period of time, which helps prevent credential leaks. Temporary access credentials support fine-grained access control, reducing the threat of excessive permissions.
Long-term access credentials
An AccessKey pair is a long-term access credential for an Alibaba Cloud account or a RAM user. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. For more information, see Create an AccessKey.
For scenarios that require convenience, long-term access credentials eliminate the need for multiple refreshes. However, long-term access credentials are not the most secure option, thus we recommend using them with caution, or not using them at all.
ImportantIf you use long-term access credentials, we recommend that you rotate them quarterly. For more information, see Rotate AccessKey pairs of RAM users.
If long-term access credentials are leaked or no longer in use, promptly delete or disable them to minimize security risks. For more information, see Delete an AccessKey pair of a RAM user.
Use temporary access credentials
When you need to temporarily use the SDK to access Simple Log Service, you can obtain a temporary access credential by requesting an STS service. This temporary credential does not require you to disclose your RAM user keys.
Assign the RAM user the system policy
AliyunSTSAssumeRoleAccessto assume the RAM role. For more information, see Grant permissions to a RAM role.Authorize the RAM role to access Simple Log Service resources. For more information, see Grant permissions to a RAM role and Custom policies for Simple Log Service.
Call the AssumeRole API using the RAM user to obtain STS temporary credentials, including security token, AccessKey ID, and AccessKey secret.
Initialize the SDK with the temporary credentials to access Simple Log Service. For more information, see Call examples of STS SDK for Python.
Use long-term access credentials
For applications in secure environments with long-term Simple Log Service access needs, the AccessKey pair (AccessKey ID and AccessKey secret) of a RAM user is suitable. For more information, see Create an AccessKey.
We recommend that you use the AccessKey pair of a RAM user with minimal privileges instead of your Alibaba Cloud account. The Alibaba Cloud account has all the resource permissions, and leaking its AccessKey pair poses a substantial system risk.
Do not store the AccessKey ID and AccessKey secret in your code, because this can lead to leaks and pose security risks to your Alibaba Cloud resources.
Grant the RAM user access to Simple Log Service resources. For more information, see Grant permissions to a RAM user and Custom policies for Simple Log Service.
Configure environment variables in Linux, macOS, and Windows.