All Products
Search

This Product

    Tablestore:Initialize a Tunnel client

    Document Center

    Tablestore:Initialize a Tunnel client

    Last Updated:Sep 04, 2024

    A tunnel client, which is a client for Tunnel Service, provides a variety of methods for callers to perform operations on tunnels and consume data. To use Tunnel Service to consume data in a table, you must initialize a Tunnel client.

    Preparations

    Before you initialize a Tunnel client, you must configure the AccessKey pair of your Alibaba Cloud account or a RAM user, obtain the endpoint of the region in which the Tablestore instance that you want to access resides, and install Tablestore SDK for Go.

    Configure an AccessKey pair

    To access Tablestore, you must have a valid AccessKey pair to verify your identity. The following table describes three methods that you can use to obtain an AccessKey pair. To ensure the security of your AccessKey pair, we recommend that you configure the AccessKey pair in the environment variables of your operating system.

    1. Obtain an AccessKey pair.

      Important

      To prevent security risks caused by the leak of the AccessKey pair of your Alibaba Cloud account, we recommend that you create a RAM user that has the permissions to access Tablestore and use the AccessKey pair of the RAM user to access Tablestore.

      Method

      Procedure

      AccessKey pair of an Alibaba Cloud account

      1. Create an Alibaba Cloud account on the Alibaba Cloud official website.

      2. Create an AccessKey pair that consists of an AccessKey ID and an AccessKey secret. For more information, see Create an AccessKey pair.

      AccessKey pair of a RAM user that has the permissions to access Tablestore

      1. Log on to the RAM console with an Alibaba Cloud account. Then, create a RAM user or find an existing RAM user.

      2. Use the Alibaba Cloud account to grant access permissions on Tablestore to the RAM user. For more information, see Use a RAM policy to grant permissions to a RAM user.

      3. Use the AccessKey pair of the RAM user to access Tablestore. For more information, see Create an AccessKey pair.

      Temporary access credentials that are obtained from Security Token Service (STS)

      1. Obtain temporary access credentials from the application server. The temporary access credentials consist of a temporary AccessKey ID, a temporary AccessKey secret, and a security token. The application server accesses RAM or STS to obtain the temporary access credentials and returns the temporary access credentials to you.

      2. Use the temporary access credentials to access Tablestore.

    2. Run the following command to configure environment variables:

      Tablestore uses the OTS_AK_ENV and OTS_SK_ENV environment variables to store an AccessKey pair. The OTS_AK_ENV environment variable stores the AccessKey ID of an Alibaba Cloud account or a RAM user. The OTS_SK_ENV environment variable stores the AccessKey secret of an Alibaba Cloud account or a RAM user. Configure the environment variables based on the AccessKey pair that you want to use.

      Important

      After you configure the environment variables, you may need to restart the relevant services or development tools such as Integrated Development Environment (IDE) to ensure that the new settings are applied as expected.

      Configure environment variables in Windows

      You can configure environment variables by using the GUI, Command Prompt, or Windows PowerShell. For more information, see Configure environment variables in Linux, macOS, and Windows.

      Use the GUI

      In the System Variable section of the Environment Variable dialog box, add the OTS_AK_ENV and OTS_SK_ENV environment variables, and set the OTS_AK_ENV environment variable to the AccessKey ID and the OTS_SK_ENV environment variable to the AccessKey secret that you obtained. Then, save the configurations.

      Use the Command Prompt

      Open a Command Prompt window as an administrator and run the following commands to add environment variables in the operating system: In the preceding commands, /M specifies system variables. 

      setx OTS_AK_ENV LT******************** /M
setx OTS_SK_ENV Ir**************************** /M

      After you configure the environment variables, run the echo %OTS_AK_ENV% and echo %OTS_SK_ENV% commands to check whether the environment variables take effect. If the correct AccessKey pair is returned, the environment variables take effect.

      Use Windows PowerShell

      1. Start Windows PowerShell as an administrator.

      2. Run the following commands in PowerShell to configure environment variables: 

        [System.Environment]::SetEnvironmentVariable('OTS_AK_ENV', 'LT********************', [System.EnvironmentVariableTarget]::Machine)
[System.Environment]::SetEnvironmentVariable('OTS_SK_ENV', 'Ir****************************', [System.EnvironmentVariableTarget]::Machine)

      3. Restart PowerShell and run the following commands in PowerShell to check whether the environment variables take effect:

        If the correct AccessKey pair is returned, the environment variables take effect. 

        Get-ChildItem env:OTS_AK_ENV
Get-ChildItem env:OTS_SK_ENV

      Configure environment variables in Linux and macOS

      Note

      The first time you configure environment variables, you can use the touch ~/.bash_profile command to create a configuration file. If a configuration file already exists, you can use the vim ~/.bash_profile command to edit the file.

      1. Create a file named .bash_profile. 

        touch ~/.bash_profile
vim ~/.bash_profile

      2. Configure environment variables in the .bash_profile file. Then, save the settings and exit the configuration file. 

        # In the following command, replace <ACCESS_KEY_ID> with the AccessKey ID you obtained and <ACCESS_KEY_SECRET> with the AccessKey secret you obtained. 
export OTS_AK_ENV=<ACCESS_KEY_ID>
export OTS_SK_ENV=<ACCESS_KEY_SECRET>

      3. Make the configurations in the .bash_profile configuration file take effect and check whether the configurations take effect. 

        # Make the configurations in the configuration file take effect.
source ~/.bash_profile
# Check whether the configurations take effect.
echo $ALIBABA_CLOUD_ACCESS_KEY_ID

        If the correct AccessKey ID is returned, the configurations take effect.

    Obtain the endpoint of a Tablestore instance

    After you create a Tablestore instance, you must obtain an endpoint of the instance. This way, you can use the endpoint to access the instance.

    An endpoint is a domain name that is used to access a Tablestore instance in a region. For example, https://sun.cn-hangzhou.ots.aliyuncs.com is the public endpoint that is used to access the instance named sun in the China (Hangzhou) region over HTTPS. For more information, see Endpoints.

    1. If the Tablestore service is not activated, activate the service. For more information, see Step 1: Activate Tablestore.

    2. Create a Tablestore instance. For more information, see Step 2: Create an instance.

    3. Obtain an endpoint of the created instance.

      1. Log on to the Tablestore console.

      2. On the Overview page, find the instance that you created and click the name of the instance.

      3. On the Instance Details tab, view the endpoints of the instance in the Instance Access URL section.

        fig_endpoint

    Install Tablestore SDK for Go

    For more information, see Installation.

    Initialize a Tunnel client

    Initialize a Tunnel client by using a method that best suits your business requirements.

    • Use the AccessKey pair of your Alibaba Cloud account or a RAM user to initialize a Tunnel client

      Important

      • The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in Tablestore is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console.

      • If the AccessKey pair of an Alibaba Cloud account is leaked, the resources that belong to the account are exposed to potential risks. To ensure account security, we recommend that you create an AccessKey pair for a RAM user instead of an AccessKey pair for an Alibaba Cloud account. For more information, see Create an AccessKey pair for a RAM user.

      The following sample code provides an example on how to use the AccessKey ID and AccessKey secret that you obtained to initialize a Tunnel client: 

      // Specify the endpoint of the region in which the Tablestore instance that you want to access resides. Example: https://instance.cn-hangzhou.ots.aliyun.com. 
// Specify the name of the Tablestore instance. 
// Specify the AccessKey ID and AccessKey secret of your Alibaba Cloud account or a RAM user. 
accessKeyId := os.Getenv("OTS_AK_ENV")
accessKeySecret := os.Getenv("OTS_SK_ENV")
tunnelClient := tunnel.NewTunnelClient(endpoint, instance, accessKeyId, accessKeySecret)

    • Use the temporary access credentials that you obtained from STS to initialize a Tunnel client

      If you want to authorize temporary access, you can use this method to initialize a Tunnel client.

      Note

      For information about how to grant temporary access permissions to a RAM user, see Use a RAM policy to grant permissions to a RAM user.

      A Tunnel client provides the NewTunnelClientWithToken operation that you can call to initialize a Tunnel client based on temporary access credentials.