全部產品
Search
文件中心

Alibaba Cloud SDK:管理訪問憑據

更新時間:Jul 01, 2024

本文為您介紹如何配置訪問憑據,以確保安全有效地使用SDK進行開發。

使用AccessKey

import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

# 初始化Client
client = AcsClient(
    os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # 從環境變數中擷取RAM帳號的AccessKey ID
    os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # 從環境變數中擷取RAM帳號Access Key Secret
    '<region_id>'  # 地區ID
)

# 建立API請求並設定參數
request = DescribeRegionsRequest()

# 發送請求
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

STS憑證

通過Security Token Service(Security Token Service,簡稱STS),申請臨時安全憑證(Temporary Security Credentials,簡稱TSC),建立臨時安全用戶端。

import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import StsTokenCredential
from aliyunsdkecs.request.v20140526.AcceptInquiredSystemEventRequest import AcceptInquiredSystemEventRequest

cred = StsTokenCredential(
    sts_access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # 從環境變數中擷取STS Access Key Secret
    sts_access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # 從環境變數中擷取STS Access Key Secret
    sts_token=os.environ.get('ALIBABA_CLOUD_SECURITY_TOKEN')  # 從環境變數中擷取STS Access Key Secret Token
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = AcceptInquiredSystemEventRequest()
request.set_accept_format('json')
response = client.do_action_with_exception(request)

print(str(response, encoding='utf-8'))

RamRole憑證

通過指定RAM角色,讓用戶端在發起請求前自動申請維護STS Token,自動轉變為一個具有時限性的STS用戶端。您也可以自行申請維護STS Token,再建立STS用戶端。

import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import RamRoleArnCredential
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

cred = RamRoleArnCredential(
    sts_access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # 從環境變數中擷取RAM帳號的AccessKey ID
    sts_access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # 從環境變數中擷取RAM帳號Access Key Secret
    role_arn='<ram_role_arn>',
    session_role_name='<session_role_name>'
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = DescribeRegionsRequest()
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

EcsRamRole憑證

執行個體化Esc Ram角色憑據時,該程式將攜帶指定的角色名稱並請求http://100.100.100.200/latest/meta-data/ram/security-credentials/ 以獲得臨時安全憑據。

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import EcsRamRoleCredential
from aliyunsdkecs.request.v20140526.AcceptInquiredSystemEventRequest import AcceptInquiredSystemEventRequest

cred = EcsRamRoleCredential(
    role_name='<ram_role_name>'
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = AcceptInquiredSystemEventRequest()
request.set_accept_format('json')
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

預設憑據

在環境變數中尋找環境憑證,如果定義了ALIYUN_ACCESS_KEY_IDALIYUN_ACCESS_KEY_SECRET環境變數且不為空白,程式將使用它們建立預設憑證。

from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

# 初始化Client
client = AcsClient(
    region_id='<region_id>'  # 地區ID
)

# 建立API請求並設定參數
request = DescribeRegionsRequest()

# 發送請求
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))