本文为您介绍如何配置访问凭据,以确保安全有效地使用SDK进行开发。
使用AccessKey
import os
from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest
# 初始化Client
client = AcsClient(
os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'), # 从环境变量中获取RAM账号的AccessKey ID
os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'), # 从环境变量中获取RAM账号Access Key Secret
'<region_id>' # 地域ID
)
# 创建API请求并设置参数
request = DescribeRegionsRequest()
# 发送请求
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))
STS凭证
通过安全令牌服务(Security Token Service,简称STS),申请临时安全凭证(Temporary Security Credentials,简称TSC),创建临时安全客户端。
import os
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import StsTokenCredential
from aliyunsdkecs.request.v20140526.AcceptInquiredSystemEventRequest import AcceptInquiredSystemEventRequest
cred = StsTokenCredential(
sts_access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'), # 从环境变量中获取STS Access Key Secret
sts_access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'), # 从环境变量中获取STS Access Key Secret
sts_token=os.environ.get('ALIBABA_CLOUD_SECURITY_TOKEN') # 从环境变量中获取STS Access Key Secret Token
)
client = AcsClient(
region_id='<region_id>',
credential=cred
)
request = AcceptInquiredSystemEventRequest()
request.set_accept_format('json')
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))
RamRole凭证
通过指定RAM角色,让客户端在发起请求前自动申请维护STS Token,自动转变为一个具有时限性的STS客户端。您也可以自行申请维护STS Token,再创建STS客户端。
import os
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import RamRoleArnCredential
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest
cred = RamRoleArnCredential(
sts_access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'), # 从环境变量中获取RAM账号的AccessKey ID
sts_access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'), # 从环境变量中获取RAM账号Access Key Secret
role_arn='<ram_role_arn>',
session_role_name='<session_role_name>'
)
client = AcsClient(
region_id='<region_id>',
credential=cred
)
request = DescribeRegionsRequest()
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))
EcsRamRole凭证
实例化Esc Ram角色凭据时,该程序将携带指定的角色名称并请求http://100.100.100.200/latest/meta-data/ram/security-credentials/ 以获得临时安全凭据。
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import EcsRamRoleCredential
from aliyunsdkecs.request.v20140526.AcceptInquiredSystemEventRequest import AcceptInquiredSystemEventRequest
cred = EcsRamRoleCredential(
role_name='<ram_role_name>'
)
client = AcsClient(
region_id='<region_id>',
credential=cred
)
request = AcceptInquiredSystemEventRequest()
request.set_accept_format('json')
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))
默认凭据
在环境变量中查找环境凭证,如果定义了ALIYUN_ACCESS_KEY_ID和ALIYUN_ACCESS_KEY_SECRET环境变量且不为空,程序将使用它们创建默认凭证。
from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest
# 初始化Client
client = AcsClient(
region_id='<region_id>' # 地域ID
)
# 创建API请求并设置参数
request = DescribeRegionsRequest()
# 发送请求
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))