文档

管理访问凭据

更新时间:
一键部署

本文为您介绍如何配置访问凭据,以确保安全有效地使用SDK进行开发。

使用AccessKey

import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

# 初始化Client
client = AcsClient(
    os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # 从环境变量中获取RAM账号的AccessKey ID
    os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # 从环境变量中获取RAM账号Access Key Secret
    '<region_id>'  # 地域ID
)

# 创建API请求并设置参数
request = DescribeRegionsRequest()

# 发送请求
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

STS凭证

通过安全令牌服务(Security Token Service,简称STS),申请临时安全凭证(Temporary Security Credentials,简称TSC),创建临时安全客户端。

import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import StsTokenCredential
from aliyunsdkecs.request.v20140526.AcceptInquiredSystemEventRequest import AcceptInquiredSystemEventRequest

cred = StsTokenCredential(
    sts_access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # 从环境变量中获取STS Access Key Secret
    sts_access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # 从环境变量中获取STS Access Key Secret
    sts_token=os.environ.get('ALIBABA_CLOUD_SECURITY_TOKEN')  # 从环境变量中获取STS Access Key Secret Token
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = AcceptInquiredSystemEventRequest()
request.set_accept_format('json')
response = client.do_action_with_exception(request)

print(str(response, encoding='utf-8'))

RamRole凭证

通过指定RAM角色,让客户端在发起请求前自动申请维护STS Token,自动转变为一个具有时限性的STS客户端。您也可以自行申请维护STS Token,再创建STS客户端。

import os

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import RamRoleArnCredential
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

cred = RamRoleArnCredential(
    sts_access_key_id=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_ID'),  # 从环境变量中获取RAM账号的AccessKey ID
    sts_access_key_secret=os.environ.get('ALIBABA_CLOUD_ACCESS_KEY_SECRET'),  # 从环境变量中获取RAM账号Access Key Secret
    role_arn='<ram_role_arn>',
    session_role_name='<session_role_name>'
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = DescribeRegionsRequest()
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

EcsRamRole凭证

实例化Esc Ram角色凭据时,该程序将携带指定的角色名称并请求http://100.100.100.200/latest/meta-data/ram/security-credentials/ 以获得临时安全凭据。

from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.auth.credentials import EcsRamRoleCredential
from aliyunsdkecs.request.v20140526.AcceptInquiredSystemEventRequest import AcceptInquiredSystemEventRequest

cred = EcsRamRoleCredential(
    role_name='<ram_role_name>'
)

client = AcsClient(
    region_id='<region_id>',
    credential=cred
)

request = AcceptInquiredSystemEventRequest()
request.set_accept_format('json')
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))

默认凭据

在环境变量中查找环境凭证,如果定义了ALIYUN_ACCESS_KEY_IDALIYUN_ACCESS_KEY_SECRET环境变量且不为空,程序将使用它们创建默认凭证。

from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeRegionsRequest import DescribeRegionsRequest

# 初始化Client
client = AcsClient(
    region_id='<region_id>'  # 地域ID
)

# 创建API请求并设置参数
request = DescribeRegionsRequest()

# 发送请求
response = client.do_action_with_exception(request)
print(str(response, encoding='utf-8'))