Use the configure command of Alibaba Cloud CLI - Alibaba Cloud CLI

Alibaba Cloud CLI can store multiple sets of credential configurations. You can use the aliyun configure and its subcommands to manage the credentials. This topic describes the statements and syntax that are used to manage credentials. This topic also provides some examples.

Create a profile in interactive mode

Run the aliyun configure command to create a profile in interactive mode.

Syntax

aliyun configure [--mode <authenticateMode>] [--profile <profileName>]

authenticateMode: the type of credential that you want to configure. If you do not specify a value, the default credential type AK is used.
profileName: the profile name. If you do not specify this option, the current profile is modified. If the specified profile does not exist, a profile with the specified name is created.

Example

Run the following command to configure the AkProfile profile of the AK credential type in interactive mode:
```
aliyun configure --mode AK --profile AkProfile
```

Interactive process:

Configuring profile 'AkProfile' in 'AK' authenticate mode...
Access Key Id []: <yourAccessKeyID>
Access Key Secret []: <yourAccessKeySecret>
Default Region Id []: cn-hangzhou
Default Output Format [json]: json (Only support json)
Default Language [zh|en] en: en
Saving profile[profile] ...Done.

Create or modify a profile in non-interactive mode

Run the aliyun configure set command to create or modify a profile in non-interactive mode.

Note

After a profile is modified, Alibaba Cloud CLI switches to the modified profile.

Syntax

aliyun configure set [--mode <authenticateMode>] [--profile <profileName>] [--settingName <settingValue>...]

authenticateMode: the type of credential that you want to configure. If you do not specify a value, the default credential type AK is used.
profileName: the profile name. If you do not specify a value or the ALIBABA_CLOUD_PROFILE environment variable, the current profile is modified. If the specified profile does not exist, a profile with the specified name is created.

settingName: the profile options that you want to configure. Configure the required options for the profile. Otherwise, the profile fails to be created. For more information, see Configure credentials.

Available options

Option	Description	Example
--region	The ID of the default region.	cn-hangzhou
--language	The language of the help information.	zh
--read-timeout	The I/O timeout period. Unit: seconds.	10
--connect-timeout	The connection timeout period. Unit: milliseconds.	10
--retry-count	The maximum number of retries.	5
--expired-seconds	The validity period of the credential.	900
--access-key-id	The AccessKey ID of the current Alibaba Cloud account or Resource Access Management (RAM) user.	yourAccessKeyID
--access-key-secret	The AccessKey secret of the Alibaba Cloud account or RAM user.	yourAccessKeySecret
--ram-role-name	The name of the RAM role.	ECSAdmin
--ram-role-arn	The Alibaba Cloud Resource Name (ARN) of the RAM role.	acs:ram::012345678910****:role/Alice
--role-session-name	The name of the role session.	alice
--process-command	The command for running external programs.	acs-sso login --profile sso
--oidc-provider-arn	The ARN of the OpenID Connect (OIDC) provider.	acs:ram::012345678910****:oidc-provider/TestOidcIdp
--oidc-token-file	The file path of the OIDC token.	/path/to/oidctoken
--cloud-sso-sign-in-url	The logon address of the CloudSSO user.	https://signin-******.alibabacloudsso.com/device/login
--cloud-sso-access-config	The profile ID of CloudSSO.	ac-012345678910abcde****
--cloud-sso-account-id	The UID of the Alibaba Cloud account that is used to log on to CloudSSO.	012345678910****

Example 1: Create a file in non-interactive mode

Run the following command to configure the AkProfile profile of the AK credential type in non-interactive mode:

aliyun configure set \
  --access-key-id <yourAccessKeyID> \
  --access-key-secret <yourAccessKeySecret> \
  --region cn-hangzhou \
  --profile AkProfile \
  --mode AK \
  --language en

Run the aliyun configure list command. If you receive the following output, the AkProfile profile is created:

Profile           | Credential            | Valid   | Region           | Language
---------         | ------------------    | ------- | ---------------- | --------
default           | AK:******             | Valid   | cn-beijing       | zh
AkProfile *       | AK:******             | Valid   | cn-hangzhou      | en

Example 2: Modify a profile

Run the aliyun configure get region command. The region ID in the current profile is returned.
Run the following command to replace the region ID in the profile with cn-shanghai:
```
aliyun configure set --region cn-shanghai
```
Run the aliyun configure get region again to check whether the region ID is updated.

Query a list of profiles

Run the aliyun configure list command to query a list of profiles. You can view the summary of all profiles on the list.

Example

Run the following command to query a list of profiles:
```
aliyun configure list
```

The following list of profiles is returned:

The profile list contains the summary of each profile, including the profile name, profile identifier, some credential information, credential validity period, default region ID, and language of the help information. Alibaba Cloud CLI uses an asterisk (*) on the right side of the profile name to identify a profile.

Profile           | Credential            | Valid   | Region           | Language
---------         | ------------------    | ------- | ---------------- | --------
AkProfile *       | AK:******             | Valid   | cn-beijing       | en
StsTokenProfile   | StsToken:******       | Valid   | cn-hangzhou      | en
RamRoleArnProfile | RamRoleArn:******     | Valid   | cn-shanghai      | en
EcsRamRoleProfile | EcsRamRole:ECSAdmin   | Valid   | cn-qingdao       | zh

Query the details about a profile

Run the aliyun configure get command to query the details about a specified profile.

Syntax

aliyun configure get [--profile <profileName>] [settingName...]

profileName: the profile name. If you do not specify a value or the ALIBABA_CLOUD_PROFILE environment variable, the details about the current profile are queried. If the specified profile does not exist, the profile <ProfileName> not found! message is returned.

settingName: the options that you want to query. You can specify one or more options. If no options are specified, all options are queried. If the specified option does not exist, no information is returned.

Available options

Option	Description	Associated profile field
profile	The profile name.	name
mode	The credential type.	mode
region	The ID of the default region.	region_id
language	The language of the help information.	language
access-key-id	The AccessKey ID of the current Alibaba Cloud account or RAM user.	access_key_id
access-key-secret	The AccessKey secret of the Alibaba Cloud account or RAM user.	access_key_secret
sts-token	The Security Token Service (STS) token of the RAM user or role.	sts_token
sts-region	The ID of the region in which the RAM user or role obtains the STS token.	sts_region
ram-role-name	The name of the RAM role.	ram_role_name
ram-role-arn	The ARN of the RAM role.	ram_role_arn
external-id	The external ID of the RAM role.	abcd1234
role-session-name	The name of the role session.	ram_session_name
cloud-sso-sign-in-url	The logon address of the CloudSSO user.	https://signin-******.alibabacloudsso.com/device/login
cloud-sso-access-config	The profile ID of CloudSSO.	ac-012345678910abcde****
cloud-sso-account-id	The UID of the Alibaba Cloud account that is used to log on to CloudSSO.	012345678910****

Example 1: View all configuration options of a profile

Run the following command to query all configuration options of the AkProfile profile of the AK type:
```
aliyun configure get --profile AkProfile
```

Sample response:

{
        "name": "AkProfile",
        "mode": "AK",
        "access_key_id": "<yourAccessKeyID>",
        "access_key_secret": "<yourAccessKeySecret>",
        "region_id": "cn-hangzhou",
        "output_format": "json",
        "language": "en"
}

Example 2: Query specified configuration options of a profile

Run the following command to query the profile name, credential type, and default language of the ExternalProfile whose credential type is External:
```
aliyun configure get profile mode language --profile ExternalProfile
```

The details are returned in the key=value format.

profile=ExternalProfile
mode=External
language=en

Switch to a specific profile

Run the aliyun configure switch command to switch from the current profile to a specific profile. The earliest version that supports this command is v3.0.216.

Syntax

aliyun configure switch --profile <profileName>

profileName: the profile name. This parameter is required. If you do not specify a value for the parameter or the profile does not exist, this command fails.

Example

Run the aliyun configure list command to query a list of profiles. The list shows that the current profile is default. Alibaba Cloud CLI uses an asterisk (*) on the right side of the profile name to identify a profile.

Profile           | Credential            | Valid   | Region           | Language
---------         | ------------------    | ------- | ---------------- | --------
default *         | AK:******             | Valid   | cn-hangzhou      | en
ExampleProfile    | AK:******             | Valid   | cn-beijing       | zh

Run the following command to switch to the ExampleProfile profile. If you receive the The default profile is `ExampleProfile` now message, the command succeeds.
```
aliyun configure switch --profile exampleProfile
```

Run the aliyun configure list command again to check whether you are switched to the specified profile.

Profile           | Credential            | Valid   | Region           | Language
---------         | ------------------    | ------- | ---------------- | --------
default           | AK:******             | Valid   | cn-hangzhou      | en
ExampleProfile *  | AK:******             | Valid   | cn-beijing       | zh

Delete a profile

Run the aliyun configure delete command to delete a specific profile.

Syntax

aliyun configure delete --profile <profileName>

profileName: the profile that you want to delete. This parameter is required. If you do not specify a value for the parameter or the profile does not exist, the command fails.
If you delete the current profile, you are automatically switched to the profile on the top of the list. For more information, see the following example.
We recommend that you retain at least one profile. If you delete all profiles, Alibaba Cloud CLI cannot work expected. In this case, you must manually delete the config.json file to solve the issue. This file is in the .aliyun folder in your personal user directory.

Example

Run the aliyun configure list command to query a list of profiles.

Profile           | Credential            | Valid   | Region           | Language
---------         | ------------------    | ------- | ---------------- | --------
default           | AK:******             | Valid   | cn-hangzhou      | en
AkProfile         | AK:******             | Valid   | cn-hangzhou      | en
ExampleProfile *  | AK:******             | Valid   | cn-hangzhou      | en

Run the following command to delete the ExampleProfile file:
```
aliyun configure delete --profile ExampleProfile
```

Run the aliyun configure list command again to check whether the ExampleProfile profile is deleted. If yes, you are switched to the default profile.

Profile           | Credential            | Valid   | Region           | Language
---------         | ------------------    | ------- | ---------------- | --------
default *         | AK:******             | Valid   | cn-hangzhou      | en
AkProfile         | AK:******             | Valid   | cn-hangzhou      | en