All Products
Search
Document Center

Elastic Compute Service:Add accounts to Alibaba Cloud Client

Last Updated:Sep 19, 2023

When you use Alibaba Cloud Client to access your Alibaba Cloud resources, you must add your account information to Alibaba Cloud Client.

Prerequisites

Alibaba Cloud Client is downloaded and installed. For information about how to download Alibaba Cloud Client for different operating system versions, see Download methods.

Background information

  • You can add one or more Alibaba Cloud accounts to Alibaba Cloud Client and switch between the accounts based on your business requirements.

  • If you have specified account information in Alibaba Cloud CLI, Alibaba Cloud Client imports the account information from Alibaba Cloud CLI. For more information, see What is Alibaba Cloud CLI?

Procedure

  1. In the upper-left corner of the Alibaba Cloud Client homepage, choose 首页 > Profile Manage.

  2. In the account list on the Profiles page, click the 加号 icon to add an Alibaba Cloud account.

  3. Enter a name for the Alibaba Cloud account to help you identify it.

  4. Configure Mode to specify the account management mode.

    The valid values of Mode are described in the following table. The parameters that you must specify vary based on the selected value. You cannot use a username and a password to log on to Alibaba Cloud Client. In most cases, Mode is set to AccessKey. The following table describes the valid values of Mode.

    Valid value

    Description

    Parameter

    AccessKey

    You can use Alibaba Cloud accounts or Resource Access Management (RAM) users to log on to Alibaba Cloud Client.

    An AccessKey pair consists of an AccessKey ID and an AccessKey secret.

    • The AccessKey ID is used to verify the identity of a user.

    • The AccessKey secret is used to verify the key of a user. You must keep your AccessKey secret confidential.

    For more information, see What is an AccessKey pair?

    You must configure the AccessKeyId, AccessSecret, and Default Region parameters.

    • AccessKeyId: Enter your AccessKey ID.

    • AccessSecret: Enter your AccessKey secret.

    • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

    • Resource Group: optional. Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

    For more information about how to obtain an AccessKey pair, see Obtain an AccessKey pair.

    StsToken

    You can use Security Token Service (STS) tokens to log on to Alibaba Cloud Client. For more information, see What is STS?

    You must configure the AccessKeyId, AccessSecret, STS Token, and Default Region parameters.

    • AccessKeyId: Enter your AccessKey ID.

    • AccessSecret: Enter your AccessKey secret.

    • STS Token: Enter an STS token. STS tokens are temporary identity credentials. You can call the AssumeRole operation to obtain an STS token to assume a RAM role. For more information, see AssumeRole.

    • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

    • Resource Group: optional. Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

    RamRoleArn

    You can use RAM roles to log on to Alibaba Cloud Client. For information about RAM roles, see RAM role overview.

    If you select this mode, the AssumeRole operation is automatically called to obtain an STS token to assume a RAM role.

    You must configure the AccessKeyId, AccessSecret, RamRoleArn, RoleSessionName, and Default Region parameters.

    • AccessKeyId: Enter your AccessKey ID.

    • AccessSecret: Enter your AccessKey secret.

    • RamRoleArn: Enter the Alibaba Cloud Resource Name (ARN) of a RAM role.

    • RoleSessionName: optional. Enter a name for the role session.

      • You can specify the value of this parameter based on your business requirements. In most cases, you can set this parameter to the identity of the user who calls API operations. For example, set this parameter to a username. In ActionTrail logs, you can use the RoleSessionName value to distinguish different users who assume the same RAM role to perform operations. This way, you can perform user-specific auditing.

      • The value must be 2 to 64 characters in length and can contain letters, digits, periods (.), at signs (@), hyphens (-), and underscores (_).

    • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

    • Resource Group: optional. Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

    CredentialsURI

    You can use Alibaba Cloud identity credentials that are obtained from local or remote uniform resource identifiers (URIs) to log on to Alibaba Cloud Client. For more information, see aliyun/aliyun-cli: Alibaba Cloud CLI.

    You must configure the CredentialsURI and Default Region parameters.

    • CredentialsURI: Enter the local or remote URI from which identity credentials are obtained. The URI must respond to HTTPS or HTTP GET requests and return the HTTP status code 200 and responses in the following JSON format:

      {
        "Code": "Success",
        "AccessKeyId": "<ak id>",
        "AccessKeySecret": "<ak secret>",
        "SecurityToken": "<security token>",
        "Expiration" "2006-01-02T15:04:05Z"
      }
    • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

    • Resource Group: optional. Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

    ExternalCommand

    You can use Alibaba Cloud identity credentials that are obtained by running external commands to log on to Alibaba Cloud Client. For more information, see aliyun/aliyun-cli: Alibaba Cloud CLI.

    You must configure the ExternalCommand and Default Region parameters.

    • External Command: Enter the external command that you want to run to obtain identity credentials. The command must return an output in the following JSON format:

      {
        "Code": "Success",
        "AccessKeyId": "<ak id>",
        "AccessKeySecret": "<ak secret>",
        "SecurityToken": "<security token>",
        "Expiration" "2006-01-02T15:04:05Z"
      }
    • Default Region: Select a region. After you log on to Alibaba Cloud Client, the resources in the selected region are displayed.

    • Resource Group: optional. Select a resource group. If you select a resource group, only resources in the resource group are displayed. If you do not select a resource group, all resources in the account are displayed.

  5. Click Test to verify whether the account information that you specified is valid.

  6. After the account information is verified, click Save to save the account information.