Simple Message Queue (formerly MNS) SDK for Python requires a service endpoint and access credentials to send requests. This topic explains how to configure both, with temporary and long-term credential options.
Prerequisites
Before you begin, make sure that you have:
The latest version of SMQ SDK for Python, downloaded and decompressed
An Alibaba Cloud account with the required permissions
A Resource Access Management (RAM) user with an AccessKey pair
Configure the endpoint
In the decompressed SDK package, go to the
aliyun-mns-python-sdksubdirectory.Open the
sample.cfgfile and set the endpoint value.
To find your endpoint, go to the Queue Details or Topic Details page in the SMQ console, and locate the Endpoint section.
Endpoints vary by region. Use the endpoint that matches the region where your queue or topic is deployed.
Configure access credentials
SMQ SDK for Python supports two credential types:
| Credential type | Use case | Security |
|---|---|---|
| Temporary access credentials (recommended) | Short-lived access with fine-grained permissions | Higher -- credentials expire automatically |
| Long-term access credentials | Persistent service-to-service access | Lower -- requires manual rotation |
Configure temporary access credentials
Temporary credentials issued by Security Token Service (STS) expire automatically and support fine-grained access control, making them the preferred authentication method.
Step 1: Set up STS access
Attach the
AliyunSTSAssumeRoleAccesspolicy to the RAM user.Call the AssumeRole operation to get temporary access credentials. The response includes an AccessKey ID, an AccessKey Secret, and a security token.
Step 2: Set environment variables
Store the temporary credentials as environment variables.
macOS / Linux
# macOS: add to ~/.bash_profile
# Linux: add to /etc/profile (use sudo)
export MNS_ACCESS_KEY_ID=<your-access-key-id>
export MNS_ACCESS_KEY_SECRET=<your-access-key-secret>
export MNS_SESSION_TOKEN=<your-session-token>After saving the file, apply the changes:
# macOS
source ~/.bash_profile
# Linux
source /etc/profileVerify the configuration:
echo $MNS_ACCESS_KEY_ID
echo $MNS_ACCESS_KEY_SECRET
echo $MNS_SESSION_TOKENWindows CMD
set MNS_ACCESS_KEY_ID=<your-access-key-id>
set MNS_ACCESS_KEY_SECRET=<your-access-key-secret>
set MNS_SESSION_TOKEN=<your-session-token>
:: Persist across sessions
setx MNS_ACCESS_KEY_ID "%MNS_ACCESS_KEY_ID%"
setx MNS_ACCESS_KEY_SECRET "%MNS_ACCESS_KEY_SECRET%"
setx MNS_SESSION_TOKEN "%MNS_SESSION_TOKEN%"Verify the configuration:
echo %MNS_ACCESS_KEY_ID%
echo %MNS_ACCESS_KEY_SECRET%
echo %MNS_SESSION_TOKEN%Windows PowerShell
# Current session only
$env:MNS_ACCESS_KEY_ID = "<your-access-key-id>"
$env:MNS_ACCESS_KEY_SECRET = "<your-access-key-secret>"
$env:MNS_SESSION_TOKEN = "<your-session-token>"
# Persist for the current user
[System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_ID', '<your-access-key-id>', [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_SECRET', '<your-access-key-secret>', [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('MNS_SESSION_TOKEN', '<your-session-token>', [System.EnvironmentVariableTarget]::User)
# Persist for all users (requires Administrator)
[System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_ID', '<your-access-key-id>', [System.EnvironmentVariableTarget]::Machine)
[System.Environment]::SetEnvironmentVariable('MNS_ACCESS_KEY_SECRET', '<your-access-key-secret>', [System.EnvironmentVariableTarget]::Machine)
[System.Environment]::SetEnvironmentVariable('MNS_SESSION_TOKEN', '<your-session-token>', [System.EnvironmentVariableTarget]::Machine)Verify the configuration:
Get-ChildItem env:MNS_ACCESS_KEY_ID
Get-ChildItem env:MNS_ACCESS_KEY_SECRET
Get-ChildItem env:MNS_SESSION_TOKENWindows GUI (Windows 10)
Right-click This PC and select Properties.
Click Advanced system settings, then click Environment Variables on the Advanced tab.
Click New under User variables or System variables, and add the following variables:
| Variable | Example |
|---|---|
| MNS_ACCESS_KEY_ID | LTA**** |
| MNS_ACCESS_KEY_SECRET | moiEs**** |
| MNS_SESSION_TOKEN | CAES**** |
Step 3: Load credentials in Python
import os
accid = os.getenv("MNS_ACCESS_KEY_ID")
acckey = os.getenv("MNS_ACCESS_KEY_SECRET")
token = os.getenv("MNS_SESSION_TOKEN") or ""Replace the placeholders in Step 2 with your actual values:
| Placeholder | Description | Example |
|---|---|---|
<your-access-key-id> | AccessKey ID from STS | LTA**** |
<your-access-key-secret> | AccessKey Secret from STS | moiEs**** |
<your-session-token> | Security token from STS | CAES**** |
Configure long-term access credentials
Long-term credentials use the AccessKey pair of a RAM user directly. Choose this option only when temporary credentials are not practical for your use case.
Rotate the AccessKey pair every three months. Disable and delete any AccessKey pair that is no longer in use.
Step 1: Get a RAM user AccessKey pair
Create an AccessKey pair for a RAM user. For more information, see Create an AccessKey pair.
Step 2: Set environment variables
Store the AccessKey pair as environment variables.
macOS / Linux
# macOS: add to ~/.bash_profile
# Linux: add to /etc/profile (use sudo)
export ALIBABA_CLOUD_ACCESS_KEY_ID=<your-access-key-id>
export ALIBABA_CLOUD_ACCESS_KEY_SECRET=<your-access-key-secret>After saving the file, apply the changes:
# macOS
source ~/.bash_profile
# Linux
source /etc/profileVerify the configuration:
echo $ALIBABA_CLOUD_ACCESS_KEY_ID
echo $ALIBABA_CLOUD_ACCESS_KEY_SECRETWindows CMD
set ALIBABA_CLOUD_ACCESS_KEY_ID=<your-access-key-id>
set ALIBABA_CLOUD_ACCESS_KEY_SECRET=<your-access-key-secret>
:: Persist across sessions
setx ALIBABA_CLOUD_ACCESS_KEY_ID "%ALIBABA_CLOUD_ACCESS_KEY_ID%"
setx ALIBABA_CLOUD_ACCESS_KEY_SECRET "%ALIBABA_CLOUD_ACCESS_KEY_SECRET%"Verify the configuration:
echo %ALIBABA_CLOUD_ACCESS_KEY_ID%
echo %ALIBABA_CLOUD_ACCESS_KEY_SECRET%Windows PowerShell
# Current session only
$env:ALIBABA_CLOUD_ACCESS_KEY_ID = "<your-access-key-id>"
$env:ALIBABA_CLOUD_ACCESS_KEY_SECRET = "<your-access-key-secret>"
# Persist for the current user
[System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_ID', '<your-access-key-id>', [System.EnvironmentVariableTarget]::User)
[System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_SECRET', '<your-access-key-secret>', [System.EnvironmentVariableTarget]::User)
# Persist for all users (requires Administrator)
[System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_ID', '<your-access-key-id>', [System.EnvironmentVariableTarget]::Machine)
[System.Environment]::SetEnvironmentVariable('ALIBABA_CLOUD_ACCESS_KEY_SECRET', '<your-access-key-secret>', [System.EnvironmentVariableTarget]::Machine)Verify the configuration:
Get-ChildItem env:ALIBABA_CLOUD_ACCESS_KEY_ID
Get-ChildItem env:ALIBABA_CLOUD_ACCESS_KEY_SECRETWindows GUI (Windows 10)
Right-click This PC and select Properties.
Click Advanced system settings, then click Environment Variables on the Advanced tab.
Click New under User variables or System variables, and add the following variables:
| Variable | Example |
|---|---|
| ALIBABA_CLOUD_ACCESS_KEY_ID | LTA**** |
| ALIBABA_CLOUD_ACCESS_KEY_SECRET | moiEs**** |
Step 3: Load credentials in Python
import os
accid = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
acckey = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")Replace the placeholders in Step 2 with your actual values:
| Placeholder | Description | Example |
|---|---|---|
<your-access-key-id> | AccessKey ID of the RAM user | LTA**** |
<your-access-key-secret> | AccessKey Secret of the RAM user | moiEs**** |
Initialize the SDK client
After you configure environment variables, initialize the Account object to start using the SDK.
With long-term credentials:
accid, acckey, endpoint, token = MNSSampleCommon.LoadConfig()
my_account = Account(endpoint, accid, acckey, token)With temporary credentials:
import os
accid = os.getenv("MNS_ACCESS_KEY_ID")
acckey = os.getenv("MNS_ACCESS_KEY_SECRET")
token = os.getenv("MNS_SESSION_TOKEN") or ""
endpoint = "<your-endpoint>"
my_account = Account(endpoint, accid, acckey, token)Do not embed access credentials directly in source code. Leaked credentials can be exploited to access your resources and cause data breaches. Always store credentials in environment variables.