Use Alibaba Cloud CLI to call the API operations of IMS - Resource Access Management

Alibaba Cloud CLI is a general-purpose command-line tool that is developed based on the OpenAPI Specification. You can use Alibaba Cloud CLI to implement automatic management and maintenance of Identity Management Service (IMS). This topic describes how to use Alibaba Cloud CLI to call the API operations of IMS. In this example, the GetUser operation is called to query the details of a specific Resource Access Management (RAM) user.

Before you start

Get yourself familiar with Alibaba Cloud CLI. For more information, see What is Alibaba Cloud CLI?

Step 1: Install Alibaba Cloud CLI

You must install Alibaba Cloud CLI before you can use Alibaba Cloud CLI. You can install Alibaba Cloud CLI on Windows, Linux, and macOS operating systems. You must select an installation package for Alibaba Cloud CLI based on your operating system. For more information, see the following topics:

Windows operating system: Windows
Linux operating system: Linux
macOS operating system: macOS

You can use Cloud Shell provided by Alibaba Cloud to debug the commands that you want to run in Alibaba Cloud CLI. For more information about Cloud Shell, see What is Cloud Shell?

Step 2: Configure Alibaba Cloud CLI

Important

An Alibaba Cloud account has the permissions to manage and access the APIs of all Alibaba Cloud services. If you use an Alibaba Cloud account to call API operations, security risks may arise. We recommend that you create a RAM identity, grant the required permissions to the RAM identity based on the principle of least privilege, and then use the RAM identity to call API operations.

Before you use Alibaba Cloud CLI, you must specify information, such as identity credentials and a region ID, in Alibaba Cloud CLI. Alibaba Cloud CLI supports various identity credentials. For more information, see Credential types. In this example, AccessKey pairs are used as identity credentials.

Create a RAM user and create an AccessKey pair for the RAM user. For more information, see Create a RAM user and Create an AccessKey pair.
Grant the required permissions to the RAM user. In this example, attach the AliyunRAMReadOnlyAccess policy to the RAM user. The policy grants the RAM user the read-only permissions on IMS. For more information, see Grant permissions to a RAM user.
Obtain the ID of the region that you want to use. Alibaba Cloud CLI uses the region ID that you specify to initiate API calls. For more information about supported regions, see Endpoints.
Note
When you use Alibaba Cloud CLI, you can use the --region option to specify the region from which you want to initiate a call. If you use the option to specify a region, Alibaba Cloud CLI ignores the region information in the default credential settings and environment variables. For more information, see Command line options for API calls.
Use the AccessKey pair of the RAM user to configure identity credentials in the configuration file named AkProfile. For more information, see Configuration examples.

Step 3: Generate a CLI command

In OpenAPI Explorer, call the GetUser operation.
On the Parameters tab, configure the parameters. Then, click the CLI Example tab to view the generated sample CLI command.
Run the CLI command in Cloud Shell or copy the CLI command.
- Click the icon to start Cloud Shell and debug the CLI command in Cloud Shell.
- Click the icon to copy the CLI command to the clipboard. You can also paste the CLI command into your on-premises shell to run the command.
  Note
  - When you paste the CLI command into your on-premises shell for debugging, take note of the parameter formats. For more information about the parameter formats required by Alibaba Cloud CLI, see Parameter formats.
  - By default, OpenAPI Explorer adds the --region option to the generated CLI command. When you copy the command to your on-premises shell, Alibaba Cloud CLI ignores the region information in the default identity credential settings and environment variables, and runs the command in the region specified by the option. You can delete or retain the option based on your business requirements.

Step 4: Call the API operations of IMS

Example 1: Query the IMS API operations that can be called by using Alibaba Cloud CLI

The following code provides an example on how to use the --help option to query the IMS API operations that can be called by using Alibaba Cloud CLI. You can also view the supported API operations in List of operations by function.

Run the following command:
```
aliyun ims --help
```
View the command output.

Example 2: Query information about a specific RAM user

The following code provides an example on how to use Alibaba Cloud CLI to call the GetUser operation of IMS. The operation is used to obtain information about the RAM user whose ID is 20732900249392****.

Run the following command:

aliyun ims GetUser --UserId 20732900249392****

View the command output.

{
  "User": {
    "DisplayName": "test",
    "UserPrincipalName": "test@example.onaliyun.com",
    "Email": "alice@example.com",
    "UpdateDate": "2020-10-13T07:39:22Z",
    "MobilePhone": "86-1868888****",
    "UserId": "20732900249392****",
    "Comments": "This is a cloud computing engineer.",
    "LastLoginDate": "2020-10-12T09:12:00Z",
    "CreateDate": "2020-10-12T09:12:00Z",
    "ProvisionType": "Manual",
    "Tags": {
      "Tag": [
        {
          "TagKey": "operator",
          "TagValue": "alice"
        }
      ]
    }
  },
  "RequestId": "4507D1CD-526A-4E2B-A1E2-3AB045D1EE0B"
}

Note

If an error is returned after you call an API operation of IMS, check whether the request parameters and their values are valid based on the error code.

You can also use Alibaba Cloud OpenAPI Diagnostics to perform self-service diagnostics based on the returned request ID or SDK error information.