All Products
Search

This Product

    Resource Management:CLI Reference

    Document Center

    Resource Management:CLI Reference

    Last Updated:Dec 03, 2024

    This topic describes how to use Alibaba Cloud CLI to call the API operations of Resource Center. In this example, the SearchResources operation of Resource Center is called to search for visible resources within the current account.

    Background information

    Alibaba Cloud CLI is a general-purpose command-line tool that is developed based on APIs. You can use Alibaba Cloud CLI to implement automatic management and maintenance of Resource Center. For more information, see What is Alibaba Cloud CLI?

    Step 1: Install Alibaba Cloud CLI

    You must install Alibaba Cloud CLI before you can use Alibaba Cloud CLI. You can install Alibaba Cloud CLI on Windows, Linux, and macOS operating systems. Select an installation package of Alibaba Cloud CLI based on the operating system of your device. For more information, see the following topics:

    Alibaba Cloud CLI is pre-installed in Cloud Shell. Cloud Shell automatically configures an identity credential for you. You can use Cloud Shell to debug the commands that you want to run in Alibaba Cloud CLI. For more information, see What is Cloud Shell?

    Step 2: Configure Alibaba Cloud CLI

    Important

    • An Alibaba Cloud account has permissions to manage and access the APIs of all Alibaba Cloud services. If you use an Alibaba Cloud account to call API operations, security risks may arise. We recommend that you create a Resource Access Management (RAM) identity, grant the required permissions to the RAM identity based on the principle of least privilege, and then use the RAM identity to call API operations. For more information about permission policies that are supported by Resource Center, see System policies for ResourceManager and Custom policies for Resource Management.

    • Resource Center allows you to query only the resources that can be accessed within the current account. Therefore, the RAM identity you use to call API operations must be granted both the permissions on Resource Center and the read-only permissions on resources. For more information, see Grant a RAM user the permissions to use Resource Center.

    Before you use Alibaba Cloud CLI, you must specify information, such as identity credentials and a region ID, in Alibaba Cloud CLI. Alibaba Cloud CLI supports various identity credentials. For more information, see Credential types. In this example, AccessKey credentials are used.

    Procedure:

    1. Create a RAM user and create an AccessKey pair for the RAM user. For more information, see Create a RAM user and Create an AccessKey pair.

    2. Grant the required permissions to the RAM user. In this example, the AliyunResourceCenterReadOnlyAccess policy needs to be attached to the RAM user to grant the RAM user the read-only permissions on Resource Center. In addition, the policies that allow read-only operations on resources need to be attached to the RAM user. For example, the AliyunVPCReadOnlyAccess policy needs to be attached to the RAM user to grant the RAM user the read-only permissions on Virtual Private Cloud (VPC) resources. For more information, see Grant permissions to a RAM user.

    3. Obtain the ID of the region that you want to use. Alibaba Cloud CLI uses the region ID that you specify to initiate API calls. For more information about the regions supported by Resource Center, see Endpoints.

      Note

      When you use Alibaba Cloud CLI, you can use the --region option to specify the region from which you want to initiate a call. If you specify this option, Alibaba Cloud CLI ignores the region information in the default credential configurations and environment variable settings. For more information, see Command line options for API calls.

    4. Use the AccessKey pair of the RAM user and the obtained region ID to configure identity credentials in the AkProfile configuration file. For more information, see Configuration examples.

    Step 3: Generate a CLI command

    1. Go to the SearchResources debugging page in OpenAPI Explorer.

      image

    2. On the Parameters tab, configure the request parameters. Then, click the CLI Example tab to view the generated sample CLI command.

    3. Copy the CLI command or debug the CLI command in Cloud Shell.

      • Click the image icon to start Cloud Shell and debug the CLI command in Cloud Shell.

      • Click the image icon to copy the CLI command to the clipboard. You can paste the CLI command into your local shell to run the CLI command.

      Note

      When you paste the CLI command into your local shell for debugging, take note of the parameter formats. For information about the parameter formats required by Alibaba Cloud CLI, see Parameter formats.

      By default, OpenAPI Explorer adds the --region option to the generated CLI command. When you copy the command to your local shell, Alibaba Cloud CLI ignores the region information in the default identity credential configurations and environment variable settings, and preferentially runs the command in the region specified by the option. You can delete or retain the option based on your business requirements.

    Step 4: Call the API operations of Resource Center

    Example 1: Query the Resource Center API operations that can be called in Alibaba Cloud CLI

    This example uses the --help option to query the Resource Center API operations that can be called in Alibaba Cloud CLI. For more information, see List of operations by function.

    1. Run the following command: 

      aliyun resourcecenter --help

    2. View the command output.

      image

    Example 2: Search for resources within the current account

    In this example, the SearchResources operation of Resource Center is called in Alibaba Cloud CLI to search for VPC route tables within the current account.

    1. Run the following command: 

      aliyun resourcecenter SearchResources --Filter.1.Key ResourceType --Filter.1.Value.1 'ACS::VPC::RouteTable' --Filter.1.MatchType Equals

    2. View the command output. 

      {
  "NextToken": "eyJzZWFyY2hBZnRlcnMiOlsiMTAwMTU2Nzk4MTU1OSJd****",
  "RequestId": "D696E6EF-3A6D-5770-801E-4982081FE4D0",
  "MaxResults": 10,
  "Resources": [
    {
      "AccountId": "151266687691****",
      "ResourceGroupId": "rg-acfmzawhxxc****",
      "ResourceId": "vtb-bp11lbh452fr8940s****",
      "ResourceName": "group1",
      "CreateTime": "2024-09-25T08:55:30Z",
      "ResourceType": "ACS::VPC::RouteTable",
      "RegionId": "ap-northeast-1"
    }
  ]
}
      Note

      If an error message is returned after you call an API operation of Resource Center, check whether the request parameters and the values of the request parameters are valid based on the returned error code.

      You can also perform self-service diagnostics based on the returned request ID or SDK error information on the OpenAPI problem diagnosis page.