Use Alibaba Cloud CLI to call Security Center APIs. This example calls the DescribeCloudCenterInstances operation to query Security Center asset information.
Overview
-
Alibaba Cloud CLI is a command-line tool built on OpenAPI. You can use Security Center to automate managing Security Center. What is Alibaba Cloud CLI.
-
Alibaba Cloud CLI does not currently support calling Security Center (Agentic SOC) or Security Center (SOAR). To request this feature, submit a ticket.
Step 1: Install the CLI
Install Alibaba Cloud CLI for your operating system:
-
Windows: Install the CLI on Windows.
-
Linux: Install the CLI on Linux.
-
macOS: Install the CLI on macOS.
You can also debug Alibaba Cloud CLI commands in Cloud Shell. Cloud Shell has Alibaba Cloud CLI pre-installed and regularly updated. What is Cloud Shell.
Step 2: Configure the CLI
An Alibaba Cloud account has full permissions to all product APIs, which creates a high security risk. Use a RAM user with the principle of least privilege for API access. Supported Security Center policies: Security Center system access policy reference and Custom policies for Security Center.
Before using the CLI, configure identity credentials and a default region. The CLI supports multiple credential types (Credential types). The following steps use a RAM user AccessKey:
-
Grant the RAM user read-only access to Security Center by attaching the
AliyunYundunSASReadOnlyAccesspolicy. Grant permissions to a RAM user. -
Obtain an available region ID. The CLI sends API calls to the specified region. Available Security Center regions: Endpoints.
NoteAdd the
--regionoption to override the default region from your credential configuration and environment variables. Command-line options. -
Use the RAM user's AccessKey to configure a profile named
AkProfile. Configuration examples.
Step 3: Generate a CLI command
-
In OpenAPI Explorer, go to the DescribeCloudCenterInstances debugging page.

-
On the Parameters tab, enter the request parameters. Click the CLI Example tab to view the generated CLI command.
-
Copy the CLI command or run it in Cloud Shell:
-
Click the Run Command
button to open Cloud Shell and run the command. -
Click Copy
to copy the command to your clipboard for local execution or scripting.
NoteWhen running the command locally, verify the parameter format. Parameter formats.
OpenAPI Explorer adds the
--regionoption by default, which overrides the region in your credential configuration or environment variables. Remove it if not needed. -
Step 4: Call a Security Center API
Example 1: List Security Center APIs
Use the --help option to list Security Center APIs. API overview.
-
Run the following command:
aliyun sas --help -
The command returns the following output:

Example 2: Query assets
Call the Security Center DescribeCloudCenterInstances API to query at-risk Elastic Compute Service (ECS) assets.
-
Run the following command:
aliyun sas DescribeCloudCenterInstances --Criteria '[{"name":"riskStatus","value":"YES"}]' --MachineTypes ecs -
The command returns the following output:
{ "Success": true, "PageInfo": { "Count": 10, "CurrentPage": 1, "PageSize": 20, "TotalCount": 10, "NextToken": "B604532DEF982B875E8360A6EFA3B***" }, "RequestId": "7D6FD965-745C-5580-A3E8-83FEC3BE1FE8", "Instances": [ { "AlarmStatus": "NO", "AssetType": "0", "AssetTypeName": "Cloud server", "AuthVersionName": "Basic Edition", "Bind": false, "ClientStatus": "online", "Cores": 4, "CpuInfo": "Intel(R) Xeon(R) Platinum 8269CY CPU @ 2.50GHz", "ExposedStatus": 0, "Flag": 0, "FlagName": "ALIYUN", "GroupId": 1355****, "GroupTrace": "Ungrouped", "HcStatus": "YES", "HealthCheckCount": 0, "Importance": 1, "InstanceId": "i-bp1b84nxki0g2cyg****", "InstanceName": "example", "InternetIp": "", "IntranetIp": "172.16.****", "Ip": "172.16.****", "IpListString": "172.16.****", "Kernel": "5.10.134-16.3.al8.x86_64", "LastLoginTimestamp": 1729840886000, "MacListString": "00:16:3e:**:**:**", "Mem": 16384, "Os": "linux", "OsName": "Alibaba Cloud Linux 3.2104 LTS 64-bit", "Region": "cn-hangzhou-dg-a01", "RegionId": "cn-hangzhou", "RegionName": "China (Hangzhou)", "RiskCount": "{\"account\":0,\"agentlessAll\":0,\"agentlessBaseline\":0,\"agentlessMalicious\":0,\"agentlessSensitiveFile\":0,\"agentlessVulCve\":0,\"agentlessVulSca\":0,\"agentlessVulSys\":0,\"appNum\":0,\"asapVulCount\":0,\"baselineHigh\":0,\"baselineLow\":0,\"baselineMedium\":0,\"baselineNum\":1,\"cmsNum\":0,\"containerAsap\":0,\"containerLater\":0,\"containerNntf\":0,\"containerRemind\":0,\"containerSerious\":0,\"containerSuspicious\":0,\"cveNum\":4,\"emgNum\":0,\"health\":0,\"imageBaselineHigh\":0,\"imageBaselineLow\":0,\"imageBaselineMedium\":0,\"imageBaselineNum\":0,\"imageMaliciousFileRemind\":0,\"imageMaliciousFileSerious\":0,\"imageMaliciousFileSuspicious\":0,\"imageVulAsap\":0,\"imageVulLater\":0,\"imageVulNntf\":0,\"laterVulCount\":1,\"newSuspicious\":0,\"nntfVulCount\":3,\"remindNum\":0,\"scaNum\":0,\"seriousNum\":0,\"suspNum\":0,\"suspicious\":0,\"sysNum\":0,\"trojan\":0,\"uuid\":\"11c50347-4745-4a7a-b8dd-405f276201ff\",\"vul\":4,\"weakPWNum\":0}", "RiskStatus": "YES", "SafeEventCount": 0, "Status": "Running", "Uuid": "11c50347-4745-4a7a-b8dd-405f****", "Vendor": 0, "VendorName": "ALIYUN", "VpcInstanceId": "vpc-bp132a80775r3d7kz****", "VulCount": 4, "VulStatus": "YES" } ] }NoteIf a Security Center API call returns an error, check the error code against your request parameters.
Record the RequestId or SDK error message and use the Alibaba Cloud OpenAPI Diagnostic Platform for self-service diagnosis.