Before you can use the Simple Log Service Python SDK, configure access credentials so Alibaba Cloud can verify your identity and access permissions. Choose a credential type based on your security requirements.
Access credentials
Access credential types
Simple Log Service supports two types of access credentials:
-
Temporary access credentials
A Security Token Service (STS) token is a temporary access credential that Alibaba Cloud provides for Resource Access Management (RAM) roles. You can customize the validity period and access permissions. For more information, see What is Security Token Service (STS)?
Use temporary access credentials for high-security scenarios. They expire after a configurable period, limiting the impact of a credential leak, and support fine-grained access control to reduce over-permission risk.
-
Long-term access credentials
An AccessKey pair is a long-term access credential for an Alibaba Cloud account or a RAM user. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. For more information, see Create an AccessKey.
-
Long-term access credentials do not expire, which reduces operational overhead. However, they carry higher security risk if exposed — use them with caution.
ImportantRotate long-term access credentials at least once per quarter. For more information, see Rotate an AccessKey for a RAM user.
If long-term access credentials are leaked or no longer in use, delete or disable them immediately to minimize security risks. For more information, see Delete a RAM user's AccessKey.
Use temporary access credentials
Temporary access credentials are issued by STS and do not require you to expose your RAM user's AccessKey pair.
Assign the RAM user the system policy
AliyunSTSAssumeRoleAccessto assume the RAM role. For more information, see Manage permissions for a RAM role.Authorize the RAM role to access Simple Log Service resources. For more information, see Manage permissions for a RAM role and SLS custom policies.
Call the AssumeRole API using the RAM user to get STS temporary credentials, including the security token, AccessKey ID, and AccessKey secret.
Initialize the SDK with the temporary credentials to access Simple Log Service. For more information, see Use the STS SDK for Python to assume a RAM role.
Use long-term access credentials
Use an AccessKey pair (AccessKey ID and AccessKey secret) from a RAM user for applications that need long-term access to Simple Log Service. For more information, see Create an AccessKey.
Use a RAM user AccessKey pair with minimal privileges — never use your Alibaba Cloud account's AccessKey pair. The Alibaba Cloud account has full resource permissions, and a leaked key poses a critical security risk.
Do not store the AccessKey ID or AccessKey secret in your code. Hardcoded credentials can be leaked through version control or logs, exposing your Alibaba Cloud resources.
Grant the RAM user access to Simple Log Service resources. For more information, see Manage RAM user permissions and SLS custom policies.
Configure environment variables in Linux, macOS, and Windows.
What's next
After initializing LogClient with your credentials, call the API. For initialization steps, see: