Mengambil kredensial akses sementara untuk CloudAccountRole.
Deskripsi operasi
This API uses IDaaS-issued access tokens to authenticate and authorize requests.
The access token must be authorized to obtain access credentials for a cloud role from the IDaaS Privileged Access Management (PAM) application.
The corresponding scope is urn:cloud:idaas:pam|cloud_account_role:obtain_access_credential.
Coba sekarang
Test
RAM authorization
Sintaks permintaan
GET /v2/{instanceId}/cloudAccountRoles/_/actions/obtainAccessCredential HTTP/1.1Path Parameters
|
Parameter |
Type |
Required |
Description |
Example |
| instanceId |
string |
Yes |
ID instans. |
idaas_ue2jvisn35ea5lmthk267xxxxx |
Parameter permintaan
|
Parameter |
Type |
Required |
Description |
Example |
| Authorization |
string |
Yes |
Informasi otentikasi. Formatnya adalah Catatan
Token akses diterbitkan oleh IDaaS. |
Bearer xxxxxx |
| cloudAccountRoleExternalId |
string |
Yes |
ID eksternal peran cloud. |
acs:ram::xxx:role/role-test |
| durationSeconds |
integer |
No |
Durasi kredensial keamanan sementara (token STS) dalam detik. Nilai harus antara 900 hingga 43200 (15 menit hingga 12 jam).
|
1800 |
Elemen respons
|
Element |
Type |
Description |
Example |
|
object |
The response object. |
||
| cloudAccountId |
string |
The ID of the cloud account. |
ca_01kmegjc11qa1txxxxx |
| cloudAccountRoleId |
string |
The ID of the cloud role. |
carole_01kmek49aqxxxx |
| cloudAccountRoleName |
string |
The name of the cloud role. |
role-test |
| cloudAccountRoleExternalId |
string |
The external ID of the cloud role. |
acs:ram::xxx:role/role-test |
| cloudAccountVendorType |
string |
The type of the cloud account. The valid value is:
Valid values:
|
alibaba_cloud |
| cloudAccountRoleAccessCredential |
object |
The temporary access credential to assume the cloud role. |
|
| accessCredentialExpiresAt |
integer |
The expiration time of the temporary access credential for the cloud role, in Unix timestamp seconds. |
1767196800 |
| alibabaCloudStsToken |
object |
The STS token used to assume an Alibaba Cloud RAM role. Catatan
This parameter is returned only when the cloud account type is |
|
| accessKeyId |
string |
The access key ID. |
STS.NUgYrLnoC37mZZCNnAbez**** |
| accessKeySecret |
string |
The access key secret. |
CVwjCkNzTMupZ8NbTCxCBRq3K16jtcWFTJAyBEv2**** |
| securityToken |
string |
The security token. |
CAIShwJ1q6Ft5B2yfSjIr5bSEsj4g7BihPWGWHz**** |
| expiration |
string |
The time when the token expires. The time is specified in UTC and formatted as |
2021-10-20T04:27:09Z |
| awsStsToken |
object |
The STS token used to assume an AWS role. |
|
| accessKeyId |
string |
ASIAYBGN7XJKRFOM**** |
|
| secretAccessKey |
string |
CVwjCkNzTMupZ8NbTCxCBRq3K16jtcWFTJAyBEv2**** |
|
| sessionToken |
string |
FwoDYXdzEJzfSjIr5bSEsj4g7BihPWGWHz**** |
|
| expiration |
string |
2021-10-20T04:27:09Z |
Contoh
Respons sukses
JSONformat
{
"cloudAccountId": "ca_01kmegjc11qa1txxxxx",
"cloudAccountRoleId": "carole_01kmek49aqxxxx",
"cloudAccountRoleName": "role-test",
"cloudAccountRoleExternalId": "acs:ram::xxx:role/role-test",
"cloudAccountVendorType": "alibaba_cloud",
"cloudAccountRoleAccessCredential": {
"accessCredentialExpiresAt": 1767196800,
"alibabaCloudStsToken": {
"accessKeyId": "STS.NUgYrLnoC37mZZCNnAbez****",
"accessKeySecret": "CVwjCkNzTMupZ8NbTCxCBRq3K16jtcWFTJAyBEv2****",
"securityToken": "CAIShwJ1q6Ft5B2yfSjIr5bSEsj4g7BihPWGWHz****",
"expiration": "2021-10-20T04:27:09Z"
},
"awsStsToken": {
"accessKeyId": "ASIAYBGN7XJKRFOM****",
"secretAccessKey": "CVwjCkNzTMupZ8NbTCxCBRq3K16jtcWFTJAyBEv2****",
"sessionToken": "FwoDYXdzEJzfSjIr5bSEsj4g7BihPWGWHz****\n",
"expiration": "2021-10-20T04:27:09Z"
}
}
}Kode kesalahan
Lihat Error Codes untuk daftar lengkap.
Catatan rilis
Lihat Release Notes untuk daftar lengkap.