Open rachari opened 5 years ago
Yes ,This version supports STS Token Credentials. But it is a developing version. Maybe you can reference https://github.com/aliyun/alibabacloud-python-sdk-v2/blob/master/alibabacloud/credentials/provider.py
Are you referring to the methods that are present in https://github.com/aliyun/alibabacloud-python-sdk-v2/blob/master/alibabacloud/credentials/assume_role_caller.py
The Linux instance from where we plan on making this call is a role based instance and we don't have access to access key / secret key
Are there any examples of this present in the repo ? If not, can you please provide with one
I'd like to confirm that you want to use this way:https://www.alibabacloud.com/help/doc-detail/67120.htm?
It's more for cross account access / resource creation, as mentioned here - https://www.alibabacloud.com/help/doc-detail/93745.htm
Idea is to have the roles generated as mentioned in the above docs so that an instance present in account A can assume the role for account B and create / access a resource in account B
Can you post the relevant code about Go ? So that I can give you the Python related code
I'm assuming that this is the STS implementation in Go - https://github.com/aliyun/aliyun-sts-go-sdk
Not sure if it supports cross account access though
hi, it supported in every language of the SDK. And in python https://github.com/aliyun/alibabacloud-python-sdk-v2/blob/906760f2f735971277c2355e3f73a82f9565d097/alibabacloud/credentials/provider.py#L163
I was checking the docs, and based on what you've mentioned so far, this STS example should work for an instance with a RAM role for cross account access :
https://www.alibabacloud.com/help/doc-detail/28798.htm?spm=a2c63.p38356.b99.170.5af86ff8Thsqlz
Can you please confirm if this is correct or if there are other examples related to this
There are only three kinds of Alibaba Cloud Credentials .But Credentials Provider are more than 6. As your title,I think you are talking about STS Token ; and as you mentioned 'cross account',I think you are talking about RamRoleArn. I can't understand what you need. Can you handle the work order?
This is what I'm trying to do :-
The credentials required for the Acs client in account A need to come from STS after the role has been assumed.
Once the client has the correct credentials, it should be able to access / create resources in account B, based on the permissions assigned for the role.
Please let me know which components / modules from the SDK would be required for this.
After discussion, We think you are talking about something about assumerole, which can get STS Token.
alibabacloud-python-sdk-v2 is a developing/big changes/instability version, and it is not recommended to use directly.
In alibabacloud-python-sdk-v2, Assuemrole has a layer of encapsulation.
But no matter which version, we all use https://www.alibabacloud.com/help/doc-detail/28763.html
Hope to help you.
I was checking for cross account / STS usage with Alibaba cloud, but couldn't find a relevant module / method in the Python SDK to use this.
I noticed that there are STS implementation in Go / NodeJS
Is there an implementation in Python too ? If there is an implementation, which module is it and can the authors please share the documentation for the same.