Alibaba Cloud

Introduce how to get the configuration parameters that need to be used in the OneCloud platform in Alibaba Cloud.

What is Access Key?

In order to ensure the security of the server, Alibaba Cloud needs to verify the identity of the visitor when the API is called to ensure that the visitor has the relevant rights. This authentication is achieved through Access Key, which is issued by Alibaba Cloud to the owner of the server and consists of Access Key ID and Access Key Secret.

How to get Accesskey way for main account

Please note that here is the main account of Alibaba Cloud as an example to introduce how to get Access Key, if you use RAM sub-account, please see How to get Accesskey way for sub-accounts

Login to Alibaba Cloud console with your main account, click Personal Information on the top right corner of the page, expand the drop-down menu, click “AccessKey Management” menu item to enter the security information management page.
In the security information management page, you can view the existing AccessKey information, you can also click “Create AccessKey” button to create a new user AccessKey, when you create a new AccessKey, Alibaba Cloud will send a verification code to the account contact phone, and only after the verification is passed can you create an AccessKey.
Access Key Secret is not shown by default, click the “Show” link, Alibaba Cloud will send a verification code to the contact phone to which the account belongs, and the Access Key Secret will be shown only after the verification is passed.

How to get Accesskey way for sub-accounts

Login to Alibaba Cloud console with your sub-account, click Personal Information on the top right corner of the page, expand the drop-down menu, click “AccessKey Management” to enter the security information management page.
In the Security Information Management page, click the “Create AccessKey” button to create the AccessKey.
After successful creation, the AccessKeySecret information will only be displayed once, so please save it in time.

Note

AccessKey already created, can no longer view AccessKeySecret.

Alibaba Cloud account permission requirements

Features	Read-only permissions	Read-write permissions
All Features	ReadOnlyAccess	AdministratorAccess
VM instance, Security Group, Images, Disks, Snapshots	AliyunECSReadOnlyAccess	AliyunECSFullAccess
VPC, VPC Peering, Routing table	AliyunVPCReadOnlyAccess	AliyunVPCFullAccess
EIP	AliyunEIPReadOnlyAccess	AliyunEIPFullAccess
Elastic NIC	AliyunVPCNetworkIntelligenceReadOnlyAccess	AliyunECSNetworkInterfaceManagementAccess
OSS	AliyunOSSReadOnlyAccess	AliyunOSSFullAccess
NAT	AliyunNATGatewayReadOnlyAccess	AliyunNATGatewayFullAccess
LB instance	AliyunSLBReadOnlyAccess AliyunALBFullAccess	AliyunSLBFullAccess AliyunALBFullAccess
RDS	AliyunRDSReadOnlyAccess	AliyunRDSFullAccess
Redis	AliyunKvstoreReadOnlyAccess	AliyunKvstoreFullAccess
Log	AliyunActionTrailFullAccess	AliyunActionTrailFullAccess
NAS	AliyunNASReadOnlyAccess	AliyunNASFullAccess
WAF	AliyunYundunWAFReadOnlyAccess	AliyunYundunWAFFullAccess
IAM	AliyunRAMReadOnlyAccess	AliyunRAMFullAccess
DNS	AliyunDNSReadOnlyAccess AliyunPubDNSFullAccess	AliyunDNSFullAccess AliyunPubDNSFullAccess
Billing,Balance,Charges	AliyunFinanceConsoleReadOnlyAccess	AliyunFinanceConsoleFullAccess
Monitoring	AliyunCloudMonitorReadOnlyAccess	AliyunCloudMonitorFullAccess

How to give authorization to sub-account

Login to Alibaba Cloud console with your main account, click Personal Information at the top right corner of the page, expand the drop-down menu, click “Access Control” menu item , enter the access control page.
Click the “User Management” menu item on the left menu bar to enter the user management page.
On the user management page, click the “Authorize” button in the specified user action column to perform authorization. Please see Alibaba Cloud account permission requirements for the permissions required to manage Alibaba Cloud resources using OneCloud .

How to get Expense OSS Bucket URL and file prefix in Alibaba Cloud platform?

How to get the Expense OSS Bucket URL?

Take Alibaba Cloud main account as an example, login to Alibaba Cloud console with your main account, click the drop-down menu “User Center” menu item in the top [Fees] menu to enter the Fees user center page.
Click the “Billing Data Storage” button to enter the Billing Data Storage page.
Check and record the bucket name of the billing item consumption impact and instance consumption details, if it is not set, you need to add the subscription bucket for storing files in this page, after the setting is completed, the daily incremental billing data will be stored to the corresponding OSS synchronously. It is recommended that only billing files are stored in this bucket.
Check the overview information of the corresponding bucket in the object storage page of Alibaba Cloud Console, the bucket domain is the oss bucket URL.

How to get the billing file prefix?

Alibaba Cloud’s billing file prefix is the account ID, you can check the account ID in Account Management - Security Settings.

Description

When there are other files stored in the Expense OSS Bucket besides the billing file, you need the configuration file prefix to get only the billing file in the bucket, etc.