Alibaba Cloud in 7 Days

Day #4 - CLI - Python SDKs - RAM

May 11, 2018

Now that we have a fully setup web server with a domain name, let's dig into the Alibaba Cloud Command Line Interface (CLI) to start managing our cloud resources from the desktop. Later we will begin writing simple python programs to interface with the cloud.

The Alibaba Cloud CLI documentation will be important. Go to the Alibaba Cloud CLI product page.

In the left side menu, expand CLI Python Version, expand Installation Guide, expand Alibaba Cloud CLI installation guide (Windows), and then click on Online installation of Alibaba Cloud CLI and SDK.
Here is a Link.

Setup Python and PIP

The CLI requires Python version 2.7.x. Check to see if Python is already installed on your system. Open a CMD Prompt. Execute the following command:

python --version

If Python is not installed, go to the official Python download server. Download and install Python 2.7.15. Here is Windows 64-bit MSI link. On my system I have both Python 2.7.x and Python 3.x installed. Therefore, I install Python 2.7.x in the C:\Python27 directory.

Change to the C:\Python27 directory:

cd c:\Python27

The CLI requires Python PIP version 7.x or later. The current version (as of May 11, 2018) is version 10.0.1. Let's double check.

Change to the Python Scripts directory:

cd c:\Python27\Scripts

Check the PIP version:

pip --version

My system shows:

pip 10.0.1 from c:\python27\lib\site-packages\pip (python 2.7)

To upgrade PIP:

C:\Python27\python -m pip install -U pip

Install the CLI

While still in the c:\Python27\Scripts directory, execute the following command:

pip install aliyuncli

Install the SDK

The CLI does not include the SDKs that are required for each service. This page lists the available SDKs that you can install. Let's start with ECS, OSS and VPC. We will add more later.

Execute the following commands while still in the c:\Python27\Scripts directory:
pip install aliyun-python-sdk-core
pip install aliyun-python-sdk-ecs
pip install oss2
pip install aliyun-python-sdk-vpc

One of the issues with having multiple versions of tools like Python is PATH management. For Windows I write batch scripts to set and unset my Windows search paths. Here are some examples for you to make running the Alibaba CLI and Python scripts easier.

To add Python 2.7 to the path, copy the following to a file named set_path.bat (download set_path.zip):
@set alibaba_oldpath=%path%

To remove Python 2.7 from the path, copy the following to a file named set_oldpath.bat:

Now when you need to use the CLI, open a CMD Prompt and execute set_path.bat. When finished, either close the CMD Prompt or execute set_oldpath.bat to remove Python from the Windows search path. I have a directory c:\bin in my search path where I copy batch files like to.

Using the CLI

The CLI program name is aliyuncli.exe. The CLI takes as its first argument the service that you would like to manage. In the following example we will list the ECS instances.

Let's test the CLI by attempting to list our ECS instances:

aliyuncli ecs DescribeInstances

This will fail with the following error message. The reason is that we have not given the CLI permissions to access our Alibaba Cloud Account. We will solve this next.

accesskeyid/accesskeysecret/regionId is absence

Resource Access Management

Alibaba Cloud identity and access control service is called Alibaba Cloud Resource Access Management or RAM for short. Here is a link to the RAM product page.

To use the CLI, we need to create an Access Key / Secret Key pair. This key will be installed on our local system. It is very important to protect these keys.

Step 1. Go to the Alibaba Resource Access Management Console.
  • Under the RAM Dashboard, click on "Users".
  • Click on the blue "Create User" button located in the top right of the console.
  • A dialog will appear. Enter values for User Name, Display Name and Description. Enable the checkbox Automatically generate an Access key for this user.
  • Click OK, a user is created.
  • In the confirmation dialog box, expand Access Key Details.
  • Make note of the AccessKeyID and AccessKeySecret or click the Save Access Key Information button.

We now have an Access Key and Secret Access Key for the CLI.

Step 2. Configure the CLI with the Access Key and Secret.

At the CMD Prompt execute this command:
aliyuncli configure

The CLI will prompt you for several items:

  • Aliyun Access Key ID
  • Aliyun Access Key Secret
  • Default Region ID
  • Default output format

For the first two items, these are the keys that you saved when you create the new user. For the region, either leave it blank or specify your preferred region. I used us-west-1. For the output format, I prefer json.

Let's test the CLI again:

aliyuncli ecs DescribeInstances

This command will appear to work. There is some output. However, notice that our ECS instance is not displayed. We need to give our user some permissions to access cloud services.

"TotalCount": 0,
"PageNumber": 1,
"RequestId": "A73750E5-D114-4A1F-BC35-436EBFD6E2AE",
"PageSize": 10,
"Instances": {
"Instance": []

Go back to the RAM console and to the right of the user, click "Authorize". A dialog box will appear that has two columns. The left column displays available policies and the right side shows the policies that are assigned.

In the Search Box, enter the word read. This will limit the displayed policies to the ones containing the word read. Select AliyunECSReadOnlyAccess and click the right arrow button to move the policy to the right side. Now click OK.

Now let's try the CLI again. Now notice how a lot of information is displayed. Rerun the command again and save the output to a file. Open the file in an editor and review the information. Find the InstanceID and Status. We will be using these often.

Example ECS commands:
aliyuncli ecs StartInstance --InstanceId i-abcdef0xd561i6l7dbf0
aliyuncli ecs RebootInstance --InstanceId i-abcdef0xd561i6l7dbf0
aliyuncli ecs StopInstance --InstanceId i-abcdef0xd561i6l7dbf0

15220 Main Street, Bellevue, WA 98007
T: 425-528-8500 - F: 425-528-8550 - E: neoprime@neoprime.io

Copyright 2018 NeoPrime LLC