English | 简体中文
Alibaba Cloud CLI
The Alibaba Cloud CLI is an open source tool, you can get the latest version from GitHub. You can also try it out in the Cloud Shell before installing the CLI.
Introduction
The Alibaba Cloud CLI is a tool to manage and use Alibaba Cloud resources through a command line interface. It is written in Go and built on the top of Alibaba Cloud OpenAPI.
Note: Alibaba Cloud CLI access the Alibaba Cloud services through OpenAPI. Before using Alibaba Cloud CLI, make sure that you have activated the service to use and known how to use OpenAPI.
Troubleshoot
Troubleshoot Provide OpenAPI diagnosis service to help developers locate quickly and provide solutions for developers through RequestID
or error message
.
CLI Releases
The release notes for the CLI can be found in the CHANGELOG
Installation
-
Download installer (Recommended)
Download the installer, then extract the installer. You can move the extracted
aliyun
executable file to the/usr/local/bin
directory or add it to the$PATH
.All releases please click here.
-
Use brew If you have installed
brew
in your computer, you can use it to install Alibaba Cloud CLI as following:
brew install aliyun-cli
If you need detailed installation steps or compile the installation steps, please visit Installation Guide.
Configure
For detailed configuration instructions, please visit the official website Configuration Alibaba Cloud CLI.
Before using Alibaba Cloud CLI to invoke the services, you need to configure the credential information, region, language, etc.
You can run the aliyun configure
command for quick configuration.
$ aliyun configure
Configuring profile 'default' ...
Aliyun Access Key ID [None]: <Your AccessKey ID>
Aliyun Access Key Secret [None]: <Your AccessKey Secret>
Default Region Id [None]: cn-hangzhou
Default output format [json]: json
Default Language [zh]: zh
Configure authentication methods
You can specify the authentication method to use by using the configure
command with the --mode <authenticationMethod>
option.
The following are supported authentication methods:
Authentication methods | Description |
---|---|
AK | Use AccessKey ID and Secret to access Alibaba Cloud services |
StsToken | Use STS token to access Alibaba Cloud services |
RamRoleArn | Use the AssumeRole to access Alibaba Cloud services |
EcsRamRole | Use the EcsRamRole to access ECS resources |
Use an external program to get credentials
You can use --mode External
to specify to obtain credential data through an external program, and CLI will execute the program command and return it as a credential to initiate the call.
Agreement:
- The output location of the external program is standard output.
- The output format is json string.
- The output contains the key fields required by the CLI and credential fields
Key field:
- mode: Specify the type of credentials returned
Example of the return of each credential type:
- AK
{
"mode": "AK",
"access_key_id": "accessKeyId",
"access_key_secret": "accessKeySecret"
}
- StsToken
{
"mode": "StsToken",
"access_key_id": "accessKeyId",
"access_key_secret": "accessKeySecret",
"sts_token": "stsToken"
}
- RamRoleArn
{
"mode": "RamRoleArn",
"access_key_id": "accessKeyId",
"access_key_secret": "accessKeySecret",
"ram_role_arn": "ramRoleArn",
"ram_session_name": "ramSessionName"
}
- EcsRamRole
{
"mode": "EcsRamRole",
"ram_role_name": "ramRoleName"
}
Example:
$ aliyun configure --mode External --profile externalTest
Configuring profile 'externalTest' in 'External' authenticate mode...
Process Command []: <getCredential ak>
Default Region Id []: cn-hangzhou
Default Output Format [json]: json (Only support json)
Default Language [zh|en] en:
Saving profile[externalTest] ...Done.
Use chainable RamRoleArn
You can use --mode ChainableRamRoleArn
to combile a source profile and RAM role ARN flow. The following example
get intermediate credentials from source profile cli-test
, then use it to call AssumeRole for get final credentials.
{
"profiles": [
{
"name": "chain",
"mode": "ChainableRamRoleArn",
"ram_role_arn": "acs:ram::<Account ID>:role/<Role Name>",
"ram_session_name": "session",
"source_profile": "cli-test"
},
{
"name": "cli-test",
"mode": "AK",
"access_key_id": "<Access Key ID>",
"access_key_secret": "<Access Key Secret>"
}
]
}
Use Credentials URI
You can use --mode CredentialsURI
to get credentials from local/remote URI.
{
"profiles": [
{
"name": "uri",
"mode": "CredentialsURI",
"credentials_uri": "http://localhost:6666/?user=jacksontian"
}
]
}
The Credentials URI must be response with status code 200, and following body:
{
"Code": "Success",
"AccessKeyId": "<ak id>",
"AccessKeySecret": "<ak secret>",
"SecurityToken": "<security token>",
"Expiration" "2006-01-02T15:04:05Z" // utc time
}
Otherwise, CLI treate as failure case.
Enable bash/zsh auto completion
- Use
aliyun auto-completion
command to enable auto completion in zsh/bash - Use
aliyun auto-completion --uninstall
command to disable auto completion.
Use Alibaba Cloud CLI
Here is the basic usage guidelines. If you need a detailed manual, please visit Use Alibaba Cloud CLI
The Alibaba Cloud OpenAPI has two styles, RPC style and RESTful style. Most of the Alibaba Cloud products use the RPC style. The way of calling an API varies depending on the API style.
You can distinguish the API style from the following characteristics:
- The API requiring the
Action
parameter is the RPC style, while the API requiring thePathPattern
parameter is the RESTful style. - In general, the API style for a product is consistent.
- Each API only supports one style. If an incorrect calling method is used, another API may be called or an error
ApiNotFound
is returned.
Call RPC APIs
The following statement shows how to call RPC APIs in the Alibaba Cloud CLI:
aliyun <product> <operation> --parameter1 value1 --parameter2 value2 ...
Examples:
aliyun rds DescribeDBInstances --PageSize 50
aliyun ecs DescribeRegions
aliyun rds DescribeDBInstanceAttribute --DBInstanceId xxxxxx
Call RESTful APIs
APIs of some products such as Container Service are RESTful style. The way to call RESTful APIs is different from RPC APIs.
The following examples show how to call RESTful APIs in the Alibaba Cloud CLI:
-
GET request:
aliyun cs GET /clusters
-
POST request:
aliyun cs POST /clusters --body "$(cat input.json)"
-
DELETE request:
aliyun cs DELETE /clusters/ce2cdc26227e09c864d0ca0b2d5671a07
Get help information
Alibaba Cloud CLI integrates API descriptions for some products, you can get help by using the following commands:
-
aliyun help
: get product list -
aliyun help <product>
: get the API information of a specific productFor example, get help of ECS APIs:
$ aliyun help ecs
-
$ aliyun help <product> <apiName>
: get the detailed API information of a specific APUFor example, get the help information of the CreateInstance API:
aliyun help ecs CreateInstance
--force
option
Use the Alibaba Cloud CLI integrates the product metadata of some products. It will validate API parameters when calling the API. If an API or a parameter that is not included in the metadata is used, an error unknown api
or unknown parameter
will be returned. You can use the --force
option to skip the validation and call the API by force as shown in the following example:
aliyun newproduct --version 2018-01-01 --endpoint newproduct.aliyuncs.com --param1 ... --force
The following two options are required when using the --force
option:
--version
: the API version. You can find the API version in the API documentation. For example, the ECS API version is2014-05-26
.--endpoint
: the product endpoint. Get the product endpoint in the corresponding API documentation.
--output
parameter
Use the The query interface of Alibaba Cloud products will return json structured data, which is inconvenient to read. Example:
aliyun ecs DescribeInstances
Executing the above command will get the following json result:
{
"PageNumber": 1,
"TotalCount": 2,
"PageSize": 10,
"RequestId": "2B76ECBD-A296-407E-BE17-7E668A609DDA",
"Instances": {
"Instance": [
{
"ImageId": "ubuntu_16_0402_64_20G_alibase_20171227.vhd",
"InstanceTypeFamily": "ecs.xn4",
"VlanId": "",
"InstanceId": "i-12345678912345678123",
"Status": "Stopped",
//omit some fields
},
Instance": [
{
"ImageId": "ubuntu_16_0402_64_20G_alibase_20171227.vhd",
"InstanceTypeFamily": "ecs.xn4",
"VlanId": "",
"InstanceId": "i-abcdefghijklmnopqrst",
"Status": "Running",
//omit some fields
},
]
}
}
You can use the --output
parameter to extract the fields of interest in the results and perform tabular output. Example:
aliyun ecs DescribeInstances --output cols=InstanceId,Status rows=Instances.Instance[]
Executing the above command will get the following result:
InstanceId | Status
-----------------------|--------
i-12345678912345678123 | Stopped
i-abcdefghijklmnopqrst | Running
When using the --output
parameter, the following sub-parameters must be specified:
cols
: The column names of the table, which need to correspond to the fields in the json data. For example, the InstanceId and Status fields in the result returned by the ECS DescribeInstances interface.
Optional sub-parameters:
rows
: Use the jmespath query statement to specify the data source of the table row in the json result.
--waiter
parameter
Use This parameter is used to poll the instance information until a specific state appears.
For example, after creating an instance using ECS, the instance will have a startup process. We will continue to query the running status of the instance until the status becomes "Running".
Example:
aliyun ecs DescribeInstances --InstanceIds '["i-12345678912345678123"]' --waiter expr='Instances.Instance[0].Status' to=Running
After executing the above command, the command line program will poll the instance status at a certain time interval and stop polling when the instance status becomes Running.
When using the --waiter
parameter, you must specify the following two sub-parameters:
expr
: Specify the polled field in the json result through the jmespath query statement.to
: The target value of the polled field.
Optional sub-parameters:
timeout
: polling timeout time (seconds).interval
: polling interval (seconds).
Special argument
When you input some argument like "-PortRange -1/-1", will cause parse error. In this case, you could assign value like this:
--PortRange=-1/-1
.
Supported environment variables
We supported following environment variables:
ALIBABACLOUD_PROFILE
/ALIBABA_CLOUD_PROFILE
/ALICLOUD_PROFILE
: When--profile
flag is not specified, CLI use it.ALIBABACLOUD_IGNORE_PROFILE=TRUE
: When this variable is specified, CLI ignores any configuration files.ALIBABACLOUD_ACCESS_KEY_ID
/ALICLOUD_ACCESS_KEY_ID
/ACCESS_KEY_ID
: When no any specified Access Key Id, CLI use it.ALIBABACLOUD_ACCESS_KEY_SECRET
/ALICLOUD_ACCESS_KEY_SECRET
/ACCESS_KEY_SECRET
: When no any specified Access Key Secret, CLI use it.ALIBABACLOUD_SECURITY_TOKEN
/ALICLOUD_SECURITY_TOKEN
/SECURITY_TOKEN
: When no any specified Security Token, CLI use it.ALIBABACLOUD_REGION_ID
/ALICLOUD_REGION_ID
/REGION
: When no any specified Region Id, CLI use it.DEBUG=sdk
:Through this variable, CLI display http request information. It helpful for troubleshooting.
Getting Help
We use GitHub issues to track bugs and feature requests for user feedback. Please visit the following site for assistance:
- Please visit Alibaba Cloud CLI for the manual.
- Ask a question on Stack Overflow and tag it with aliyun-cli
- If you find a bug or want to add a feature, please submit issue.