Alibaba Cloud Access Key

Overview

An Alibaba Cloud Access Key is required to authenticate requests from AutoSSL to Alibaba Cloud services. By adding an Access Key, you authorize AutoSSL to perform specific actions on your behalf, such as deploying SSL certificates to various Alibaba Cloud resources.

Configuration Parameters

How to Get an Access Key

1. Log in to the Alibaba Cloud RAM Console.
2. In the left-side navigation pane, choose Identities > Users.
3. Create a new RAM user (or select an existing one) and ensure that OpenAPI Access is enabled.
4. After creation, you will see the AccessKey ID and AccessKey Secret. Copy these values and paste them into AutoSSL.

For more detailed instructions, please refer to the Alibaba Cloud documentation on creating an AccessKey.

Security Recommendations

To improve the security of your Access Keys, we strongly recommend the following practices:

• Use RAM Users: Never use the Access Key of your Alibaba Cloud root account. Always create a dedicated RAM (Resource Access Management) user for AutoSSL.
• Principle of Least Privilege: Only grant the RAM user the exact permissions needed for the specific deployment targets you intend to use. Avoid granting administrator privileges like AliyunFullAccess.
• Regular Rotation: Periodically rotate (create a new one and delete the old one) your Access Keys to minimize the risk of leaked credentials.

Supported Deployment Targets

The Alibaba Cloud Access Key is used by the following deployment providers in AutoSSL:

• Alibaba Cloud FC3: Deploys certificates to Function Compute 3.0 custom domains.
• Alibaba Cloud CDN: Deploys certificates to Alibaba Cloud Content Delivery Network (CDN) domains.
• Alibaba Cloud CAS: Uploads and manages certificates in the Alibaba Cloud Certificate Management Service (CAS).