{"id":107,"date":"2026-04-12T20:33:20","date_gmt":"2026-04-12T20:33:20","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/alibaba-cloud-sdk-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools\/"},"modified":"2026-04-12T20:33:20","modified_gmt":"2026-04-12T20:33:20","slug":"alibaba-cloud-sdk-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/alibaba-cloud-sdk-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-developer-tools\/","title":{"rendered":"Alibaba Cloud SDK Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Developer Tools"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Category<\/h2>\n\n\n\n<p>Developer Tools<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Introduction<\/h2>\n\n\n\n<p>Alibaba Cloud SDK is the official set of software development kits that help you call Alibaba Cloud APIs from your applications, scripts, and automation tools\u2014without manually building HTTP requests, request signatures, or parsing raw JSON responses.<\/p>\n\n\n\n<p>In simple terms: you install an SDK for your programming language (for example Python, Java, Go, Node.js, PHP, or .NET), provide credentials, and then call Alibaba Cloud services using idiomatic code (methods, request objects, and response objects).<\/p>\n\n\n\n<p>In more technical terms, Alibaba Cloud SDKs are client libraries that implement Alibaba Cloud OpenAPI request signing, endpoint selection, request\/response modeling, and common transport concerns (TLS\/HTTPS, timeouts, and error handling patterns). Many Alibaba Cloud services publish OpenAPI definitions; the SDKs are generated and\/or maintained to match those OpenAPI operations so your code can call actions like <code>DescribeInstances<\/code> (ECS), <code>PutObject<\/code> (OSS), or <code>CreateLoadBalancer<\/code> (SLB) with less boilerplate and fewer protocol mistakes.<\/p>\n\n\n\n<p>The SDK solves a practical problem: <strong>reliable, secure, maintainable access to Alibaba Cloud APIs in code<\/strong>, which is essential for automation, DevOps workflows, custom platforms, internal tools, microservices, and production applications.<\/p>\n\n\n\n<blockquote>\n<p>Naming note (important): \u201cAlibaba Cloud SDK\u201d is an umbrella term used by Alibaba Cloud for multiple language SDKs and multiple generations (for example, older\/legacy SDKs and newer OpenAPI\/Tea-based SDKs). Always verify in official documentation which SDK generation is recommended for your target service and language, and whether a legacy SDK is in maintenance mode.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">2. What is Alibaba Cloud SDK?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Official purpose<\/h3>\n\n\n\n<p>Alibaba Cloud SDK provides <strong>official client libraries<\/strong> that enable developers and operators to interact programmatically with Alibaba Cloud services through OpenAPI, using mainstream programming languages.<\/p>\n\n\n\n<p>Official documentation entry point (SDK docs):<br\/>\nhttps:\/\/www.alibabacloud.com\/help\/en\/sdk<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Core capabilities<\/h3>\n\n\n\n<p>At a high level, Alibaba Cloud SDK helps you:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Authenticate to Alibaba Cloud APIs using supported credential types (for example AccessKey-based credentials, and temporary STS credentials in many workflows).<\/li>\n<li>Construct API requests using language-native models (where supported) instead of raw HTTP.<\/li>\n<li>Send requests over HTTPS to Alibaba Cloud OpenAPI endpoints and receive structured responses.<\/li>\n<li>Handle common concerns such as request signing, canonicalization, endpoint resolution, retries\/timeouts patterns (capability varies by SDK and language\u2014verify in official docs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Major components (conceptual)<\/h3>\n\n\n\n<p>Depending on language and SDK generation, you will typically see:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>A core library<\/strong>: shared runtime, signing, HTTP transport, credential handling.<\/li>\n<li><strong>Service-specific clients<\/strong>: per-service packages\/modules (for example ECS, OSS, RAM, STS).<\/li>\n<li><strong>Models<\/strong>: request\/response classes that map to OpenAPI parameters and fields.<\/li>\n<li><strong>Utilities<\/strong>: runtime options, pagination helpers, error objects.<\/li>\n<\/ul>\n\n\n\n<p>Alibaba Cloud also publishes related \u201cDeveloper Tools\u201d that often complement the SDK:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alibaba Cloud CLI<\/strong> (command-line access to APIs)<\/li>\n<li><strong>OpenAPI Explorer<\/strong> (API browsing + sample code generation): https:\/\/api.aliyun.com<\/li>\n<li><strong>Terraform provider<\/strong> (infrastructure as code)<\/li>\n<li><strong>ROS (Resource Orchestration Service)<\/strong> templates (deployment orchestration)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Service type<\/h3>\n\n\n\n<p>Alibaba Cloud SDK is a <strong>Developer Tools<\/strong> offering (client libraries), not a managed runtime service. It runs wherever your code runs: laptops, CI\/CD runners, containers, ECS, Function Compute, ACK (Kubernetes), or on-premises.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Scope: regional\/global\/account scoping (as applicable)<\/h3>\n\n\n\n<p>Because the SDK is a client-side library:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Account-scoped credentials<\/strong>: Your identity is defined by the Alibaba Cloud account\/RAM principal whose credentials you use.<\/li>\n<li><strong>Region-scoped operations<\/strong>: Most service calls are <em>region-specific<\/em> (for example ECS resources in <code>cn-hangzhou<\/code>), and the SDK usually requires you to set a <code>region<\/code>\/<code>region_id<\/code>.<\/li>\n<li><strong>Global services<\/strong>: Some services or endpoints behave globally or are not strictly regional (varies by service\u2014verify in the target service docs).<\/li>\n<li><strong>Project\/namespace scoping<\/strong>: Some services (for example logging or container platforms) may have project\/cluster-level scoping. That scoping is a property of the service API, not the SDK itself.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How it fits into the Alibaba Cloud ecosystem<\/h3>\n\n\n\n<p>Alibaba Cloud SDK is the \u201cglue\u201d that lets you:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automate cloud operations directly from code<\/li>\n<li>Build internal developer platforms (IDPs)<\/li>\n<li>Integrate Alibaba Cloud services into business applications<\/li>\n<li>Replace manual console steps with repeatable, reviewable automation<\/li>\n<li>Implement security best practices like temporary credentials (STS) and least privilege (RAM)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Why use Alibaba Cloud SDK?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Business reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Faster delivery<\/strong>: Teams ship features and infrastructure automation faster than manual console operations.<\/li>\n<li><strong>Repeatability and auditability<\/strong>: SDK-based automation can be reviewed, tested, version-controlled, and audited.<\/li>\n<li><strong>Reduced operational risk<\/strong>: Fewer human mistakes when provisioning, changing, or querying cloud resources.<\/li>\n<li><strong>Vendor-supported tooling<\/strong>: Official SDKs reduce the risk of protocol\/signing bugs compared to ad-hoc REST integrations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Technical reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Correct request signing<\/strong>: Alibaba Cloud OpenAPI requires signed requests; SDKs implement signing logic.<\/li>\n<li><strong>Language-native development<\/strong>: Use familiar constructs (classes, methods, async patterns) rather than building HTTP calls.<\/li>\n<li><strong>Typed models (where supported)<\/strong>: Stronger correctness and discoverability compared to raw JSON.<\/li>\n<li><strong>Better error handling patterns<\/strong>: SDKs typically provide structured exceptions\/errors with request IDs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operational reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Automation across environments<\/strong>: Local dev, CI\/CD, staging, production all use the same code path.<\/li>\n<li><strong>Integrates with configuration management<\/strong>: Use environment variables, secrets managers, container orchestration patterns.<\/li>\n<li><strong>Supports operational tooling<\/strong>: Useful for internal admin tools, scheduled jobs, and SRE automation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/compliance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Least privilege with RAM<\/strong>: Use RAM policies to tightly scope what the SDK can do.<\/li>\n<li><strong>Temporary credentials<\/strong>: Prefer STS for short-lived access in CI\/CD or workloads.<\/li>\n<li><strong>Auditable API calls<\/strong>: API calls can be tracked via Alibaba Cloud auditing\/governance services (verify the appropriate service such as ActionTrail in official docs).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Scalability\/performance reasons<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Efficient API usage<\/strong>: SDK patterns encourage reusing clients, pooling connections, and reducing overhead.<\/li>\n<li><strong>Pagination and batching<\/strong>: Many APIs require pagination; SDKs make it easier to implement correctly.<\/li>\n<li><strong>Works in distributed systems<\/strong>: Microservices can call cloud APIs where appropriate (with guardrails).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should choose Alibaba Cloud SDK<\/h3>\n\n\n\n<p>Choose Alibaba Cloud SDK when you need:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Programmatic access to Alibaba Cloud services<\/li>\n<li>Fine-grained automation embedded in an application<\/li>\n<li>Integration into CI\/CD pipelines<\/li>\n<li>Custom tooling beyond what CLI\/Terraform\/ROS provides<\/li>\n<li>Service-to-service operations (for example, creating OSS signed URLs, reading ECS instance metadata then updating DNS)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">When teams should not choose it<\/h3>\n\n\n\n<p>Avoid or reconsider Alibaba Cloud SDK when:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>You only need one-off manual operations<\/strong> (use the console or CLI)<\/li>\n<li><strong>You are building repeatable infrastructure<\/strong> and Terraform\/ROS fits better (SDK is imperative; IaC is declarative)<\/li>\n<li><strong>You need cross-cloud abstraction<\/strong> and want to minimize provider-specific code (SDK ties you to Alibaba Cloud APIs)<\/li>\n<li><strong>Your workload is extremely latency-sensitive<\/strong> and you would be calling control-plane APIs on hot paths (use caching, asynchronous workflows, or separate control-plane operations from data-plane operations)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Where is Alibaba Cloud SDK used?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Industries<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SaaS and internet platforms running on Alibaba Cloud<\/li>\n<li>Financial services and fintech (with strict IAM controls and audit requirements)<\/li>\n<li>E-commerce and media platforms (automation around scaling, storage, CDN, security)<\/li>\n<li>Manufacturing\/IoT platforms integrating device data and cloud storage\/analytics<\/li>\n<li>Gaming backends provisioning compute, networking, and observability components<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Team types<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Application developers integrating OSS, SMS, push notifications, CDN, or database APIs<\/li>\n<li>DevOps engineers automating provisioning and post-deployment configuration<\/li>\n<li>SREs creating incident-response automation and remediation scripts<\/li>\n<li>Platform engineering teams building self-service portals<\/li>\n<li>Security engineering teams implementing policy checks and audit automation<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Workloads<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CI\/CD pipelines that deploy and verify resources<\/li>\n<li>Scheduled \u201cops jobs\u201d for compliance checks and housekeeping<\/li>\n<li>Microservices that generate signed URLs, rotate credentials, or query resource metadata<\/li>\n<li>Data pipelines that coordinate object storage and compute resources<\/li>\n<li>Multi-account governance scripts<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Architectures and deployment contexts<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Development<\/strong>: local scripts, notebooks, unit tests<\/li>\n<li><strong>Test\/QA<\/strong>: integration tests and ephemeral environment provisioning<\/li>\n<li><strong>Production<\/strong>: internal control-plane services, platform APIs, admin backends, automation runners<\/li>\n<\/ul>\n\n\n\n<p>A common pattern is: Terraform\/ROS sets up baseline infrastructure, and Alibaba Cloud SDK handles <strong>runtime operations<\/strong> (for example, creating temporary access, rotating secrets, managing objects, or triggering scaling workflows).<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Top Use Cases and Scenarios<\/h2>\n\n\n\n<p>Below are realistic, commonly implemented scenarios. Each example assumes you are using the Alibaba Cloud SDK appropriate for your language and the target service.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Automated resource inventory (asset discovery)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You need an up-to-date inventory of ECS instances, disks, VPCs, and security groups for operations and compliance.<\/li>\n<li><strong>Why Alibaba Cloud SDK fits<\/strong>: You can query multiple services via OpenAPI and consolidate results into a CMDB or dashboard.<\/li>\n<li><strong>Example<\/strong>: A nightly job calls ECS <code>DescribeInstances<\/code> in each region and exports instance tags, security group IDs, and IPs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) CI\/CD environment smoke tests<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: After deployment, you want to programmatically verify that key resources exist and are configured.<\/li>\n<li><strong>Why it fits<\/strong>: SDK enables integration tests that query service states.<\/li>\n<li><strong>Example<\/strong>: A pipeline calls SLB\/ALB APIs to verify listeners and backend servers are healthy, then queries Log Service (SLS) to confirm logs are arriving.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Least-privilege provisioning for ephemeral jobs (STS)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: CI runners need temporary access without storing long-lived keys.<\/li>\n<li><strong>Why it fits<\/strong>: Many workflows use Security Token Service (STS) tokens with limited lifetime and scoped policies.<\/li>\n<li><strong>Example<\/strong>: A GitLab job assumes a RAM role, obtains STS credentials, then uploads build artifacts to OSS.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Building an internal self-service portal<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Developers need a portal to request test environments, buckets, or DNS records without console access.<\/li>\n<li><strong>Why it fits<\/strong>: SDK calls can enforce policy and approvals in code.<\/li>\n<li><strong>Example<\/strong>: A portal creates an OSS bucket and applies naming, tags, and lifecycle rules based on approved requests.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Scheduled cleanup of unused resources<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Orphaned disks, snapshots, and elastic IPs inflate costs.<\/li>\n<li><strong>Why it fits<\/strong>: SDK can list resources and delete those matching safe rules.<\/li>\n<li><strong>Example<\/strong>: A weekly job finds ECS snapshots older than retention rules and deletes them after validation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Object storage automation (OSS)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Your app must upload\/download objects, generate pre-signed URLs, and manage bucket policies.<\/li>\n<li><strong>Why it fits<\/strong>: Alibaba Cloud SDK supports OSS operations with authentication and request signing.<\/li>\n<li><strong>Example<\/strong>: A backend generates time-limited download links for customer invoices stored in OSS.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) DNS automation for dynamic environments<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Blue\/green deployments require automated DNS updates.<\/li>\n<li><strong>Why it fits<\/strong>: SDK can update Alibaba Cloud DNS records as part of release automation.<\/li>\n<li><strong>Example<\/strong>: After deploying a new ingress IP, the pipeline updates the A record via DNS API and waits for propagation checks.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) On-demand scaling workflows<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You need to scale ECS or container nodes during traffic spikes and scale down later.<\/li>\n<li><strong>Why it fits<\/strong>: SDK allows custom scaling policies and integration with your metrics.<\/li>\n<li><strong>Example<\/strong>: A controller reads business KPIs and triggers scaling actions when queue backlog exceeds thresholds.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Compliance checks and guardrails<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You must ensure encryption, public exposure rules, and tag policies are followed.<\/li>\n<li><strong>Why it fits<\/strong>: SDK can query configuration and enforce or report on violations.<\/li>\n<li><strong>Example<\/strong>: A security job checks which OSS buckets allow public read and flags them (or automatically remediates, if approved).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Operational incident response automation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: During incidents, responders need fast, repeatable actions.<\/li>\n<li><strong>Why it fits<\/strong>: SDK scripts can be packaged as runbooks.<\/li>\n<li><strong>Example<\/strong>: A runbook disables a risky security group rule, captures instance snapshots (if appropriate), and adds incident tags.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">11) Account and IAM hygiene automation (RAM)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: Periodic access key rotation and permission review is required.<\/li>\n<li><strong>Why it fits<\/strong>: SDK can manage RAM users, access keys, and policy attachments (carefully).<\/li>\n<li><strong>Example<\/strong>: A quarterly automation identifies keys older than policy threshold and opens a ticket\/workflow for rotation (avoid forced rotation without coordination).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">12) Multi-region operations orchestration<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: You operate in multiple regions for latency or DR and need consistent operations.<\/li>\n<li><strong>Why it fits<\/strong>: SDK can iterate regions and apply the same logic per region with region-aware endpoints.<\/li>\n<li><strong>Example<\/strong>: A DR drill script validates that essential resources exist in the secondary region and that backups are current.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Core Features<\/h2>\n\n\n\n<p>Because \u201cAlibaba Cloud SDK\u201d covers multiple languages and SDK generations, features can vary. The items below describe commonly documented capabilities; verify your specific language SDK documentation for exact behavior.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Multi-language SDK support<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Provides official SDKs for popular languages (for example Java, Python, Go, Node.js, PHP, .NET).<\/li>\n<li><strong>Why it matters<\/strong>: Teams can standardize on official tooling regardless of their stack.<\/li>\n<li><strong>Practical benefit<\/strong>: Faster onboarding and fewer custom wrappers.<\/li>\n<li><strong>Caveat<\/strong>: Feature parity is not always identical across languages; always check the per-language docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) OpenAPI integration (service clients that map to API actions)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Exposes service actions (operations) as methods or typed calls.<\/li>\n<li><strong>Why it matters<\/strong>: Reduces errors in parameter names, request structure, and response parsing.<\/li>\n<li><strong>Practical benefit<\/strong>: Makes automation code readable and maintainable.<\/li>\n<li><strong>Caveat<\/strong>: Some newer services or very new API versions may lag; verify service support in the SDK Center\/docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Request signing and authentication<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Implements required signing logic for Alibaba Cloud API requests, and attaches credentials.<\/li>\n<li><strong>Why it matters<\/strong>: Manual signing is easy to get wrong and can be security-sensitive.<\/li>\n<li><strong>Practical benefit<\/strong>: Fewer authentication errors (<code>SignatureDoesNotMatch<\/code>, <code>InvalidAccessKeyId<\/code>).<\/li>\n<li><strong>Caveat<\/strong>: The exact signing algorithm depends on the API style\/version; follow official SDK usage.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Endpoint and region handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Helps resolve service endpoints for regions and products.<\/li>\n<li><strong>Why it matters<\/strong>: Many APIs are region-scoped; calling the wrong region causes confusing \u201cresource not found\u201d or permission errors.<\/li>\n<li><strong>Practical benefit<\/strong>: Easier multi-region scripts and safer production operations.<\/li>\n<li><strong>Caveat<\/strong>: Some services have special endpoint rules; verify in service docs.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Credential provider patterns (varies by SDK)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Supports credentials from environment variables, configuration files, or explicit parameters. Many workflows also support temporary credentials (STS).<\/li>\n<li><strong>Why it matters<\/strong>: Helps implement secure patterns (no hard-coded secrets).<\/li>\n<li><strong>Practical benefit<\/strong>: Works well in CI\/CD, containers, and production runtime environments.<\/li>\n<li><strong>Caveat<\/strong>: The exact \u201ccredential chain\u201d differs by language SDK; verify supported methods and precedence.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6) Runtime options (timeouts, proxies, retries) (varies by SDK)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Lets you configure HTTP timeouts, proxy settings, and sometimes retry behavior.<\/li>\n<li><strong>Why it matters<\/strong>: Control-plane APIs are network calls; timeouts and retries must be tuned.<\/li>\n<li><strong>Practical benefit<\/strong>: More reliable automation in flaky network environments.<\/li>\n<li><strong>Caveat<\/strong>: Retries may not be enabled by default; and retries can cause duplicate actions for non-idempotent APIs. Use idempotency tokens where supported.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">7) Structured errors and request IDs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Provides exceptions\/errors that include codes and request IDs.<\/li>\n<li><strong>Why it matters<\/strong>: Request IDs are critical for support cases and root-cause analysis.<\/li>\n<li><strong>Practical benefit<\/strong>: Faster troubleshooting, better logging.<\/li>\n<li><strong>Caveat<\/strong>: Ensure your application logs request IDs and key error fields.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">8) Pagination patterns (service-dependent)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Supports calling paginated list APIs and iterating over pages.<\/li>\n<li><strong>Why it matters<\/strong>: Large accounts can have thousands of resources.<\/li>\n<li><strong>Practical benefit<\/strong>: Avoids missing resources due to default page sizes.<\/li>\n<li><strong>Caveat<\/strong>: Pagination style differs across APIs (<code>PageNumber\/PageSize<\/code>, <code>NextToken<\/code>, etc.); implement carefully.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">9) Integration with Alibaba Cloud Developer Tools ecosystem<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Works alongside CLI, OpenAPI Explorer, and IaC.<\/li>\n<li><strong>Why it matters<\/strong>: Teams can prototype in OpenAPI Explorer, then port code to SDK.<\/li>\n<li><strong>Practical benefit<\/strong>: Faster prototyping and less guesswork.<\/li>\n<li><strong>Caveat<\/strong>: Code generated by Explorer should be reviewed for security and best practices (credential handling, retries, logging).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">10) Backward compatibility options (legacy SDKs)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What it does<\/strong>: Many organizations still run older SDK versions; Alibaba Cloud often maintains legacy packages for compatibility.<\/li>\n<li><strong>Why it matters<\/strong>: Migration can be non-trivial for large codebases.<\/li>\n<li><strong>Practical benefit<\/strong>: You can upgrade at a controlled pace.<\/li>\n<li><strong>Caveat<\/strong>: Legacy SDKs may not support new APIs or recommended auth patterns. Confirm maintenance status in official docs\/release notes.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Architecture and How It Works<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">High-level architecture<\/h3>\n\n\n\n<p>Alibaba Cloud SDK is a client library inside your code. Your code:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Loads credentials (AccessKey or STS token) and configuration (region, endpoint).<\/li>\n<li>Creates a service client.<\/li>\n<li>Constructs a request object (or parameters).<\/li>\n<li>SDK signs the request and sends it over HTTPS to the service\u2019s OpenAPI endpoint.<\/li>\n<li>The Alibaba Cloud service authenticates and authorizes the request using RAM policies.<\/li>\n<li>The service executes the action and returns a response.<\/li>\n<li>SDK parses the response and returns structured data or throws an error.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Request \/ data \/ control flow<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Control plane<\/strong>: Most SDK calls are control-plane operations (create\/update\/list resources).<\/li>\n<li><strong>Data plane<\/strong>: Some services (like OSS) have data-plane operations for object read\/write. Those calls can be frequent and can affect performance and cost.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Integrations with related services<\/h3>\n\n\n\n<p>Common cross-service patterns include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>RAM (Resource Access Management)<\/strong>: identity (users, roles, policies) used by SDK credentials.<br\/>\n  Docs: https:\/\/www.alibabacloud.com\/help\/en\/ram<\/li>\n<li><strong>STS (Security Token Service)<\/strong>: temporary credentials for short-lived access.<br\/>\n  Docs: https:\/\/www.alibabacloud.com\/help\/en\/security-token-service<\/li>\n<li><strong>ActionTrail (audit logging)<\/strong> (verify in official docs): tracks API calls for auditing and governance.<\/li>\n<li><strong>KMS \/ Secrets Manager<\/strong> (verify exact product name and docs): store secrets and rotate keys; avoid embedding AccessKeys in code.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Dependency services<\/h3>\n\n\n\n<p>Alibaba Cloud SDK depends on:\n&#8211; Alibaba Cloud OpenAPI endpoints\n&#8211; The target service (ECS\/OSS\/RDS\/etc.)\n&#8211; RAM for authorization decisions\n&#8211; Your runtime\u2019s networking stack (DNS, TLS, outbound connectivity)<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Security\/authentication model<\/h3>\n\n\n\n<p>Typical authentication options (service- and SDK-dependent):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AccessKey ID + AccessKey Secret<\/strong> for a RAM user (common for initial testing; must be protected).<\/li>\n<li><strong>STS temporary credentials<\/strong> obtained by assuming a RAM role (recommended for CI\/CD and workloads).<\/li>\n<li><strong>Instance\/container role credentials<\/strong> (where supported) so you avoid long-lived keys; verify the recommended method for ECS\/ACK\/Function Compute in official docs.<\/li>\n<\/ul>\n\n\n\n<p>Authorization is enforced by <strong>RAM policies<\/strong> attached to the principal (user or role). Even if credentials are valid, API calls fail if the RAM policy doesn\u2019t allow the action.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Networking model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SDK calls go over <strong>HTTPS<\/strong> to Alibaba Cloud endpoints.<\/li>\n<li>If your code runs in a VPC, it still needs egress to the OpenAPI endpoint (commonly via NAT Gateway or other controlled egress patterns). Exact private connectivity options vary by service\u2014verify in official docs.<\/li>\n<li>For OSS and other data-plane services, consider network topology (in-region access vs cross-region access) because latency and data transfer can dominate.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n<p>For production use:\n&#8211; Log each API call outcome with: timestamp, service, operation, region, resource identifiers (safe subset), HTTP status, error code, and <strong>request ID<\/strong>.\n&#8211; Emit metrics: call rate, error rate by error code, latency percentiles.\n&#8211; Establish alerting for spikes in <code>Forbidden<\/code>, <code>Throttling<\/code>, <code>SignatureDoesNotMatch<\/code>, and timeouts.\n&#8211; Use ActionTrail (or equivalent) for governance and audit trails (verify configuration in official docs).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Simple architecture diagram (developer workstation \u2192 API)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart LR\n  Dev[Developer \/ CI Runner] --&gt;|SDK call over HTTPS| SDK[Alibaba Cloud SDK]\n  SDK --&gt;|Signed OpenAPI request| API[Alibaba Cloud OpenAPI Endpoint]\n  API --&gt;|AuthZ via RAM| RAM[Resource Access Management (RAM)]\n  API --&gt; SVC[Target Service (e.g., ECS\/OSS\/RDS)]\n  SVC --&gt; API --&gt; SDK --&gt; Dev\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Production-style architecture diagram (platform automation + STS + audit)<\/h3>\n\n\n\n<pre><code class=\"language-mermaid\">flowchart TB\n  subgraph Runtime[\"Production Runtime (ECS \/ ACK \/ CI)\"]\n    App[Automation Service \/ Microservice]\n    SDK2[Alibaba Cloud SDK]\n    App --&gt; SDK2\n  end\n\n  subgraph Identity[\"Identity &amp; Secrets\"]\n    RAM2[RAM Users\/Roles\/Policies]\n    STS2[STS Temporary Credentials]\n    Secrets[Secrets Manager or External Vault\\n(verify product choice)]\n    RAM2 --&gt; STS2\n    Secrets --&gt; App\n  end\n\n  subgraph Cloud[\"Alibaba Cloud Control Plane\"]\n    OpenAPI[OpenAPI Endpoints]\n    ECS[ECS API]\n    OSS[OSS API]\n    DNS[DNS API]\n    Trail[ActionTrail \/ Audit Logs\\n(verify in docs)]\n  end\n\n  SDK2 --&gt;|AssumeRole \/ Get token| STS2\n  SDK2 --&gt;|HTTPS signed requests| OpenAPI\n  OpenAPI --&gt; ECS\n  OpenAPI --&gt; OSS\n  OpenAPI --&gt; DNS\n  OpenAPI --&gt; Trail\n  OpenAPI --&gt; RAM2\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Prerequisites<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Account requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An <strong>Alibaba Cloud account<\/strong> with billing enabled.<\/li>\n<li>A <strong>RAM user or RAM role<\/strong> for programmatic access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Permissions \/ IAM (RAM)<\/h3>\n\n\n\n<p>For the hands-on lab in this tutorial (read-only ECS API calls):\n&#8211; Create a RAM user (or role) and attach a minimal policy such as an ECS read-only policy.\n&#8211; Alibaba Cloud provides system policies like <code>AliyunECSReadOnlyAccess<\/code> (names can vary\u2014verify in the RAM console).<\/p>\n\n\n\n<p>RAM docs entry point: https:\/\/www.alibabacloud.com\/help\/en\/ram<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Billing requirements<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The SDK itself has no separate charge, but <strong>the services you call may be billable<\/strong>.<\/li>\n<li>The lab uses a read-only ECS API call that should not create resources, but API usage policies and billing vary by service\u2014verify in official docs if you have strict cost controls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tools needed (for the lab)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A machine with outbound internet access to Alibaba Cloud endpoints.<\/li>\n<li>Python 3.9+ (3.10\/3.11 also typically fine).<\/li>\n<li><code>pip<\/code> and <code>venv<\/code> (or equivalent virtual environment tooling).<\/li>\n<li>Optional: Git for source control.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Region availability<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Alibaba Cloud APIs are region-based. You must pick a region (for example <code>cn-hangzhou<\/code>, <code>ap-southeast-1<\/code>, etc.) that is enabled for your account.<\/li>\n<li>Some services are not available in all regions. Verify the target service availability.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Quotas \/ limits<\/h3>\n\n\n\n<p>Potential limits that can affect SDK usage:\n&#8211; API request rate limits (per account, per user, per API action).\n&#8211; RAM limits (number of users\/roles\/keys).\n&#8211; STS token duration limits and AssumeRole rate limits.<\/p>\n\n\n\n<p>Exact quotas vary; verify quotas in the relevant service documentation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Prerequisite services (for this tutorial)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ECS<\/strong>: Only for calling the ECS OpenAPI action <code>DescribeRegions<\/code> (read-only). This does not require you to provision any ECS instances.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Pricing \/ Cost<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing model (accurate framing)<\/h3>\n\n\n\n<p>Alibaba Cloud SDK is a <strong>Developer Tools library<\/strong> and is generally <strong>free to download and use<\/strong>. There is no \u201cSDK hourly rate.\u201d<\/p>\n\n\n\n<p>Your costs come from:\n1. <strong>The Alibaba Cloud services you call<\/strong> (ECS, OSS, RDS, SLB, etc.).\n2. <strong>API request charges<\/strong> (only for services that bill per request\u2014many control-plane APIs are not billed separately, but some data-plane operations may be).\n3. <strong>Network egress<\/strong> (internet data transfer out can be charged).\n4. <strong>Compute where your code runs<\/strong> (CI runners, ECS instances, containers).\n5. <strong>Logging\/monitoring<\/strong> if you export logs\/metrics to a paid observability service.<\/p>\n\n\n\n<p>Because pricing is service- and region-dependent, do not assume a uniform cost structure across API calls.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Official sources<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SDK documentation: https:\/\/www.alibabacloud.com\/help\/en\/sdk<\/li>\n<li>Alibaba Cloud Pricing (entry point): https:\/\/www.alibabacloud.com\/pricing  <\/li>\n<li>Pricing Calculator (if available for your account\/region): verify in official Alibaba Cloud console\/pricing pages.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Pricing dimensions you should expect<\/h3>\n\n\n\n<p>When using Alibaba Cloud SDK to automate cloud operations, costs typically scale with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Number of resources created<\/strong> (instances, databases, load balancers)<\/li>\n<li><strong>Time resources run<\/strong> (instance-hours, storage GB-month)<\/li>\n<li><strong>Storage size and request volume<\/strong> (OSS operations, retrieval)<\/li>\n<li><strong>Data transfer<\/strong>:<\/li>\n<li>Intra-region often cheaper than cross-region<\/li>\n<li>Internet egress typically charged<\/li>\n<li><strong>Managed service tiers\/editions<\/strong> (for example, database editions)<\/li>\n<li><strong>Snapshots\/backups<\/strong> and retention (often easy to forget)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Free tier<\/h3>\n\n\n\n<p>Alibaba Cloud free tier eligibility depends on the service, region, and account status. The SDK itself doesn\u2019t define a free tier; check the free tier pages for each service you plan to use.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cost drivers (direct + indirect)<\/h3>\n\n\n\n<p><strong>Direct<\/strong>\n&#8211; Creating resources via SDK (accidental provisioning can be expensive).\n&#8211; High-frequency data-plane API operations (for example, OSS PUT\/GET at high scale).<\/p>\n\n\n\n<p><strong>Indirect<\/strong>\n&#8211; Excessive logging of large responses or sensitive data.\n&#8211; CI pipelines that run too frequently and call many APIs.\n&#8211; Cross-region traffic caused by misconfigured regions\/endpoints.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Hidden \u201cgotcha\u201d costs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Orphaned resources<\/strong> created by automation and not cleaned up (disks, EIPs, snapshots).<\/li>\n<li><strong>Retries<\/strong> amplifying request volume (especially for throttled APIs).<\/li>\n<li><strong>Multi-region loops<\/strong> that unintentionally call every region.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">How to optimize cost<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer read-only calls for discovery\/validation rather than creating resources.<\/li>\n<li>Implement explicit \u201cdry run\u201d modes for automation scripts.<\/li>\n<li>Tag all resources created by automation with <code>Owner<\/code>, <code>Environment<\/code>, <code>CostCenter<\/code>, <code>TTL<\/code>.<\/li>\n<li>Rate-limit and cache inventory calls.<\/li>\n<li>In CI\/CD, avoid calling APIs on every commit if it can be batched per merge or nightly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n<p>A minimal learning setup can cost <strong>near zero<\/strong> if you:\n&#8211; Only run read-only API calls like \u201clist regions\u201d or \u201cdescribe resource metadata,\u201d and\n&#8211; Avoid provisioning paid resources, and\n&#8211; Keep your scripts local and avoid storing large data.<\/p>\n\n\n\n<p>However, always verify whether a target service bills for API calls or required prerequisites.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Example production cost considerations<\/h3>\n\n\n\n<p>In production, Alibaba Cloud SDK is often used to orchestrate services with the dominant costs being:\n&#8211; Compute (ECS\/ACK\/Function Compute)\n&#8211; Storage (OSS, snapshots, backups)\n&#8211; Managed databases\n&#8211; Networking (NAT Gateway, EIP, internet egress)\n&#8211; Observability (log ingestion, retention)<\/p>\n\n\n\n<p>The SDK\u2019s \u201ccost impact\u201d is primarily through <strong>what it automates<\/strong> and <strong>how often it calls APIs<\/strong>, not the SDK itself.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Objective<\/h3>\n\n\n\n<p>Use <strong>Alibaba Cloud SDK<\/strong> (Python example) to call an Alibaba Cloud OpenAPI operation safely and cheaply by:\n&#8211; Creating a least-privilege RAM user for API read access\n&#8211; Configuring credentials securely using environment variables\n&#8211; Calling the ECS API action to list available Alibaba Cloud regions\n&#8211; Validating results and cleaning up access keys<\/p>\n\n\n\n<p>This lab avoids provisioning billable infrastructure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lab Overview<\/h3>\n\n\n\n<p>You will:\n1. Create a RAM user and an AccessKey (for lab use only).\n2. Attach a read-only ECS policy to the RAM user.\n3. Set environment variables locally (no hard-coded secrets).\n4. Install Alibaba Cloud SDK for ECS (Python).\n5. Run a script that calls <code>DescribeRegions<\/code>.\n6. Validate output and troubleshoot common errors.\n7. Clean up by deleting the AccessKey (and optionally the RAM user).<\/p>\n\n\n\n<blockquote>\n<p>Security note: For production, prefer STS temporary credentials and\/or role-based credentials. This lab uses an AccessKey to keep the workflow simple and reproducible for beginners.<\/p>\n<\/blockquote>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Create a RAM user for API access (least privilege)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Sign in to the Alibaba Cloud console.<\/li>\n<li>Go to <strong>Resource Access Management (RAM)<\/strong>: https:\/\/www.alibabacloud.com\/help\/en\/ram<\/li>\n<li>\n<p>Create a new <strong>RAM User<\/strong> intended for programmatic access, for example:\n   &#8211; User name: <code>sdk-lab-readonly<\/code>\n   &#8211; Access mode: <strong>Programmatic access<\/strong> (AccessKey)<\/p>\n<\/li>\n<li>\n<p>Create an <strong>AccessKey<\/strong> for this RAM user and record:\n   &#8211; <code>AccessKeyId<\/code>\n   &#8211; <code>AccessKeySecret<\/code> (displayed once)<\/p>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Expected outcome<\/strong>: You have a RAM user and a newly created AccessKey pair.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Attach a minimal ECS read-only policy to the RAM user<\/h3>\n\n\n\n<p>In the RAM console for your new user:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Attach a system policy that allows ECS read-only operations. A common system policy name is:\n   &#8211; <code>AliyunECSReadOnlyAccess<\/code><\/li>\n<\/ol>\n\n\n\n<p>If your organization uses custom policies, attach a custom policy that allows the <code>DescribeRegions<\/code> action for ECS.<\/p>\n\n\n\n<p><strong>Expected outcome<\/strong>: The RAM user can call ECS read-only APIs without having broader permissions.<\/p>\n\n\n\n<p><strong>Verification tip<\/strong>: If you later see <code>Forbidden.RAM<\/code> errors, it usually means the policy attachment is missing or insufficient.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Prepare your local environment (Python virtual environment)<\/h3>\n\n\n\n<p>On your machine:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Confirm Python version:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">python3 --version\n<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li>Create and activate a virtual environment:<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">python3 -m venv .venv\nsource .venv\/bin\/activate\n<\/code><\/pre>\n\n\n\n<p>On Windows PowerShell:<\/p>\n\n\n\n<pre><code class=\"language-powershell\">python -m venv .venv\n.\\.venv\\Scripts\\Activate.ps1\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: Your shell prompt indicates the virtual environment is active, and Python packages will install locally.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Configure credentials using environment variables<\/h3>\n\n\n\n<p>Export your AccessKey credentials as environment variables.<\/p>\n\n\n\n<p>On macOS\/Linux:<\/p>\n\n\n\n<pre><code class=\"language-bash\">export ALIBABA_CLOUD_ACCESS_KEY_ID=\"YOUR_ACCESS_KEY_ID\"\nexport ALIBABA_CLOUD_ACCESS_KEY_SECRET=\"YOUR_ACCESS_KEY_SECRET\"\nexport ALIBABA_CLOUD_REGION_ID=\"cn-hangzhou\"\n<\/code><\/pre>\n\n\n\n<p>On Windows PowerShell:<\/p>\n\n\n\n<pre><code class=\"language-powershell\">$env:ALIBABA_CLOUD_ACCESS_KEY_ID=\"YOUR_ACCESS_KEY_ID\"\n$env:ALIBABA_CLOUD_ACCESS_KEY_SECRET=\"YOUR_ACCESS_KEY_SECRET\"\n$env:ALIBABA_CLOUD_REGION_ID=\"cn-hangzhou\"\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: Your shell environment holds credentials for the current session.<\/p>\n\n\n\n<p><strong>Security tip<\/strong>: Do not paste keys into code, commit them to Git, or store them in plain text files.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Install Alibaba Cloud SDK packages for ECS (Python)<\/h3>\n\n\n\n<p>Alibaba Cloud\u2019s newer OpenAPI SDKs commonly use per-service packages. For ECS, the package name often reflects the API version.<\/p>\n\n\n\n<p>Install the ECS SDK package:<\/p>\n\n\n\n<pre><code class=\"language-bash\">pip install --upgrade pip\npip install alibabacloud_ecs20140526\n<\/code><\/pre>\n\n\n\n<blockquote>\n<p>If this package name has changed for your environment, verify in the official SDK documentation for Python:<br\/>\nhttps:\/\/www.alibabacloud.com\/help\/en\/sdk\/developer-reference\/sdk-reference (navigate to Python), or use the SDK Center links from https:\/\/www.alibabacloud.com\/help\/en\/sdk<\/p>\n<\/blockquote>\n\n\n\n<p><strong>Expected outcome<\/strong>: The ECS SDK and its dependencies are installed into your virtual environment.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Write a script to call ECS <code>DescribeRegions<\/code><\/h3>\n\n\n\n<p>Create a file named <code>describe_regions.py<\/code>:<\/p>\n\n\n\n<pre><code class=\"language-python\">import os\nfrom alibabacloud_ecs20140526.client import Client as EcsClient\nfrom alibabacloud_tea_openapi import models as open_api_models\nfrom alibabacloud_ecs20140526 import models as ecs_models\nfrom alibabacloud_tea_util import models as util_models\n\n\ndef get_env(name: str) -&gt; str:\n    value = os.getenv(name)\n    if not value:\n        raise RuntimeError(f\"Missing required environment variable: {name}\")\n    return value\n\n\ndef main():\n    access_key_id = get_env(\"ALIBABA_CLOUD_ACCESS_KEY_ID\")\n    access_key_secret = get_env(\"ALIBABA_CLOUD_ACCESS_KEY_SECRET\")\n    region_id = os.getenv(\"ALIBABA_CLOUD_REGION_ID\", \"cn-hangzhou\")\n\n    config = open_api_models.Config(\n        access_key_id=access_key_id,\n        access_key_secret=access_key_secret,\n        region_id=region_id,\n    )\n\n    client = EcsClient(config)\n\n    request = ecs_models.DescribeRegionsRequest()\n    runtime = util_models.RuntimeOptions()\n\n    response = client.describe_regions_with_options(request, runtime)\n\n    regions = response.body.regions.region\n    print(f\"Region count returned: {len(regions)}\")\n    for r in regions:\n        # Fields can vary; \"region_id\" is common in SDK models for regions.\n        print(f\"- {r.region_id}\")\n\n\nif __name__ == \"__main__\":\n    main()\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: You have a Python script that uses Alibaba Cloud SDK to call ECS.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Step 7: Run the script<\/h3>\n\n\n\n<pre><code class=\"language-bash\">python describe_regions.py\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: Output similar to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A count of regions returned<\/li>\n<li>A list of region IDs, such as <code>cn-hangzhou<\/code>, <code>cn-shanghai<\/code>, etc. (actual output depends on API response)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Validation<\/h3>\n\n\n\n<p>Use this checklist:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>You see a non-zero region count<\/strong>.<\/li>\n<li><strong>No credentials are printed<\/strong>.<\/li>\n<li>If you intentionally set an incorrect key, you receive an authentication error (useful to confirm error handling).<\/li>\n<li>If you remove the ECS permission policy from the RAM user, you receive an authorization error (useful to confirm least privilege boundaries).<\/li>\n<\/ol>\n\n\n\n<p>Optional validation with OpenAPI Explorer:\n&#8211; Go to https:\/\/api.aliyun.com\n&#8211; Find ECS <code>DescribeRegions<\/code>\n&#8211; Compare the region list you receive via Explorer vs your SDK output<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Troubleshooting<\/h3>\n\n\n\n<p>Common issues and fixes:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1) <code>Missing required environment variable<\/code><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: You didn\u2019t export <code>ALIBABA_CLOUD_ACCESS_KEY_ID<\/code> or <code>ALIBABA_CLOUD_ACCESS_KEY_SECRET<\/code>.<\/li>\n<li><strong>Fix<\/strong>: Re-run the export commands in Step 4 in the same terminal session.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2) <code>InvalidAccessKeyId.NotFound<\/code> or similar<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: AccessKeyId is wrong, deleted, or belongs to a different account.<\/li>\n<li><strong>Fix<\/strong>: Recreate the AccessKey for the RAM user and update environment variables.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">3) <code>SignatureDoesNotMatch<\/code><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: Secret is wrong, extra whitespace, or incorrect signing due to clock skew (less common on modern systems).<\/li>\n<li><strong>Fix<\/strong>: Re-copy the secret carefully; ensure system time is correct.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">4) <code>Forbidden.RAM<\/code> \/ authorization errors<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: RAM user lacks ECS permissions (policy not attached, or wrong policy scope).<\/li>\n<li><strong>Fix<\/strong>: Attach ECS read-only policy (Step 2). Ensure the policy allows the action you\u2019re calling.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">5) Network timeouts \/ DNS failures<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: Corporate proxy, restricted outbound network, DNS issues.<\/li>\n<li><strong>Fix<\/strong>: Confirm HTTPS outbound is allowed. If your environment requires a proxy, configure the SDK\u2019s HTTP transport\/proxy settings (verify the method in your language SDK docs).<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">6) Package import errors (module not found)<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cause<\/strong>: Virtual environment not active, or wrong package installed.<\/li>\n<li><strong>Fix<\/strong>: Activate <code>.venv<\/code> and reinstall. Verify the official Python SDK package names in the Alibaba Cloud SDK documentation.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">Cleanup<\/h3>\n\n\n\n<p>To avoid lingering credentials:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\n<p>Delete the AccessKey you created for the lab:\n   &#8211; RAM console \u2192 user \u2192 AccessKey management \u2192 delete the key<\/p>\n<\/li>\n<li>\n<p>Optional: remove the RAM user if it was created only for this lab.<\/p>\n<\/li>\n<li>\n<p>Remove local environment variables by closing the terminal session. If you stored them in shell profiles, remove them.<\/p>\n<\/li>\n<li>\n<p>Delete the Python virtual environment folder:<\/p>\n<\/li>\n<\/ol>\n\n\n\n<pre><code class=\"language-bash\">deactivate\nrm -rf .venv\n<\/code><\/pre>\n\n\n\n<p><strong>Expected outcome<\/strong>: No active programmatic credentials remain from this lab.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Best Practices<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Architecture best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Separate control-plane automation from data-plane traffic<\/strong>: Don\u2019t call resource-creation APIs from latency-sensitive request paths.<\/li>\n<li><strong>Prefer declarative IaC for baseline infrastructure<\/strong>: Use ROS\/Terraform for consistent provisioning; use Alibaba Cloud SDK for runtime operations and integrations.<\/li>\n<li><strong>Design for idempotency<\/strong>: Many APIs support idempotency tokens. Use them where available to avoid duplicate resources during retries. Verify per API action.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">IAM\/security best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use RAM roles + STS for production<\/strong> whenever possible; avoid long-lived AccessKeys in workloads.<\/li>\n<li><strong>Least privilege<\/strong>: Create service-specific principals (for example, one role for OSS uploads, another for ECS read-only inventory).<\/li>\n<li><strong>Separate environments<\/strong>: Use different accounts or at least different RAM principals for dev\/test\/prod.<\/li>\n<li><strong>Rotate secrets<\/strong>: If AccessKeys must exist, rotate on a schedule and monitor usage.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Cost best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tag everything created by automation<\/strong> (Owner\/Environment\/Project\/TTL).<\/li>\n<li><strong>Add safety limits<\/strong>: Maximum number of resources created per run; block-list expensive regions or instance families in automation logic.<\/li>\n<li><strong>Implement cleanup workflows<\/strong>: Scheduled jobs to identify orphaned resources created by CI or tests.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Performance best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Reuse SDK clients<\/strong> in long-running apps to benefit from connection reuse.<\/li>\n<li><strong>Use pagination properly<\/strong> and avoid listing \u201ceverything\u201d repeatedly.<\/li>\n<li><strong>Implement caching<\/strong> for inventory data where appropriate.<\/li>\n<li><strong>Use exponential backoff<\/strong> for throttling, but avoid unbounded retries.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Reliability best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Treat API calls as unreliable<\/strong>: build retries with jitter for transient failures, and timeouts for stuck requests.<\/li>\n<li><strong>Circuit-breakers<\/strong>: In production services, avoid cascading failures if OpenAPI is slow\/unavailable.<\/li>\n<li><strong>Graceful degradation<\/strong>: If an operational API is down, your app should fail safely.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Operations best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Log request IDs<\/strong> for every failed API call.<\/li>\n<li><strong>Use structured logging<\/strong> (JSON logs, correlation IDs) for automation services.<\/li>\n<li><strong>Runbooks<\/strong>: Document common SDK errors and remediation steps for your on-call team.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Governance\/tagging\/naming best practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Standardize naming<\/strong> for resources created via SDK (prefix with app name and environment).<\/li>\n<li><strong>Enforce tags<\/strong> at creation time; treat missing tags as a failed run.<\/li>\n<li><strong>Centralize configuration<\/strong> for allowed regions, naming rules, and policy boundaries.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Security Considerations<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Identity and access model<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Alibaba Cloud SDK calls are authorized by <strong>RAM policies<\/strong> attached to a <strong>RAM user or role<\/strong>.<\/li>\n<li>Production workloads should generally use:<\/li>\n<li><strong>RAM roles<\/strong> and <strong>STS<\/strong> temporary credentials (short-lived), and\/or<\/li>\n<li>Role-based credentials provided by the runtime environment (verify the recommended patterns for ECS\/ACK\/Function Compute).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Encryption<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SDK calls use <strong>HTTPS\/TLS<\/strong> to protect data in transit.<\/li>\n<li>For services like OSS, encryption at rest is a property of the service configuration (bucket encryption, KMS integration)\u2014configure those in the service itself.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network exposure<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If workloads run in a private network (VPC), ensure outbound access to OpenAPI endpoints is controlled:<\/li>\n<li>Use NAT Gateway \/ egress controls<\/li>\n<li>Restrict outbound destinations where possible<\/li>\n<li>Monitor egress traffic<\/li>\n<li>Avoid exposing automation endpoints publicly unless required; protect them with authentication and authorization.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secrets handling<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never store AccessKeys in:<\/li>\n<li>Source code<\/li>\n<li>Git repositories<\/li>\n<li>Container images<\/li>\n<li>CI logs<\/li>\n<li>Prefer:<\/li>\n<li>Environment variables injected at runtime<\/li>\n<li>A secrets manager (Alibaba Cloud or external), with rotation<\/li>\n<li>STS tokens (short-lived)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Audit\/logging<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable and use Alibaba Cloud audit services (commonly ActionTrail\u2014verify setup in official docs).<\/li>\n<li>Capture and retain:<\/li>\n<li>Who called what API<\/li>\n<li>From where (source IP)<\/li>\n<li>When<\/li>\n<li>Whether it succeeded<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Compliance considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Compliance depends on your region, industry, and data classification.<\/li>\n<li>If you operate under strict compliance, ensure:<\/li>\n<li>Key management meets requirements (KMS\/HSM options)<\/li>\n<li>Logs are retained immutably (where required)<\/li>\n<li>IAM separation of duties is enforced<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Common security mistakes<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Using the root account AccessKey (avoid).<\/li>\n<li>Using one powerful AccessKey shared by many apps (avoid).<\/li>\n<li>Over-broad policies (for example <code>*:*<\/code> actions).<\/li>\n<li>Long-lived keys in CI\/CD variables without rotation.<\/li>\n<li>Logging full request\/response bodies that include sensitive data.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Secure deployment recommendations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a dedicated RAM role per workload with least privilege.<\/li>\n<li>Use STS and short token durations appropriate for the job.<\/li>\n<li>Restrict egress networks and monitor API error spikes.<\/li>\n<li>Implement approval workflows for dangerous operations (delete, detach, release, purge).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">13. Limitations and Gotchas<\/h2>\n\n\n\n<p>Because Alibaba Cloud SDK is a broad family, treat these as common issues to plan for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SDK generation differences<\/strong>: Older SDKs and newer OpenAPI SDKs may have different APIs, dependencies, and patterns. Migration may require code changes.<\/li>\n<li><strong>Service coverage gaps<\/strong>: Not every service action may be available in every language SDK at the same time. Verify service support.<\/li>\n<li><strong>Inconsistent pagination<\/strong>: APIs differ across services; incorrect pagination leads to incomplete inventory or missed resources.<\/li>\n<li><strong>Throttling<\/strong>: High call rates can hit API rate limits. Implement backoff and reduce unnecessary calls.<\/li>\n<li><strong>Non-idempotent operations<\/strong>: Retries can create duplicates if the API call is not idempotent; use idempotency tokens where supported.<\/li>\n<li><strong>Region confusion<\/strong>: Many \u201cresource not found\u201d issues are actually region mismatches.<\/li>\n<li><strong>Credential leakage<\/strong>: Environment variables can leak through logs or crash dumps if not handled carefully.<\/li>\n<li><strong>Time drift<\/strong>: Signed request protocols can be sensitive to system time drift; keep clocks accurate.<\/li>\n<li><strong>Network restrictions<\/strong>: Corporate proxies\/firewalls may block required endpoints; proxy configuration can be non-obvious per language.<\/li>\n<li><strong>Indirect costs<\/strong>: SDK-driven automation can quietly create costly resources if guardrails are missing.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">14. Comparison with Alternatives<\/h2>\n\n\n\n<p>Alibaba Cloud SDK is one option in the \u201cDeveloper Tools\u201d toolbox. Here\u2019s how it compares.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Comparison table<\/h3>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Option<\/th>\n<th>Best For<\/th>\n<th>Strengths<\/th>\n<th>Weaknesses<\/th>\n<th>When to Choose<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Alibaba Cloud SDK<\/strong><\/td>\n<td>Embedding Alibaba Cloud API calls into applications and automation<\/td>\n<td>Official libraries, request signing handled, language-native code, integrates with RAM\/STS<\/td>\n<td>Provider-specific code; feature parity varies by language; requires careful credential\/security practices<\/td>\n<td>When you need programmatic control from code or custom automation workflows<\/td>\n<\/tr>\n<tr>\n<td><strong>Alibaba Cloud CLI<\/strong><\/td>\n<td>Operators and scripts that prefer command-line tools<\/td>\n<td>Fast to use, good for ad-hoc tasks and simple automation<\/td>\n<td>Harder to build complex logic; output parsing can be brittle<\/td>\n<td>For quick diagnostics, runbooks, and shell automation<\/td>\n<\/tr>\n<tr>\n<td><strong>OpenAPI Explorer (api.aliyun.com)<\/strong><\/td>\n<td>Learning APIs, prototyping, generating sample code<\/td>\n<td>Discoverable API docs, request testing, sample code snippets<\/td>\n<td>Not a deployment tool; generated code still needs review<\/td>\n<td>When exploring a service action or validating parameters quickly<\/td>\n<\/tr>\n<tr>\n<td><strong>Terraform (Alibaba Cloud Provider)<\/strong><\/td>\n<td>Declarative infrastructure provisioning<\/td>\n<td>State management, plan\/apply workflow, reproducible IaC<\/td>\n<td>Less ideal for runtime operations; learning curve<\/td>\n<td>For baseline infra and repeatable environment provisioning<\/td>\n<\/tr>\n<tr>\n<td><strong>ROS (Resource Orchestration Service)<\/strong><\/td>\n<td>Alibaba Cloud-native templates and orchestration<\/td>\n<td>Cloud-native orchestration; integrates with Alibaba Cloud services<\/td>\n<td>Template complexity; not ideal for fine-grained runtime workflows<\/td>\n<td>For standardized stacks and platform-managed deployments<\/td>\n<\/tr>\n<tr>\n<td><strong>Direct REST calls (self-managed signing)<\/strong><\/td>\n<td>Custom integrations where no SDK exists<\/td>\n<td>Full control; no SDK dependencies<\/td>\n<td>High risk of signing\/endpoint errors; more security work<\/td>\n<td>Only when SDK support is missing and you can invest in robust implementation<\/td>\n<\/tr>\n<tr>\n<td><strong>AWS SDK \/ Azure SDK \/ Google Cloud SDK<\/strong><\/td>\n<td>Other cloud providers<\/td>\n<td>Mature ecosystems<\/td>\n<td>Not applicable to Alibaba Cloud APIs<\/td>\n<td>Choose only when you are on that provider; not a substitute for Alibaba Cloud SDK<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">15. Real-World Example<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Enterprise example: Multi-account compliance inventory and remediation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A regulated enterprise needs daily visibility into cloud assets and configuration drift across multiple Alibaba Cloud accounts\/regions, plus controlled remediation.<\/li>\n<li><strong>Proposed architecture<\/strong>:<\/li>\n<li>A central compliance service runs on ECS or ACK.<\/li>\n<li>It assumes a RAM role in each account (STS) to query resources (ECS, OSS, networking, IAM).<\/li>\n<li>Results are stored in a central database and pushed to dashboards and ticketing.<\/li>\n<li>Remediation workflows require approvals; only then does the automation call \u201cmodify\u201d APIs.<\/li>\n<li><strong>Why Alibaba Cloud SDK was chosen<\/strong>:<\/li>\n<li>Strong fit for cross-service API calls and custom compliance logic.<\/li>\n<li>Tight integration with RAM\/STS for least privilege and separation of duties.<\/li>\n<li><strong>Expected outcomes<\/strong>:<\/li>\n<li>Accurate daily inventory, fewer audit findings, measurable reduction in public exposure misconfigurations, faster remediation with approval trails.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Startup\/small-team example: Artifact storage and delivery automation<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Problem<\/strong>: A startup needs to store build artifacts and customer downloads securely, with signed URLs and automated cleanup.<\/li>\n<li><strong>Proposed architecture<\/strong>:<\/li>\n<li>CI pipeline builds artifacts.<\/li>\n<li>A small backend service uses Alibaba Cloud SDK to upload to OSS, set metadata, and generate time-limited signed URLs.<\/li>\n<li>A scheduled job deletes artifacts past retention.<\/li>\n<li><strong>Why Alibaba Cloud SDK was chosen<\/strong>:<\/li>\n<li>Faster than building REST + signing; fewer security mistakes.<\/li>\n<li>Easy to integrate into an existing Python\/Node.js backend.<\/li>\n<li><strong>Expected outcomes<\/strong>:<\/li>\n<li>Secure downloads, reduced operational toil, controlled storage growth via lifecycle\/cleanup automation.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">16. FAQ<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) Is Alibaba Cloud SDK a managed service?<\/h3>\n\n\n\n<p>No. Alibaba Cloud SDK is a client library (Developer Tools) that you run in your own environment to call Alibaba Cloud APIs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Do I pay for Alibaba Cloud SDK?<\/h3>\n\n\n\n<p>Typically no. The SDK is free to use, but you pay for the Alibaba Cloud services you call and any associated usage (resources, requests, network egress).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Which languages are supported?<\/h3>\n\n\n\n<p>Alibaba Cloud provides SDKs for multiple popular languages (for example Java, Python, Go, Node.js, PHP, .NET). Verify the current list and per-service coverage in the official SDK docs: https:\/\/www.alibabacloud.com\/help\/en\/sdk<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) What is the difference between legacy SDKs and newer SDKs?<\/h3>\n\n\n\n<p>Alibaba Cloud has multiple SDK generations. Newer OpenAPI SDKs often use more modern patterns and are generated from OpenAPI definitions, while older SDKs may have different dependencies and method styles. Verify which one is recommended for your service and language in official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5) Should I use AccessKeys in production?<\/h3>\n\n\n\n<p>Avoid long-lived AccessKeys in production if possible. Prefer RAM roles and STS temporary credentials, and follow official best practices for your runtime (ECS\/ACK\/Function Compute).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6) How do I implement least privilege?<\/h3>\n\n\n\n<p>Create a dedicated RAM user\/role for your app and attach only the required policies for the specific API actions and resources. Test by starting with read-only permissions and expanding minimally.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7) How do I find the right API action name and parameters?<\/h3>\n\n\n\n<p>Use Alibaba Cloud OpenAPI Explorer: https:\/\/api.aliyun.com<br\/>\nThen check the service\u2019s API reference and SDK examples.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8) How do I troubleshoot <code>Forbidden<\/code> errors?<\/h3>\n\n\n\n<p><code>Forbidden<\/code> typically means authorization failed. Check:\n&#8211; RAM policy attachment\n&#8211; Whether the policy allows the specific action\n&#8211; Resource-level constraints (some services support resource scoping)\n&#8211; Whether you\u2019re calling the correct region\/account<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9) Why do I get \u201cresource not found\u201d even though it exists?<\/h3>\n\n\n\n<p>The most common cause is <strong>region mismatch<\/strong>. Ensure your SDK client is configured for the same region where the resource exists.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10) How should I handle API throttling?<\/h3>\n\n\n\n<p>Implement exponential backoff with jitter, reduce call frequency, cache inventory results, and avoid \u201clist everything\u201d loops. If the API supports request rate increases or quotas, verify options in official docs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">11) Is it safe to call control-plane APIs from request\/response web handlers?<\/h3>\n\n\n\n<p>Generally, no. Control-plane calls add latency and failure modes. Prefer asynchronous workflows, queues, background jobs, and caching.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">12) How do I log SDK calls safely?<\/h3>\n\n\n\n<p>Log request IDs, error codes, operation names, and resource identifiers\u2014but avoid logging secrets, tokens, or sensitive payload data.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">13) Can I use Alibaba Cloud SDK from on-premises?<\/h3>\n\n\n\n<p>Yes, as long as your environment has outbound HTTPS connectivity to Alibaba Cloud OpenAPI endpoints and your security policy allows it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">14) How do I rotate credentials?<\/h3>\n\n\n\n<p>Prefer STS. If using AccessKeys, rotate by creating a second key, deploying it, switching traffic, and then deleting the old key. Always follow your organization\u2019s change control process.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">15) What is the safest way to learn Alibaba Cloud SDK without unexpected charges?<\/h3>\n\n\n\n<p>Use read-only API calls (like listing regions or describing configurations) and avoid resource creation. Always clean up credentials and any created resources.<\/p>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">17. Top Online Resources to Learn Alibaba Cloud SDK<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Resource Type<\/th>\n<th>Name<\/th>\n<th>Why It Is Useful<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Official documentation<\/td>\n<td>Alibaba Cloud SDK Documentation<\/td>\n<td>Primary entry point for SDK concepts, supported languages, and references: https:\/\/www.alibabacloud.com\/help\/en\/sdk<\/td>\n<\/tr>\n<tr>\n<td>Official tool<\/td>\n<td>OpenAPI Explorer<\/td>\n<td>Explore APIs, test calls, and view sample code: https:\/\/api.aliyun.com<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>RAM (Resource Access Management) docs<\/td>\n<td>Understand users\/roles\/policies required for SDK auth: https:\/\/www.alibabacloud.com\/help\/en\/ram<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>STS (Security Token Service) docs<\/td>\n<td>Learn temporary credentials patterns: https:\/\/www.alibabacloud.com\/help\/en\/security-token-service<\/td>\n<\/tr>\n<tr>\n<td>Official pricing<\/td>\n<td>Alibaba Cloud Pricing<\/td>\n<td>Understand service costs that your SDK calls may trigger: https:\/\/www.alibabacloud.com\/pricing<\/td>\n<\/tr>\n<tr>\n<td>Official documentation<\/td>\n<td>ECS API reference (example service)<\/td>\n<td>Find the exact actions like <code>DescribeRegions<\/code> for ECS (navigate from ECS developer reference): https:\/\/www.alibabacloud.com\/help\/en\/ecs<\/td>\n<\/tr>\n<tr>\n<td>Official GitHub org<\/td>\n<td>Alibaba Cloud \/ Aliyun GitHub<\/td>\n<td>Official SDK repos and samples are often published here (verify the exact repo for your language\/service): https:\/\/github.com\/aliyun<\/td>\n<\/tr>\n<tr>\n<td>Official docs \/ tutorials<\/td>\n<td>Service-specific \u201cDeveloper Guide\u201d pages<\/td>\n<td>Practical examples per service (OSS\/ECS\/RDS\/etc.). Start from the service\u2019s docs hub and look for SDK sections.<\/td>\n<\/tr>\n<tr>\n<td>Community learning (use with care)<\/td>\n<td>Reputable engineering blogs and GitHub examples<\/td>\n<td>Helpful for real-world patterns; always validate against official docs to avoid outdated examples.<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">18. Training and Certification Providers<\/h2>\n\n\n\n<p>The following training providers are listed as learning resources. Verify current course outlines, delivery modes, and schedules on their websites.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Institute<\/th>\n<th>Suitable Audience<\/th>\n<th>Likely Learning Focus<\/th>\n<th>Mode<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps engineers, SREs, platform teams, developers<\/td>\n<td>Cloud automation, DevOps tooling, SDK\/CLI-driven workflows (verify course catalog)<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>ScmGalaxy.com<\/td>\n<td>Beginners to intermediate DevOps practitioners<\/td>\n<td>DevOps fundamentals, SCM, automation concepts that complement SDK usage<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n<tr>\n<td>CLoudOpsNow.in<\/td>\n<td>Cloud operations and engineering teams<\/td>\n<td>Cloud operations practices, monitoring\/incident response automation patterns<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n<tr>\n<td>SreSchool.com<\/td>\n<td>SREs and operations engineers<\/td>\n<td>Reliability engineering, automation\/runbooks, governance patterns<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>AiOpsSchool.com<\/td>\n<td>Ops teams exploring AIOps and automation<\/td>\n<td>Automated operations, monitoring + event-driven remediation concepts<\/td>\n<td>Check website<\/td>\n<td>https:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">19. Top Trainers<\/h2>\n\n\n\n<p>The following sites are listed as training resources\/platforms. Verify the trainer profiles, course content, and credibility directly on each website.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Platform\/Site<\/th>\n<th>Likely Specialization<\/th>\n<th>Suitable Audience<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>RajeshKumar.xyz<\/td>\n<td>DevOps\/cloud coaching and hands-on guidance (verify offerings)<\/td>\n<td>Engineers seeking guided learning<\/td>\n<td>https:\/\/www.rajeshkumar.xyz\/<\/td>\n<\/tr>\n<tr>\n<td>devopstrainer.in<\/td>\n<td>DevOps training and practical labs (verify offerings)<\/td>\n<td>Beginners to intermediate DevOps learners<\/td>\n<td>https:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n<tr>\n<td>devopsfreelancer.com<\/td>\n<td>Freelance DevOps help\/training resources (verify offerings)<\/td>\n<td>Teams needing short-term coaching<\/td>\n<td>https:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n<tr>\n<td>devopssupport.in<\/td>\n<td>DevOps support and training resources (verify offerings)<\/td>\n<td>Ops\/DevOps teams needing troubleshooting help<\/td>\n<td>https:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">20. Top Consulting Companies<\/h2>\n\n\n\n<p>The following consulting companies are listed as potential service providers. Verify capabilities, references, and statements of work directly with each company.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table>\n<thead>\n<tr>\n<th>Company Name<\/th>\n<th>Likely Service Area<\/th>\n<th>Where They May Help<\/th>\n<th>Consulting Use Case Examples<\/th>\n<th>Website URL<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>cotocus.com<\/td>\n<td>DevOps and cloud consulting (verify scope)<\/td>\n<td>Automation, CI\/CD, cloud operations<\/td>\n<td>Build an internal automation service using Alibaba Cloud SDK; design credential rotation workflows; implement cost guardrails<\/td>\n<td>https:\/\/www.cotocus.com\/<\/td>\n<\/tr>\n<tr>\n<td>DevOpsSchool.com<\/td>\n<td>DevOps consulting and training (verify scope)<\/td>\n<td>Platform engineering, DevOps enablement<\/td>\n<td>Standardize SDK usage patterns; create runbooks and governance; upskill teams on secure automation<\/td>\n<td>https:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n<tr>\n<td>DEVOPSCONSULTING.IN<\/td>\n<td>DevOps consulting (verify scope)<\/td>\n<td>CI\/CD, automation, operations improvements<\/td>\n<td>Implement CI pipelines that use Alibaba Cloud SDK safely; create inventory\/compliance automation; improve incident response automation<\/td>\n<td>https:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">21. Career and Learning Roadmap<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn before Alibaba Cloud SDK<\/h3>\n\n\n\n<p>To use Alibaba Cloud SDK effectively, learn:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alibaba Cloud fundamentals<\/strong>: regions, VPC basics, key services (ECS, OSS, RAM).<\/li>\n<li><strong>IAM fundamentals<\/strong>: principles of least privilege, roles vs users, credential rotation, STS.<\/li>\n<li><strong>API basics<\/strong>: HTTP, TLS, JSON, error handling, pagination.<\/li>\n<li><strong>One programming language deeply<\/strong>: Python\/Java\/Go\/Node.js, including dependency management and testing.<\/li>\n<li><strong>Basic DevOps<\/strong>: CI\/CD pipelines, secrets handling, logging, and monitoring.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">What to learn after Alibaba Cloud SDK<\/h3>\n\n\n\n<p>Once you can call APIs reliably:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Infrastructure as Code<\/strong>: Terraform (Alibaba Cloud provider) and\/or ROS for baseline provisioning.<\/li>\n<li><strong>Secure credential architectures<\/strong>: STS-based patterns, workload identity (where supported), secret rotation strategies.<\/li>\n<li><strong>Observability<\/strong>: centralized logging\/metrics\/tracing for automation.<\/li>\n<li><strong>Governance and compliance<\/strong>: audit trails, policy-as-code, resource tagging enforcement.<\/li>\n<li><strong>Resilience engineering<\/strong>: retries, idempotency, circuit breakers, chaos testing for automation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Job roles that use it<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud Engineer \/ Cloud Developer<\/li>\n<li>DevOps Engineer<\/li>\n<li>SRE<\/li>\n<li>Platform Engineer<\/li>\n<li>Security Engineer (cloud security automation)<\/li>\n<li>Solutions Architect (prototyping and reference implementations)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Certification path (if available)<\/h3>\n\n\n\n<p>Alibaba Cloud has certification programs, and some paths include developer and cloud architecture tracks. Verify current Alibaba Cloud certifications on the official Alibaba Cloud certification pages (programs can change).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Project ideas for practice<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Read-only inventory tool<\/strong>: list ECS\/OSS\/VPC resources across regions and export CSV.<\/li>\n<li><strong>CI artifact uploader<\/strong>: upload build artifacts to OSS with metadata and retention.<\/li>\n<li><strong>Tag compliance checker<\/strong>: find resources missing tags and open tickets.<\/li>\n<li><strong>Key rotation assistant<\/strong>: identify old AccessKeys and generate rotation reports (avoid auto-rotation without controls).<\/li>\n<li><strong>Cost hygiene bot<\/strong>: detect orphaned snapshots and disks and suggest cleanup actions.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">22. Glossary<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Alibaba Cloud SDK<\/strong>: Official client libraries that let you call Alibaba Cloud APIs from code.<\/li>\n<li><strong>OpenAPI<\/strong>: Public API interface for Alibaba Cloud services (actions\/operations exposed over HTTPS).<\/li>\n<li><strong>RAM (Resource Access Management)<\/strong>: Alibaba Cloud identity and access management service for users, roles, and policies.<\/li>\n<li><strong>RAM Policy<\/strong>: A document that defines allowed\/denied actions for a principal.<\/li>\n<li><strong>AccessKey<\/strong>: Long-lived credential pair (AccessKeyId\/AccessKeySecret) associated with a RAM user.<\/li>\n<li><strong>STS (Security Token Service)<\/strong>: Service for issuing temporary security credentials (tokens).<\/li>\n<li><strong>Region<\/strong>: Geographic location where Alibaba Cloud resources are hosted (for example <code>cn-hangzhou<\/code>).<\/li>\n<li><strong>Endpoint<\/strong>: The network address (hostname) for a service API in a given region.<\/li>\n<li><strong>Control plane<\/strong>: APIs that manage resources (create\/modify\/delete\/list).<\/li>\n<li><strong>Data plane<\/strong>: APIs that handle data operations (for example object reads\/writes).<\/li>\n<li><strong>Idempotency<\/strong>: Property where repeating the same request has the same effect; important for safe retries.<\/li>\n<li><strong>Throttling<\/strong>: API rate limiting that rejects or delays requests when you exceed limits.<\/li>\n<li><strong>Request ID<\/strong>: Unique identifier returned by APIs to help trace and debug requests with support.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h2 class=\"wp-block-heading\">23. Summary<\/h2>\n\n\n\n<p>Alibaba Cloud SDK is Alibaba Cloud\u2019s official Developer Tools library set for calling cloud APIs from code. It matters because it standardizes authentication, request signing, endpoint handling, and service API integration\u2014making automation safer and more maintainable than hand-written REST calls.<\/p>\n\n\n\n<p>Architecturally, the SDK sits inside your applications, CI\/CD pipelines, and automation services, bridging your code to Alibaba Cloud OpenAPI endpoints and enforcing access through RAM policies (often with STS for temporary credentials). Cost-wise, the SDK itself is typically free; the real cost comes from the services you automate, the resources you create, and network\/data-plane usage. Security-wise, the biggest wins come from least privilege RAM policies, avoiding long-lived keys, and logging\/auditing API calls.<\/p>\n\n\n\n<p>Use Alibaba Cloud SDK when you need reliable programmatic control and custom automation. Prefer IaC tools for baseline infrastructure, and combine both approaches for a production-grade platform.<\/p>\n\n\n\n<p>Next step: pick one service you use most (OSS, ECS, RAM, DNS), find its SDK \u201cGetting Started\u201d in the official docs (https:\/\/www.alibabacloud.com\/help\/en\/sdk), and extend the lab script into a small tool with pagination, structured logging, and STS-based credentials.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Developer Tools<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,18],"tags":[],"class_list":["post-107","post","type-post","status-publish","format-standard","hentry","category-alibaba-cloud","category-developer-tools"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=107"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/107\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}