Login Methods
After obtaining your authorization, Cloudbase CLI can access your resources. Cloudbase CLI provides two ways to obtain authorization: Tencent Cloud - CloudBase Console Authorization and Tencent Cloud - Cloud API Key Authorization.
Tencent Cloud - CloudBase Console Authorization
Enter the following command in your terminal
tcb login
CloudBase CLI will automatically open the CloudBase Console to obtain authorization. You need to click the 'Agree to Authorize' button to allow CloudBase CLI to obtain authorization. If you are not logged in, you need to log in before you can perform this operation.
Tencent Cloud - Cloud API Key Authorization
Note: Tencent Cloud API keys can access all resources in your Tencent Cloud account. Please store them securely and replace them regularly. After replacing a key, promptly delete the old key.
First, you need to go to the Tencent Cloud official website to obtain Cloud API keys, then enter the following command in your terminal:
tcb login --key
After pressing Enter, enter the SecretId and SecretKey of your Cloud API keys as prompted to complete the login.
Login in CI
In CI (Continuous Integration) builds, you can use the following method to log in directly via API keys, avoiding interactive input.
tcb login --apiKeyId xxx --apiKey xxx
Temporary Key Login
Logging in with Tencent Cloud temporary keys can be used in certain sensitive scenarios, utilizing short-term valid keys.
tcb login --apiKeyId xxx --apiKey xxx --token xxx
Sub-account
Sub-accounts need to be authorized by the primary account to access Cloud Development resources. By default, sub-accounts do not have permission to access Cloud Development resources, so logging into the Cloud Development Console with a sub-account will not grant access to these resources.
At this point, you need to add a preset policy to the sub-account to access Cloud Development resources. The specific steps are as follows:
- Log in to the CAM console, select Users > User List from the left menu.
- Go to the User List page and click [Create New User].
- Go to the Create New User page and fill in the relevant user information as prompted.
- After completing the information, go to the policy list and select the TCB preset authorization policy.
- Click [Complete] to finish creating the sub-account.
In addition to the method of adding policies when creating a sub-account as described above, you can also grant permissions by associating policies with users. For details, refer to the Authorization Management guide.
TCB Preset Policy
You can use the following preset policies to grant relevant permissions to your sub-account:
| Policy | Description |
|---|---|
QcloudAccessForTCBRole | This policy grants CloudBase (TCB) access to cloud resources. |
QcloudAccessForTCBRoleInAccessCloudBaseRun | This policy is provided for association with the CloudBase (TCB) service role (TCB_QcsRole) to enable TCB to access other cloud service resources, including permissions for Virtual Private Cloud (VPC) and Cloud Virtual Machine (CVM) operations. |
This permission includes full read-write permissions to underlying resources such as object storage, cloud functions, logs, monitoring, VPC, etc. Once this policy is added to a sub-account, it means the sub-account has full read-write permissions to the above resources and automatically gains full read-write permissions to subsequently added resources. Therefore, please choose carefully. For details, click the permission name to jump to view the permission rules.
The following preset policies grant sub-accounts read-only access to CAM when you use TCB services. After authorizing a sub-account with QcloudCamReadOnlyAccess, it can log in using the CLI tool via web authorization. If not authorized, it can only log in using the sub-account's API key. You can enable this for sub-accounts as needed:
| Policy | Description |
|---|---|
QcloudCamReadOnlyAccess | This policy grants read-only access to Cloud Access Management (CAM). |