ModifyImageSharePermission-阿里云帮助中心

Manage image sharing permissions. You can share your custom images with other Alibaba Cloud accounts or publish them as community images.

Operation description

Read Share a custom image before calling this operation.

Note the following sharing rules:

Sharing limits: You can share only the custom images that you created. Each image can be shared with up to 50 Alibaba Cloud accounts. You can share an image with up to 10 Alibaba Cloud accounts at a time.
Impact on instances: If you create an ECS instance (RunInstances) from a shared custom image and the image owner later unshares or deletes the custom image (DeleteImage), you can no longer reinitialize the instance's system disk (ReInitDisk).

Important The rules for sharing encrypted images have been updated. You can share only images that are encrypted with a Customer Master Key (CMK). You can no longer share images that are encrypted with a service key. Attempting to share an image that is encrypted with a service key returns an error. To share an image encrypted with a service key, copy the image (CopyImage) and re-encrypt it with a CMK.

Note the following when you publish or unpublish a community image:

Responsibilities and agreements: The owner of a community image is responsible for its quality and updates. Alibaba Cloud provides only the platform for sharing. Before you publish an image, you must understand and sign the community image agreement. For more information, see Publish a community image.
Encryption restrictions: Encrypted images cannot be published as community images.
Public access: Community images are public. All Alibaba Cloud accounts in the image's region can use them.
Feature restrictions: Community images cannot be shared, exported, or copied.
Impact of unpublishing: When a community image is unpublished, it is no longer publicly accessible. However, this action does not affect instances that were previously created from the image.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

ecs:ModifyImageSharePermission

update

*Image

acs:ecs:{#regionId}:{#accountId}:image/{#imageId}

None

Request parameters

Parameter	Type	Required	Description	Example
RegionId	string	Yes	The ID of the region where the custom image is located. Call DescribeRegions to view the latest list of Alibaba Cloud regions.	cn-hangzhou
ImageId	string	Yes	The ID of the custom image to share. Important You can no longer share images that are encrypted with a service key. You can only share images that are encrypted with a customer master key (CMK). Attempting to share an image that is encrypted with a service key returns an error.	m-bp18ygjuqnwhechc****
LaunchPermission	string	No	Note This parameter is in invitation-only preview and is not available.	hide
AddAccount	array	No	The IDs of the Alibaba Cloud accounts to share the image with. You can specify up to 10 account IDs. If you specify more than 10 IDs, the system processes only the first 10 and ignores the rest.	1234567890
	string	No	The ID of an Alibaba Cloud account.	1234567890
RemoveAccount	array	No	The IDs of the Alibaba Cloud accounts to unshare the image from. You can specify up to 10 account IDs. If you specify more than 10 IDs, the system processes only the first 10 and ignores the rest.	1234567890
	string	No	The ID of an Alibaba Cloud account.	1234567890
IsPublic	boolean	No	Specifies whether to publish the image as a community image or unpublish a community image. Valid values: true: Publishes the image as a community image. false: Unpublishes the community image, reverting it to a private image. This action has no effect if the image is already private. Default value: false.	false
DryRun	boolean	No

Response elements

Element	Type	Description	Example
	object
RequestId	string	The ID of the request.	473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

Examples

Success response

JSON format

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}

Error response

JSON format

{
    "RequestId": "C8B26B44-0189-443E-9816-D951F59623A9"
}

Error codes

HTTP status code	Error code	Error message	Description
400	MissingParameter	The input parameter "RegionId" that is mandatory for processing this request is not supplied.
400	InvalidGroup.Malformed	The specified Group is wrongly formed.
400	UnnecessaryParameter.LaunchPermission	The specified parameter "LaunchPermission" is unnecessary if paramter "AddAccounts" or "RemoveAccounts" exist.
400	InvalidParameter.LaunchPermission	The specified parameter "LaunchPermission" is invalid.
400	ForbiddenParameter.LaunchPermission	The specified parameter "LaunchPermission" is forbidden for current account.
403	AssumeRoleError	Requires a RAM role of AliyunECSShareEncryptImageDefaultRole before sharing encrypted image.	Before you share encrypted images, make sure that the AliyunECSShareEncryptImageDefaultRole RAM role is attached to your account.
403	ImageDescription.ContainsSensitiveWords	The specified image description contains sensitive words.
403	ImageName.ContainsSensitiveWords	The specified image name contains sensitive words.
403	Image.Public	The specified image is public image.
403	CurrentRegion.NotSupportPublicImage	Public image is not supported for current region.
403	Image.NotPublic	The specified image is not public image.	The specified image is not published as a community image and cannot be unpublished.
403	OperationDeined.FullImage	The encrypted image contains multiple snapshots, which do not support share.
403	QuotaExceed.ShareImage	The shared Image Quota exceeds.
403	QuotaExceed.ShareImageUser	The shared Image user Quota exceeds.
403	InvalidImageId.BidMismatch	Cannot share the image with users %s of other sites.	You cannot share images to users in other sites.
403	OperationDeined.EncryptedSnapshot	The image contains encrypted snapshots, which do not support share.	The specified image contains encrypted snapshots and cannot be shared.
403	OperationDenied.InvalidImageStatus	The specified image cannot be shared when it is deprecated.
403	PublicImageAgreement.NotSigned	The current account has not signed "Community Image Terms of Service".	You have not signed the Community Image Terms of Service.
403	InvalidParameter.IsPublic	The specified parameter IsPublic is conflicted with other parameters.	The specified parameter IsPublic conflict with another parameter.
403	InvalidParameter.KMSKeyId.CMKUnauthorized	The CMK(Customer Master Key) lacks authorization to add tags to the ECS service.	The CMK(Customer Master Key) lacks authorization to add tags to the ECS service.
403	InvalidParameter.KMSKeyId.CMKNotEnabled	The CMK (Customer Master Key) must be in an active state.	The CMK (Customer Master Key) must be in an active state.
403	InvalidOperation.ServiceKeyEncryptedImageUnsupported	The specified service key encrypted image is not supported for this operation. Please switch to a CMK (Customer Master Key) encrypted image and retry.	Service key mirroring does not support this operation. Replace the CMK key and try again.
404	InvalidImageId.NotFound	The specified ImageId does not exist.	The specified image does not exist in this account. Check whether the image ID is correct.
404	InvalidAccount.NotFound	The specified account %s in parameter "AddAccount.n" or "RemoveAccount.n" does not exist.	The account in the AddAccount or RemoveAccount does not exist.
404	InvalidAccount.Forbbiden	The specified Account does not yourself.
404	InvalidKMSKeyId.NotFound	The KMS key used by the disk does not exist.	The KMS key used by the disk does not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.