DocsICP FilingConsole
官方文档
首页

Share a snapshot

更新时间:
复制 MD 格式
产品详情
我的收藏

You can share a snapshot with other Alibaba Cloud accounts or within your enterprise by using a resource directory. Principals can then use the shared snapshot to quickly create a cloud disk for cross-account collaboration and enterprise-wide resource sharing. This topic describes the procedures and considerations for sharing and unsharing snapshots.

Use cases

Use shared snapshots in the following scenarios:

  • Cross-account data sharing

    Share snapshots between different accounts or departments within your enterprise to quickly create cloud disks and share data.

  • Bulk deployment

    A shared snapshot lets you deploy the same application across instances in multiple accounts. This ensures that the initial state of each instance is identical, which helps you quickly set up consistent business systems, reduces repetitive configuration, and ensures consistency across instances.

Considerations

Keep the following in mind before you share a snapshot:

Item

Description

Billing

  • The sharing process is free of charge.

  • Principals are charged for resources that they create from a shared snapshot, such as cloud disks or cross-region snapshot copies.

  • If a shared snapshot expires, it is not automatically released and you will continue to be charged for it until it is unshared.

Quotas

  • You can share a snapshot with a maximum of 64 Alibaba Cloud accounts.

  • Each Alibaba Cloud account can share a maximum of 1,024 snapshots.

Account restrictions

You cannot share snapshots between accounts on the Alibaba Cloud China site and the international site.

Other limitations

  • Sharer

    • You cannot directly delete a shared snapshot. You must first unshare the snapshot.

    • You cannot share snapshots that are generated when you import a custom image.

    • You cannot share encrypted snapshots that use a service key.

      Note

      If you need to share an encrypted snapshot that uses a service key, you can use the copy snapshot feature to change the service key to a customer master key (CMK) and then share the copy. For more information about ECS encryption keys, see Encrypt a cloud disk.

  • Principal

    • You cannot create a custom image from a shared snapshot.

    • A shared snapshot has a different ID than its source snapshot. Therefore, you cannot use a shared snapshot to roll back a cloud disk.

    • You cannot directly delete a shared snapshot. To remove it, go to the Resource Sharing console and leave the resource share.

    • You cannot archive a shared snapshot.

    • You cannot re-share a shared snapshot.

      Note

      To work around this limitation, do one of the following:

      • Create a new cloud disk from the shared snapshot and attach the disk to an ECS instance. Then, create a new snapshot of the disk and share the new snapshot.

      • Copy the shared snapshot and then share the copy.

    • You cannot extend the retention period of a shared snapshot.

      Note

      • If the source snapshot is retained permanently, the shared snapshot is retained for 1,096 days.

      • If the source snapshot has a custom retention period, the shared snapshot uses the same retention period.

Before you begin

  • Before you share a snapshot, make sure that it does not contain sensitive data or files.

  • Complete the following preparations based on your sharing scenario:

    • To share a snapshot with another Alibaba Cloud account, obtain the account ID of the principal.

      To obtain the account ID, move the pointer over your profile picture in the upper-right corner of the console. In the user information box that appears, if the account is labeled as a Alibaba Cloud Account, the displayed account ID is the Alibaba Cloud account ID.

    • To share a snapshot within your enterprise based on a resource directory, your Alibaba Cloud account must meet one of the following conditions:

  • When you share a snapshot that is encrypted with a customer master key (CMK), you must first create and grant permissions to the AliyunECSShareEncryptSnapshotDefaultRole role. For more information, see Share encrypted resources across accounts.

Share a snapshot

Share in the console

Step 1: Share the snapshot

  1. Go to the snapshot sharing page.

    1. Go to ECS console - Snapshots.

    2. In the upper-left corner of the page, select a region and resource group.地域

    3. On the Disk Snapshots tab, find the snapshot that you want to share. In the Actions column, choose image > Share Snapshot.

  2. In the Add to Resource Share dialog box, configure the snapshot sharing parameters.

    image

    1. Set Method to Existing Resource Share or New Resource Share.

      Note

      Snapshot sharing is based on the Resource Sharing service. You can add resources and principals to a resource share to share your resources with others.

    2. (Conditional) Configure Principal Scope. This parameter is required only when you set Method to New Resource Share.

      • All Accounts: You can share the snapshot with any principal.

      • Objects Within Resource Directory: You can share the snapshot only within your resource directory. The management account or members of the resource directory can share snapshots only with the resource directory itself, its folders, and its members.

    3. Click Add Principals. Configure the principal information based on your sharing scenario and click OK.

      • Scenario 1: Share the snapshot with another Alibaba Cloud account

        Set Principal Type to Cloud Account and enter the Alibaba Cloud account ID of the principal.

        Note

        • If you set Principal Scope to Objects Within Resource Directory, you can select only Alibaba Cloud accounts that are within the resource directory.

        • If you want to share the snapshot with multiple Alibaba Cloud accounts, you must add them one by one.

      • Scenario 2: Share the snapshot within your enterprise based on a resource directory

        • If your Alibaba Cloud account has not enabled a resource directory but is a member of one: In the Add Principals dialog box, select Resource Directory or Folder. If you select Folder, you must enter the folder ID.

          image

        • If your Alibaba Cloud account has enabled a resource directory: In the Add Principals dialog box, select a resource directory or folder from the resource directory tree, or manually add a resource directory or folder.

          image

        Note

    4. After you add the principals, click OK.

Step 2: Use the shared snapshot

To access the shared snapshot, the principal must accept the sharing invitation.

  1. (Conditional) The principal accepts the shared snapshot invitation. This operation is required the first time resources are shared to the principal through a specific resource share.

    1. The principal logs on to the Resource Sharing console.

    2. In the left-side navigation pane, choose Resource Sharing > Resources Shared To Me.

    3. In the top navigation bar, select the region where the shared snapshot resides.

    4. On the Resources Shared To Me page, find the target resource share and click Accept in the Status column.

    5. In the Accept Resource Sharing Invitation dialog box, click OK.

      After the invitation is accepted, the principal can use the shared snapshot. New resources that are added to the resource share are automatically accepted.

  2. View the shared snapshot.

    1. Access shared objects in the ECS console - Snapshots.

    2. In the top navigation bar, select the region where the shared snapshot resides.

    3. View the shared snapshot in the snapshot list.

      • Move the pointer over the image.png icon. A tag in the acs:ecs:sharedFrom:<Sharer_UID>:<Source_Region>:<Source_Snapshot_ID> format appears.

      • The value of Creation Method is Shared Snapshot.

      • Move the pointer over the image.png icon in the Attribute column and click Details. Information such as the sharer's Alibaba Cloud account ID and the source snapshot ID is displayed.

        You can also choose image > Share Snapshot in the Actions column of the shared snapshot to view the sharing information in the Resource Sharing console.

  3. (Optional) The principal can create a new data disk from the shared snapshot or copy the shared snapshot.

    Note

    • If you share an encrypted snapshot, the principal must change the encryption key when they create a new cloud disk from the shared snapshot or copy the shared snapshot.

    • When you create a cloud disk from a shared encrypted snapshot, you can select only ESSD, ESSD AutoPL, or ESSD Entry cloud disks. If you want to create other types of cloud disks, you can first copy the snapshot and then create a cloud disk from the copy.

Share by using SDK

This section uses the Java SDK as an example and provides an open-source sample project that shows how to share snapshots across accounts and create a cloud disk from a shared snapshot.

  1. Obtain the sample project: Snapshot sharing sample.

    The project includes the following code samples:

    • CreateResourceShare: The sharer creates a resource share and initiates snapshot sharing.

    • ReceiveResourceShare: The principal accepts the snapshot sharing invitation.

    • UseResourceShare: The principal creates a cloud disk from the shared snapshot.

  2. Configure the sample project.

    1. Configure SDK dependencies in the pom.xml file. For more information, see Java SDK examples.

      <!--Resource Sharing SDK-->
<dependency>
  <groupId>com.aliyun</groupId>
  <artifactId>resourcesharing20200110</artifactId>
  <version>${lastVersion}</version>
</dependency>
<!--ECS SDK-->
<dependency>
  <groupId>com.aliyun</groupId>
  <artifactId>alibabacloud-ecs20140526</artifactId>
  <version>${lastVersion}</version>
</dependency>
      Note

      SDK packages are updated frequently. We recommend that you obtain the latest dependency versions from the official GitHub links in SDK overview.

    2. Add the ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET environment variables to your local environment and set them to your AccessKey ID and AccessKey Secret.

    3. Replace other variable parameters in the project based on your environment, such as the shared snapshot ID, the principal's account ID, and the cloud disk type.

  3. Compile and run each Java code sample as needed.

  4. Verify the results in the console of the corresponding product.

    For example, the sharer can log on to the Resource Sharing console to view the created resource share. The principal can log on to the ECS console to view the shared snapshot and the cloud disk created from the shared snapshot.

Unshare a snapshot

A sharer can unshare a snapshot when it is no longer needed.

Effects

Unsharing a snapshot affects the principal in the following ways:

  • The principal can no longer query the snapshot in the ECS console or by calling an ECS API operation.

  • The principal cannot use the shared snapshot to re-initialize a data disk that was created from it.

  • Snapshots that the principal copied from the shared snapshot are not affected.

Procedure

  1. Go to the snapshot sharing page.

    1. Go to ECS console - Snapshots.

    2. In the upper-left corner of the page, select a region and resource group.地域

    3. Find the snapshot that you want to unshare. In the Actions column, choose image > Share Snapshot.

  2. Unshare the snapshot.

    1. In the Principals section, click Modify.

    2. In the list of added principals, click Remove in the Actions column for the desired principal.

      image

    3. Click OK to stop sharing the snapshot.

Previous:Archive snapshotsNext:Roll back disk using snapshot