DocsICP FilingConsole
官方文档
首页

Use shared images

更新时间:
复制 MD 格式
产品详情
我的收藏

A shared image is a custom image from another Alibaba Cloud account. This topic describes how to use a shared image to create ECS instances, copy the image, and replace the operating system of an instance.

Usage notes

Important

Alibaba Cloud does not guarantee the integrity or security of shared images. Only use images from accounts you trust, and use them at your own risk.

Before using a shared image, consider the following points:

Item

Description

Sharing fees

  • Shared images do not count against your custom image quota. You are not charged for receiving them.

  • If a shared image is based on a paid image, you are charged for the image when you use it to create ECS instances. For example, if Account A shares a paid image with Account B, and Account B creates an instance from the shared image, Account B pays for both the image and the instance.

For more information about image billing, see Image billing.

Usage limits

  • You cannot delete or update shared images directly. To manage a shared image, you must first copy the image to your account within the same region. The copy becomes a custom image.

  • If resources that a shared image depends on become unavailable (for example, the image owner's account has overdue payments or a key is invalid), you cannot use the shared image to create ECS instances.

Policy

  • To create an ECS instance from a shared image, a RAM user must have permission to call the RunInstances or CreateInstance API operation. For information about the required policy, see Authorize a RAM user to create pay-as-you-go instances.

  • To further restrict a RAM user to create ECS instances only from images shared by a specific Alibaba Cloud account, attach the following policy to the RAM user:

    {
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "ecs:RunInstances",
        "ecs:CreateInstance"
      ],
      "Effect": "Deny",
      "Resource": "*",
      "Condition": {
        "StringNotEquals": {
          "ecs:ImageOwnerId": "123456789012****"
        }
      }
    }
  ]
}
    Note

    Replace ImageOwnerId with the actual Alibaba Cloud account ID of the image owner. This policy allows the RAM user to create ECS instances only from custom images shared by the account "123456789012****".

Create an ECS instance from a shared image

ECS console

You can use a shared image to quickly create one or more ECS instances with an identical environment.

  1. Go to ECS console - Images.

  2. In the top navigation bar, select the region and resource group of the resource that you want to manage. Region

  3. On the Shared Images tab, find the shared image that you want to use and click Create Instance in the Actions column.

    image

  4. The region and image are pre-filled. Configure other parameters, such as the billing method and instance type, to create the instance.

    For more information about the parameters, see Create an instance by using the wizard.

    If you use an encrypted shared image to create an ECS instance, any disks created from the image's encrypted snapshots are also automatically encrypted. These disks cannot be decrypted. You must specify a service key or your customer master key (CMK) as the encryption key for these disks.

    image

API

  1. Call the DescribeImages operation to query the ImageId of the shared image that you can use.

  2. Call the RunInstances or CreateInstance operation. Set the ImageId parameter to the ImageId of the shared image to create an ECS instance from the shared image.

    Important

    If you use an encrypted image, you must set the Encrypted parameter to true. Otherwise, instance creation may fail.

Replace the operating system with a shared image

ECS console

You can use a shared image to replace the system disk of an existing ECS instance. This process replaces the instance's system disk with one based on the shared image.

In the Replace System Disk dialog box, click the Shared Images tab in the Image section and select the shared image you want. For more information, see Replace the operating system (system disk).

API

  1. Call the DescribeImages operation to query the ImageId of the shared image that you can use.

  2. Call the ReplaceSystemDisk operation. Set the ImageId parameter to the ImageId of the shared image to replace the operating system (system disk).

    Important

    If you use an encrypted image, you must set the Encrypted parameter to true to encrypt the new system disk with your own key. Otherwise, the operation may fail.

Copy a shared image

ECS console

Shared images are read-only. To update or delete a shared image, you must first copy it to your account within the same region. The copy appears as a custom image in your account that you can manage.

  1. On the Shared Images tab, find the shared image that you want to copy and click Copy Image in the Actions column.

    image

  2. In the Copy Image dialog box, configure the parameters as prompted.

    • You can perform a standard copy or an encrypted copy.

    • You can select only the current region.

      Note

      Shared images can be copied only within the same region. To use a shared image in a different region, first copy it within its original region to create a custom image. Then, copy that custom image to the target region.

    For more information about the parameters, see Copy a custom image.

  3. (Optional) Click the Custom Images tab to view the copied image.

API

  1. Call the DescribeImages operation to query the ImageId of the shared image that you can use.

  2. Call the CopyImage operation. Set the ImageId parameter to the ImageId of the shared image to copy the shared image as a custom image that you can manage.

    Important

    If you copy an encrypted shared image, you must set the Encrypted parameter to true to encrypt the copied image with your own key. Otherwise, the copy operation may fail.

Related documents

  • You can use a shared image to deploy an ECS instance across accounts in the same region. For more information, see Share a custom image.

  • If you no longer need to share a custom image with other Alibaba Cloud accounts, you can unshare the image. For more information, see Unshare a custom image.

  • For information about the permissions required to share encrypted images, see Permissions on encrypted images.

Previous:Share a custom imageNext:Unshare an image