You can share disk snapshots with other Alibaba Cloud accounts or within your organization using resource directories. Other accounts can utilize your shared snapshots to swiftly create disks for daily operations and maintenance. This topic describes the steps to share, use, and unshare a snapshot, along with important considerations for these processes.
Resource Directory (RD) is a service provided by Alibaba Cloud for enterprise users to manage multiple accounts and resources. It enables you to establish an organizational structure based on business needs and consolidate enterprise accounts into a hierarchical resource structure. For more information, see what is Resource Directory.
Considerations
Before sharing a snapshot, take into account the following:
Consideration | Description |
Sharing fees |
|
Sharing limits |
|
Account restrictions |
|
Encrypted snapshot restrictions |
Note
|
Other restrictions |
|
Preparations
-
Ensure the snapshot is free of sensitive data and files before sharing.
-
Complete the necessary preparations based on the sharing scenario.
-
When sharing a snapshot with other Alibaba Cloud accounts, retrieve the account ID.
To obtain the ID: Hover the mouse over the profile picture in the upper-right corner of the console. If the account is identified as the Primary Account, the displayed ID is the Alibaba Cloud account ID.
-
To share a snapshot within your organization using resource directories, enable resource directories through the management account or member accounts. For more information, see enable Resource Directory.
-
Share a snapshot
Share a snapshot through the console
Sharer shares a snapshot
-
(Conditionally required) The sharer creates a role and grants permissions.
If sharing an encrypted snapshot, since it's encrypted with a KMS key from your Alibaba Cloud account, you must grant permissions for the shared account to access the KMS key before sharing. For more information, see cross-account sharing of encrypted resources.
-
The sharer logs on to the ECS console and navigates to the snapshot sharing action page.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
-
Locate the target encrypted snapshot. In the Action column, select
> Share Snapshot.
-
In the Add To Resource Share dialog box, set the shared snapshot parameters.
-
Select a previously created resource share in the Resource Sharing console.
NoteResource Sharing, a feature of Resource Management, enables you to share snapshots with other Alibaba Cloud accounts. Create resource shares to share your resources, which consist of a resource owner, principals, and shared resources. Principals are the Alibaba Cloud accounts invited to use the owner's resources. For more details on resource shares, see what is resource sharing.
-
In the Add Principals section, enter the Alibaba Cloud account ID of the sharee and click Add.
-
After adding the sharee, click Confirm.
-
Sharee uses a shared snapshot
The sharee must accept the snapshot sharing invitation to complete the sharing process.
-
The sharee accepts the shared snapshot.
-
The sharee logs on to the Resource Sharing console.
-
In the left-side navigation pane, select Resource Sharing >Shared With Me.
-
In the top navigation bar's upper-left corner, select the region where the shared snapshot is located.
-
On the Shared With Me page, click Accept in the Status column for the target resource share.
-
In the Accept Resource Sharing dialog box, click OK.
After accepting the invitation, you can use the shared snapshot. Future sharing invitations for resources added to the resource share are automatically accepted.
-
-
View the shared snapshot.
-
The sharee logs on to the ECS console.
-
In the left-side navigation pane, select Storage & Snapshots > Snapshots.
-
In the top navigation bar's upper-left corner, select the region where the shared snapshot is located.
-
Find the shared snapshot in the snapshot list.
-
Hover over the
icon. The label Acs:ecs:sharedfrom:<sharee Uid>:<source Region Of The Shared Snapshot>:<source Snapshot ID> appears.
-
The Snapshot Source is marked as Shared Snapshot.
-
Hover over the
icon to view details like the shared account ID and source snapshot ID.
Alternatively, select Operation in the shared snapshot column, then choose
> View Shared Snapshot to see the shared information in the Resource Sharing Console.
-
-
-
Use the shared snapshot.
-
For unencrypted snapshots, the sharee can:
-
Create a new disk: For instructions, see create a data disk from a snapshot.
-
Copy the shared snapshot: For details, see copy a snapshot.
-
-
For encrypted snapshots, the sharee can:
-
Create a new disk, but must change the key: See create a data disk from a snapshot for guidance.
NoteWhen using shared encrypted snapshots to create disks, only Enterprise SSDs (ESSDs) can be created. If other types of disks are needed, first copy the snapshot and then create a new disk from the copied snapshot.
-
Copy the shared snapshot, but must change the key: Refer to copy a snapshot for the procedure.
-
-
Share a snapshot through SDK
This section explains how to use ECS and Resource Sharing SDKs to share a snapshot across accounts and create a disk from the shared snapshot. The example uses Java SDKs and an open-source sample project.
-
Download the sample project: snapshot sharing sample.
The project includes these code snippets:
-
CreateResourceShare
: The sharer creates a resource share and initiates snapshot sharing. -
ReceiveResourceShare
: The sharee accepts the snapshot sharing invitation. -
UseResourceShare
: The sharee uses the shared snapshot to create a disk.
-
-
Set up the sample project.
-
Add SDK dependencies in the
pom.xml
file. For more information, see install Java SDK.<!--Resource Sharing SDK--> <dependency> <groupId>com.aliyun</groupId> <artifactId>resourcesharing20200110</artifactId> <version>${lastVersion}</version> </dependency> <!--ECS SDK--> <dependency> <groupId>com.aliyun</groupId> <artifactId>alibabacloud-ecs20140526</artifactId> <version>${lastVersion}</version> </dependency>
NoteSDK packages are frequently updated. For the latest version dependencies, visit the GitHub link on the SDK overview page.
-
Add the environment variables
ALIBABA_CLOUD_ACCESS_KEY_ID
andALIBABA_CLOUD_ACCESS_KEY_SECRET
to your local environment and input your AccessKey ID and Secret. -
Replace other project variables with actual values, such as the snapshot ID to share, the UID of the account to share with, and the disk category to create.
-
-
Compile and run the Java code snippets as needed.
-
Verify the results in the corresponding consoles.
For instance, the sharer can check the created resource share in the Resource Sharing console, while the sharee can view the shared snapshot and the disk created from it in the ECS console.
Unshare a snapshot
If you no longer want to share a snapshot with another Alibaba Cloud account, you can unshare it.
Considerations
After a snapshot is unshared, the sharee will experience the following:
-
The snapshot will no longer appear in the ECS console or be accessible via ECS API.
-
Disks created from the shared snapshot cannot be reinitialized.
-
Snapshots copied from the shared snapshot remain unaffected.
Procedure
-
The sharer logs on to the ECS console and navigates to the snapshot sharing action page.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
-
Locate the target encrypted snapshot. In the Action column, select
> Share Snapshot.
-
Unshare the snapshot.
-
In the Add To Resource Share dialog box, select the target resource share.
-
In the Principals area, click Edit.
-
From the Added Principals list, click Remove in the Action column.
-
Click OK to confirm and stop sharing the snapshot with other Alibaba Cloud accounts.
-