All Products
Search

This Product

    Elastic Compute Service:Share a custom image

    Document Center

    Elastic Compute Service:Share a custom image

    Last Updated:Dec 02, 2024

    You can use shared images to create Elastic Compute Service (ECS) instances across multiple Alibaba Cloud accounts in the same region. After you create a custom image, you can share the custom image with other Alibaba Cloud accounts or within your organization based on resource directories or folders. The sharees can use the shared image to create identical ECS instances. This topic describes how to share a custom image and the considerations that you must take note of when you share the image.

    Scenarios

    • Scenario 1: You want to share custom images in your Alibaba Cloud account with one or more Alibaba Cloud accounts.

    • Scenario 2: When you use Alibaba Cloud services, you use a resource directory to manage all Alibaba Cloud accounts of your organization. You want to share the custom images of a member in the resource directory with all members in the resource directory or with all members in a specific folder in the resource directory.

      If you share custom images in Scenario 2, all accounts in the resource directory or folder have access to the shared images. Accounts that are subsequently added to the resource directory or folder also have access to the shared images. Accounts that are removed from the resource directory or folder lose access to the shared images. For more information, see What is Resource Sharing?

      Note

      Resource Directory is a service that you can use to manage relationships among a number of accounts and resources. Resource Directory allows you to quickly establish an organizational structure based on your business requirements and consolidate the accounts of your organization into the structure to create a hierarchy for the resources of your organization. For more information, see What is Resource Directory?

      If you shared a custom image with all members in a resource directory or with all members in a specific folder in the resource directory, we recommend that you do not reshare the custom image in the manner described in Scenario 1. Otherwise, the shared image data may be inconsistent between resource directories.

    Considerations

    Before you share a custom image, take note of the items described in the following table.

    Item

    Description

    Fees

    You are not charged for sharing custom images.

    Regions

    • You can share custom images across accounts only within the same region.

      If you want to share a custom image across regions, copy the image to the destination region and share the image copy, or share the image and copy the shared image to the destination region. For more information, see Copy a custom image.

    • You can share encrypted custom images only in the China (Beijing), China (Shanghai), China (Hong Kong), and Singapore regions.

    Limits

    • You can share custom images that are created in your account. You cannot share custom images that are created and shared by other accounts.

    • ECS imposes limits on the number of users with which you can share a custom image. In the Quota Center console, you can view and change the Quota of users that can be shared per custom image on the General Quotas page for ECS. For more information, see Manage ECS quotas.

    • Images cannot be shared between accounts on the China site and accounts on the international site.

    • You cannot share ECS custom images for use on simple application servers. You can share custom images created from simple application servers for use on ECS instances. For more information, see Share an image to ECS.

    Preparations

    • Before you share a custom image, make sure that all sensitive data and files are removed from the image.

    • When you share a custom image in different scenarios, take note of the following items:

      • To share a custom image with other Alibaba Cloud accounts, you must obtain the IDs of the accounts.

        To obtain the ID of an Alibaba Cloud account, log on to the Alibaba Cloud Management Console with the Alibaba Cloud account and move the pointer over the profile picture in the upper-right corner. If the account is tagged with Main Account, the account ID is an Alibaba Cloud account ID.

      • To share a custom image within your organization based on resource directories or folders, you must enable the resource directories by using the management account or members. For more information, see Enable a resource directory.

    Procedure

    1. (Conditionally required) Before you share a custom image, create a Resource Access Management (RAM) role and grant permissions to the role.

      Before you can share a custom image that is encrypted with a Key Management Service (KMS) key in your Alibaba Cloud account with other Alibaba Cloud accounts, you must grant the permissions to access the KMS key in your Alibaba Cloud account to the other Alibaba Cloud accounts. For more information, see the Share encrypted resources across accounts section of the "Encryption-related permissions" topic.

    2. Log on to the ECS console and open the Share Image dialog box.

      1. In the left-side navigation pane, choose Storage & Snapshots > Snapshots.

      2. In the top navigation bar, select the region and resource group to which the resource belongs. 地域

      3. On the Custom Images tab, find the custom image that you want to share and click Share Image in the Actions column.

    3. In the Share Image dialog box, configure the parameters based on your business requirements.

      • Share the custom image with other Alibaba Cloud accounts

        1. In the Shared Account ID field, enter the IDs of the Alibaba Cloud accounts with which you want to share the custom image.

        2. For the Security Confirmation parameter, select After you share the image with accounts, the accounts can obtain the data of the image. To ensure data security, confirm that you want to share the image with the accounts.

        3. Click Confirm.

      • Share the custom image within your organization based on resource directories or folders

        1. To the right of the Sharee Type parameter, click Shared Organization.

          Note

          Only the management account or members that enabled a resource directory can share resources within an organization. If Shared Organization is not displayed, you must enable a resource directory. For more information, see Enable a resource directory.

        2. Go to the Resource Management console to complete the sharing operation. For more information, see Create a resource share.

          Note

          In the Resources section of the Create Resource Share page, set the resource type to ECS Image.

      After you share the custom image, find the image and move the pointer over the image.png icon corresponding to the image to view the Alibaba Cloud accounts with which the image is shared.

      image.png