Before you import custom images in the Elastic Compute Service (ECS) console, you must create Object Storage Service (OSS) buckets and then upload the corresponding image files to the buckets. This topic describes the permissions required to upload image files and how to upload image files.
Prerequisites
An image file is obtained. For more information, see Obtain a Linux image file and Obtain a Windows image file.
OSS is activated by using your Alibaba Cloud account. For more information, see Activate OSS.
If you use a Resource Access Management (RAM) user, contact the owner of the Alibaba Cloud account to which the RAM user belongs and ask the owner to grant the RAM user the operation permissions on OSS buckets. For more information, see the Grant permissions for different scenarios section of this topic.
Grant permissions for different scenarios
Use an Alibaba Cloud account to create a custom policy that contains the required permissions for a RAM user based on the actual scenario. Make sure that the policy follows the principle of least privilege. For more information, see the Create a custom policy on the JSON tab section of the "Create custom policies" topic.
Scenario 1: You want to use an Alibaba Cloud account to upload image files to OSS buckets as described in this topic and use a RAM user to import the corresponding images to ECS. In this case, you must grant the RAM user the read permissions on OSS buckets. For information about how to import images to ECS, see Import custom images. For information about the sample custom policy, see the Custom policy that grants a RAM user the permissions to read OSS buckets section of the "Custom policies for ECS" topic.
Scenario 2: You want to use a RAM user to upload image files to OSS buckets as described in this topic and import the corresponding images to ECS. In this case, you must grant the RAM user the read and write permissions on OSS buckets. For information about how to import images to ECS, see Import custom images. For information about the sample custom policy, see the Custom policy that grants a RAM user the permissions to read and write OSS buckets section of the "Custom policies for ECS" topic.
NoteFor more information about how to grant a RAM user the read and write permissions on a specific OSS bucket, see Tutorial: Use RAM policies to control access to OSS.
Attach the policy to the RAM user by using the Alibaba Cloud account. For more information, see Grant permissions to a RAM role.
ImportantIn the preceding steps, make sure that the scope of the permissions that are granted to the RAM user is account-wide instead of limited to a specific resource group. If the scope of the permissions is limited to a specific resource group, make sure that the images that you want to import belong to the specified resource group. For information about how to import images to ECS, see Import custom images.
Create an OSS bucket and upload an image file
To create an OSS bucket and upload an image file to the bucket, perform the following steps. To view the video tutorial, see Import custom images.
You can also use the OSS graphical management tool ossbrowser to upload image files. For more information, see Use ossbrowser.
Log on to the OSS console.
Create a bucket in the OSS console.
For more information, see Create buckets.
Upload an image file to the bucket.
For more information, see Upload objects.
NoteThe size of the image file that you want to upload in the OSS console cannot exceed 5 GB. For information about how to upload an image file whose size exceeds 5 GB, see Multipart upload.
The image file must be in the RAW, Virtual Hard Disk (VHD), or QEMU Copy-On-Write 2 (QCOW2) format and must not be compressed.
Obtain the object URL of the image file.
For more information, see Use object URLs.
When you obtain the URL of an object, take note of the following items:
You must use the same Alibaba Cloud account to obtain the URL of an image file and import the image to ECS. For information about how to import images to ECS, see Import custom images.
The URL of an object must be the public URL that is generated when you share the object in OSS. Internal endpoints that are provided by OSS cannot be used to import images. If you use an internal endpoint to import an image, an error occurs. For information about the internal endpoints of OSS, see the Obtain the internal endpoint for a bucket section of the "Access to OSS resources from an ECS instance by using an internal endpoint of OSS" topic.
References
After you upload image files to OSS, you can import the custom images in the ECS console or by using Server Migration Center (SMC). For more information, see Import custom images.