All Products
Search
Document Center

Elastic Compute Service:Use Alibaba Cloud Client to manage ECS instances

Last Updated:Jan 20, 2025

You can use Alibaba Cloud Client to view and connect to Elastic Compute Service (ECS) instances, elastic container instances, simple application servers, and instances managed by Alibaba Cloud. This topic describes how to use Alibaba Cloud Client to view, connect to, and manage ECS instances.

Prerequisites

View ECS instances

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. On the Instances page, you can view information about ECS instances, as shown in the following figure.

    image

    • ①: This section displays the location information of ECS instances. You can click the icon on the right side of the Region field to switch to a different region.

    • ②: This section displays the list of ECS instances.

    • ③: This section displays the pagination toolbar. You can navigate through pages by using the pagination toolbar.

    • ④: This section displays the instance search box.

      1. Enter an instance ID, public IP address, private IP address, or instance name.

      2. Press the Enter key to search for instances in the current region. You can enter a keyword to perform fuzzy search by instance name.

    • ⑤: This section displays the Actions menu that provides buttons that you can use to perform the following actions:

      • Actions to connect to instances

      • Actions to start, stop, and release instances

      • Actions to configure release protection settings (only for pay-as-you-go instances)

      • Actions to view the monitoring information, security groups, and details of instances

Connect to an ECS instance

Connect to a Windows instance over RDP

You can use the public IP address of your ECS instance or Cloud Assistant if the instance does not have a public IP address on Alibaba Cloud Client to connect to the instance over Remote Desktop Protocol (RDP). Perform the following steps.

Important
  • The Windows instance to which you want to connect must be in the Running state.

  • The Windows instance is assigned a public IP address, or Cloud Assistant Agent is installed on the Windows instance and Cloud Assistant is online. For more information about Cloud Assistant, see Overview of Cloud Assistant.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Perform the following steps based on whether the Windows instance is assigned a public IP address and whether Cloud Assistant is online:

    • If the instance is assigned a public IP address, we recommend that you perform the following steps to connect to the instance:

      1. Find the instance to which you want to connect and choose Actions > Remote Desktop in the Actions column.

      2. In the dialog box that appears, confirm the username and password, and enable the full-screen mode and audio playback. Then, click Connect. Alibaba Cloud Client starts the Windows Remote Desktop Connection application.

      3. In the Remote Desktop Connection dialog box, click Connect.

      4. Enter the password of the Windows instance as prompted and click OK.

    • If the instance is not assigned a public IP address but Cloud Assistant is online, we recommend that you perform the following steps to connect to the instance:

      1. Find the instance to which you want to connect and choose Actions > Start RDP (via Cloud Assistant) in the Actions column.

      2. In the dialog box that appears, configure the port mapping and click Start.

        Set the Remote Port parameter to the port used to access services on the instance and the Local Port parameter to the port that is listened to on your on-premises computer. Turn on or turn off Print Request and Print Response. Specify whether to open http://localhost:8080/ after the port forwarding feature is started.image

      3. In the Remote Desktop Connection dialog box, click Connect.

      4. Enter the password of the Windows instance as prompted and click OK to connect to the instance over RDP.

Connect to a Linux instance over SSH

You can use the public IP address of your ECS instance or Cloud Assistant on Alibaba Cloud Client to connect to the instance over SSH. Perform the following steps.

Important
  • The Linux instance to which you want to connect must be in the Running state.

  • A public IP address is assigned to the Linux instance, or Cloud Assistant Agent is installed on the Linux instance and Cloud Assistant is online.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. In the Actions column, choose Actions > Start Connection (SSH).

  4. Configure the Username parameter. Default value: root. You can specify a username based on your business requirements. Configure the Port Num parameter. Default value: 22. You can specify a port number based on your business requirements. Select a value for the Certifier parameter as the authentication method.

    Valid values of the Certifier parameter:

    • Password: Enter the password of the ECS instance.

      Note

      On Alibaba Cloud Client, you can click the Show Settings icon in the upper-right corner. On the Settings page, click SSH in the left-side navigation pane. Then, configure the Save Password to parameter. To save the instance password to the /.aliyun/secrets.json file on your on-premises computer, set the parameter to Local File. To save the instance password to Key Management Service (KMS), set the parameter to KMS. For more information, see Configure the settings of Alibaba Cloud Client.

    • KeyPair: Use the private key file of an SSH key pair to connect to the instance. You can use one of the following methods to obtain the required private key file:

      • Method 1: Create an SSH key pair (.pem file) in the ECS console, bind the key pair to the ECS instance, and then use the private key of the key pair to connect to the ECS instance. For information about how to create and bind an SSH key pair, see the Create a key pair section of the "Manage SSH key pairs" topic.

      • Method 2: Run the ssh-keygen command to generate an SSH key pair on your on-premises computer, bind the key pair to the ECS instance, and then use the private key of the key pair to connect to the ECS instance. For more information, see Bind a key pair to an instance for password-free logon over SSH.

        Note

        On Alibaba Cloud Client, you can choose Actions > System Manager > Add SSH Key in the Actions column of an ECS instance to bind an SSH private key to the instance. Then, you can use the private key to connect to the ECS instance without the need to provide a password.

    • Temp KeyPair: A temporary key pair is generated and sent to the instance. The key pair is valid for 1 minute. This method eliminates the need to manage passwords and key files.

    We recommend that you use a temporary key pair. This way, you can connect to the instance without the need to provide a password or public IP address. Resource Access Management (RAM) can be used to control the connection permissions.

  5. Click Connect to connect to the ECS instance over SSH.

Connect to an instance by using Session Manager

Important

Before you connect to an ECS instance by using Session Manager, your instance and account must meet specific prerequisites. Otherwise, you cannot connect to the instance. For more information, see the Prerequisites section of the "Connect to an instance by using Session Manager" topic.

You can use Cloud Assistant Session Manager to connect to an ECS instance from Alibaba Cloud Client in the following scenarios:

  • No password is configured for the instance.

  • No public IP address is assigned to the instance.

  • The SSH and RDP ports cannot be enabled for the instance.

Perform the following steps:

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance to which you want to connect and choose Actions > Start Session Manager in the Actions column.

    By default, after the instance is connected, you are logged on as ecs-assist-user if the instance runs Linux or as the system user if the instance runs Windows.

Connect to an instance by using the port forwarding feature of Cloud Assistant

You can use the port forwarding feature of Cloud Assistant to forward network traffic from a port on your on-premises computer to an ECS instance without the need to specify the public IP address of the instance. Then, you can access the services that run on the instance in a secure and convenient manner.

Note

In the following example, the MySQL service uses port 3306 on your instance. Your on-premises computer runs a Linux operating system and uses port 13306 for the MySQL service. In this case, you can use the port forwarding feature to access the MySQL service on your instance from port 13306 on your on-premises computer.

The port forwarding feature provides the following benefits:

  • The operations on Alibaba Cloud Client can be audited and are secure and controllable.

  • RAM can be used to control the connection permissions.

  • The port forwarding feature can be used to access port 22 on instances to allow specific users to connect to the instances over SSH.

  • The port forwarding feature can be used to access the HTTP port on instances to allow users to browse web applications on the instance without the need for a public IP address.

Perform the following steps:

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance to which you want to connect and choose Actions > Port Forwarding (via Cloud Assistant) in the Actions column.

  4. Set the Remote Port parameter to the port used to access services on the instance and the Local Port parameter to the port that is listened to on your on-premises computer. Turn on or turn off Print Request and Print Response. Specify whether to open http://localhost:8080/ after the port forwarding feature is started.

  5. Click Start.

Manage ECS instances

Manage instance status

You can use Alibaba Cloud Client to change the status of an ECS instance based on your business requirements. You can start, stop, restart, or release the instance.

Start an instance

If an ECS instance is in a state in which services cannot be provided, such as the Stopped state, you must start the instance first before you can use the instance.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance that you want to start and choose Actions > Change Instance Status > Start Instance in the Actions column.

  4. In the message that appears, check the instance information and click Start Instance.

Stop an instance

Important

When you stop an ECS instance, services that run on the instance are interrupted. Proceed with caution.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance that you want to stop and choose Actions > Change Instance Status > Stop Instance in the Actions column.

  4. In the dialog box that appears, configure the stop mode and click Stop Instance.

Restart an instance

In most cases, you may need to restart ECS instances for maintenance purposes, such as to apply system updates or to save and apply configurations.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance that you want to restart and choose Actions > Change Instance Status > Reboot Instance in the Actions column.

  4. In the message that appears, check the instance information and click Reboot Instance.

Release an instance

Important
  • If you no longer require an ECS instance, you can release the instance to prevent unnecessary costs.

  • After an instance is released, the data of the instance is deleted and cannot be recovered. We recommend that you create snapshots to back up data before you release the instance. For more information, see Create a snapshot.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance that you want to release and choose Actions > Change Instance Status > Release Instance in the Actions column.

  4. In the message that appears, check the instance information and click Release Instance.

Reset the password of an instance

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance whose logon password you want to reset and choose Actions > System Manager > Reset Password in the Actions column.

  4. In the Reset Password dialog box, enter and confirm a new password, enable password authentication or retain the original settings, and then click Reset Password.

    • The new password is transmitted securely using encryption technology and takes effect immediately, without the need for the instance to restart.

    • After the backend password reset task is complete, you can use the new password to manage your ECS instance.

Enable release protection for an instance

If your critical business runs on a pay-as-you-go instance, you can enable instance release protection to prevent manual release. This helps prevent issues caused by negligence. For more information about instance release protection, see Enable or disable release protection for ECS instances.

Important

This feature is available only for pay-as-you-go instances.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance for which you want to enable release protection and choose Actions > Change Instance Status > Set Deletion Protection in the Actions column.

View the attributes, monitoring information, and security groups of an instance

View the attributes of an ECS instance

You can view the attributes of an instance, including the instance name, hostname, instance type, operating system, and Cloud Assistant status.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance whose attributes you want to view and choose Actions > Show Properties in the Actions column.

View the monitoring information of an ECS instance

You can view the monitoring information of an instance, such as CPU utilization, public bandwidth, and disk read/write rate.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance whose monitoring information you want to view and use one of the following methods to view the monitoring information:

    • Method 1: In the Actions column, choose Actions > View Instance Monitor.

    • Method 2: In the Monitoring column, click the image icon.

View the security groups of an ECS instance

You can use Alibaba Cloud Client to view the security groups of an ECS instance. For more information, see Overview of security groups.

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance whose security groups you want to view.

  3. Find the instance whose security groups you want to view and choose Actions > View Security Groups in the Actions column.

    You can view the IDs, names, types, and rules of the security groups to which the instance belongs.

  4. (Optional) You can click the value in the Egress Rules or Ingress Rules column that corresponds to each security group to create rules, delete rules, or view the details of rules in the security group.

    • Add an inbound or outbound security group rule

      1. Click Add Inbound Rule or Add Outbound Rule above the list of security group rules.

      2. Configure parameters for the rule. For more information, see Security group rules.

    • Modify an authorization policy

      1. In the security group rule list, find the rule whose authorization policy you want to modify and click Modify Policy in the Actions column.

      2. In the dialog box that appears, select Allow or Deny and click Modify Policy.

    • Delete a security group rule

      Find the rule that you want to delete and choose Actions > Revoke Rule in the Actions column.

    • View the details of an inbound or outbound security group rule.

      Find the rule that you want to view and choose Actions > Show Inbound Rule Properties or Actions > Show Outbound Rule Properties in the Actions column to view the attributes of the rule.

Upload and download files by using SFTP

You can use Alibaba Cloud Client to view and manage files or directories on an ECS instance. For example, you can create directories and upload or download files.

Important
  • This feature is available only for Linux instances.

  • The Linux instance is in the Running state.

  • A public IP address is assigned to the Linux instance.

Perform the following steps:

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Find the instance to which you want to connect and choose Actions > File Manager (SFTP) in the Actions column.

  4. Configure the Username parameter. Default value: root. You can specify a username based on your business requirements. Configure the Port Num parameter. Default value: 22. You can specify a port number based on your business requirements. Select a value for the Certifier parameter as the authentication method.

    Valid values of the Certifier parameter:

    • Password: Enter the password of the ECS instance.

      Note

      On Alibaba Cloud Client, you can click the Show Settings icon in the upper-right corner. On the Settings page, click SSH in the left-side navigation pane. Then, configure the Save Password to parameter. To save the instance password to the /.aliyun/secrets.json file on your on-premises computer, set the parameter to Local File. To save the instance password to Key Management Service (KMS), set the parameter to KMS. For more information, see Configure the settings of Alibaba Cloud Client.

    • KeyPair: Use the private key file of an SSH key pair to connect to the instance. You can use one of the following methods to obtain the required private key file:

      • Method 1: Create an SSH key pair (.pem file) in the ECS console, bind the key pair to the ECS instance, and then use the private key of the key pair to connect to the ECS instance. For information about how to create and bind an SSH key pair, see the Create a key pair section of the "Manage SSH key pairs" topic.

      • Method 2: Run the ssh-keygen command to generate an SSH key pair on your on-premises computer, bind the key pair to the ECS instance, and then use the private key of the key pair to connect to the ECS instance. For more information, see Bind a key pair to an instance for password-free logon over SSH.

        Note

        On Alibaba Cloud Client, you can choose Actions > System Manager > Add SSH Key in the Actions column of an ECS instance to bind an SSH private key to the instance. Then, you can use the private key to connect to the ECS instance without the need to provide a password.

    • Temp KeyPair: A temporary key pair is generated and sent to the instance. The key pair is valid for 1 minute. This method eliminates the need to manage passwords and key files.

    We recommend that you use a temporary key pair. This way, you can connect to the instance without the need to provide a password or public IP address. Resource Access Management (RAM) can be used to control the connection permissions.

  5. Click Connect.

    In the file list, you can use the following features to view and manage the files and directories on the Linux instance:

    • New Folder: Create a folder on the ECS instance.

    • Upload Folder: Upload an on-premises folder to the ECS instance.

    • Upload File: Upload an on-premises file to the ECS instance.

    • Download OSS File: Download an object from an Object Storage Service (OSS) bucket to the ECS instance.

    • Download Folder: Download a folder from the ECS instance to your on-premises computer.

    • Create Archive: Compress a folder on the ECS instance. The .tar and .tgz formats are supported.

    • Upload to OSS: Upload files from the ECS instance to a specific OSS bucket.

    image

Send remote commands

You can send remote commands in the ECS console or from Alibaba Cloud Client to quickly perform routine O&M operations, such as batch installing or uninstalling software on ECS instances, resetting user passwords, and automating O&M scripts, on instances. Perform the following steps:

  1. On the Homepage of Alibaba Cloud Client, click ECS.

  2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

  3. Select the instances to which you want to send remote commands and choose Actions > System Manager > Run Command in the Actions column.

  4. In the Run Command dialog box, enter an automated O&M script in the code editor and click Send.

image

Use the private key file of an SSH key pair to enable password-free logon

  1. (Optional) Obtain the private key file of an SSH key pair

    You can use one of the following methods to obtain the required private key file:

    • Method 1: Create an SSH key pair (.pem file) in the ECS console, bind the key pair to an ECS instance, and then use the private key of the key pair to connect to the instance. For information about how to create and bind an SSH key pair, see the Create a key pair section of the "Manage SSH key pairs" topic.

    • Method 2: Run the ssh-keygen command on your on-premises computer to generate an SSH key pair, bind the key pair to an ECS instance, and then use the private key of the key pair to connect to the instance. For more information, see Bind a key pair to an instance for password-free logon over SSH.

  2. On Alibaba Cloud Client, bind the private key of the SSH key pair to the ECS instance.

    After you bind the private key of an SSH key pair to an ECS instance on Alibaba Cloud Client, you can connect to the instance without the need to specify a password or a key file. After the private key of the SSH key pair is bound to the instance, the image icon is displayed for the logon credential of the instance.

    1. On the Homepage of Alibaba Cloud Client, click ECS.

    2. In the upper-left corner of the Instances page, select the region of the instance to which you want to connect.

    3. Find the instance to which you want to bind the private key of the SSH key pair and choose Actions > System Manager > Add SSH Key in the Actions column.

    4. In the Add SSH Key dialog box, select the on-premises SSH private key file, select Append New Key or Replace Exists, and then click Add SSH Key.

  3. Check whether you can connect to the ECS instance without the need to specify a password or a key file.