All Products
Document Center

Pull an image from Docker Hub to create an elastic container instance

Last Updated: Apr 01, 2021

This topic describes how to pull an image from Docker Hub to create an elastic container instance.


Before you start, make sure that the following requirements are met:

  • Elastic Container Instance and Resource Access Management (RAM) are activated. The related RAM roles are authorized.

  • A VPC and a vSwitch are created. For more information, see Work with VPCs and Work with vSwitches.

  • A NAT gateway is bound to the VPC and source network address translation (SNAT) rules are configured, or an elastic IP address (EIP) is created.


    By default, Elastic Container Instance does not provide external Internet links to pull images over the Internet. If you need to pull images from external image repositories such as Docker Hub, you must configure Internet access. For more information, see Enable Internet access.


This section describes the key configurations and procedure of pulling an image from Docker Hub to create an elastic container instance. For some parameters, only the required or default configurations are used.

  1. Go to the Elastic Container Instance buy page.

  2. Select a region and a zone.

    As long as your business requirements can be met, we recommend that you select the zone that has sufficient resources. For more information, see Regions and zones.

  3. Select a VPC and a vSwitch.

    After you select the resources, the corresponding information including the CIDR block is displayed on the page.

  4. Select an EIP from the drop-down list.


    If you have not bound a NAT gateway to the VPC and configured the SNAT rules, the elastic container instance cannot access the Internet. In this case, you must associate an EIP with the elastic container instance.

  5. Select a security group. Security groups work as virtual firewalls that provide Stateful Packet Inspection (SPI) and packet filtering capabilities to isolate security domains on the cloud. You can configure security group rules to enable or disable the access to the Internet or internal network and access to or from specific IP addresses. For more information, see Overview.


    If you want to access elastic container instances in VPCs over the Internet, you must enable the corresponding ports in the security groups. For more information, see Add security group rules.

  6. Configure the container group.

    1. Configure the restart policy.

    2. Enter the name of the container group.

    3. Add a container.


      The following table describes the key parameters.




      Container Name

      Customize a container name. The requirements for the parameter value are displayed on the buy page.



      Select a container image and the corresponding version based on your needs.

      nginx selected on the Docker Hub Images tab and 1.9.8 as the version

      Image Pulling Policy

      Select an image pulling policy based on your needs.

      • Always: The image is pulled every time a container is created.

      • On-demand: Local images are preferentially used. If no local images exist, this image is pulled

      • Never: Only local images are used.


      vCPU and Memory

      Specify the vCPUs and memory of the container based on your needs.

      2 vCPUs and 4 GiB

  7. Click Preview.

  8. Confirm the configurations, read and select Elastic Container Instance Service Agreement, and then click Create ECI.

    After the elastic container instance is created, you can view it on the Container Group page.