Share a custom image with other accounts or within your organization to replicate environments across accounts.
Use cases
-
Images can only be shared with accounts in the same region.
-
You can only share custom images that you own. Re-sharing images shared by other accounts is not supported.
-
Custom images created from Marketplace images cannot be shared between the China site (aliyun.com) and the international site (alibabacloud.com).
Sharing methods
|
Sharing method |
Use case |
Benefits |
Limitations |
|
Share with specified accounts |
Share with a small, fixed number of partners or individual accounts. |
Simple setup. |
Requires manual management of recipient account IDs. |
|
Share within an enterprise organization |
Dynamically share an image with your entire organization or member accounts in a specific resource folder through Resource Directory. |
Sharing permissions update automatically when members join or leave, simplifying centralized management. |
Depends on the Resource Directory service to share resources. The sharing account must meet one of these requirements:
|
Before you begin
Complete these preparations and security checks before sharing an image.
-
Obtain recipient information:
-
To share with a specified account: Obtain the recipient's Alibaba Cloud account ID.
-
To share within your organization: Ensure your account has enabled Resource Directory and resource sharing.
-
-
Clean sensitive data from the image: Before creating the image, remove sensitive data such as command history, SSH keys, network configurations, temporary files, and access credentials to prevent data leaks.
-
Sharing encrypted images: To share an encrypted image, first create and authorize the
AliyunECSShareEncryptImageDefaultRolerole as described in Share encrypted resources across accounts.
Procedure
Scenario 1: Share with a specified account
Console
-
Go to the Images page of the ECS console. Select the resource group and region of the image.
-
On the Custom Images tab, find the target image. In the Actions column, click Shared Images.
-
In the Share Image dialog box:
-
In the Sharee Account ID field, enter the recipient's Alibaba Cloud account ID.
-
Select the Security Confirmation checkbox, then click OK.
-
API
Call ModifyImageSharePermission - Manage image sharing permissions to share a custom image with other accounts.
Scenario 2: Share within an organization
-
Go to the Images page of the ECS console. Select the resource group and region of the image.
-
On the Custom Images tab, find the target image. In the Actions column, click Shared Images.
-
For Sharee Type, click Shared Organization. You are redirected to the Resource Sharing console. Complete the sharing by following Create a resource share and selecting ECS image as the resource type.
Only a management account or a member account with Resource Directory enabled can share resources within an organization. If Shared Organization is not available, enable Resource Directory first.
If you have already shared an image with an account through Resource Directory, do not share it again with the same account by specifying the account ID. This can cause data inconsistencies.
Billing
Image sharing is free. However, if a shared image originates from a paid image, the recipient is charged an image usage fee when creating an ECS instance from it.
For example, Image A is a paid image. Account A shares it with Account B. When Account B creates an instance from the shared image, Account B is charged for both the image and the instance resources.
Limitations
-
A quota limits the number of accounts with which you can share a single custom image. This does not affect recipients' custom image quotas. View the Quota of Shared Users per Custom Image quota in the Quota Center and request a quota increase if needed.
-
Custom ECS images cannot be shared to Simple Application Server. However, you can share a custom image from Simple Application Server to ECS.
icon for the shared image to view the recipients' Alibaba Cloud account IDs.