ECS images are region-specific, which complicates multi-region service deployment: you must manually replicate images to each target region, update image IDs per region in your template, and manage permissions separately — and repeat all of this each time you release a new image version.
ECS image deployment packages automate this process. Create a deployment package, associate it with your source image, and Compute Nest handles image replication, region-to-image-ID mapping, and permission management across all selected regions.
How it works
When you publish an ECS image deployment package, Compute Nest performs three operations automatically:
Image replication — Compute Nest replicates your source ECS image to the Compute Nest general account used for multi-region distribution.
Image mapping — When a customer deploys your service, Compute Nest detects the target region and substitutes the correct regional image ID for the
ImageIdvalue in your template. The mapping is dynamic; you do not need to update the template for each region.Permission management — The deployment package inherits visibility from its associated services:
Associated services Deployment package visibility None Private (only you can use it) At least one public service Public All services are private Private A service has a whitelist Same whitelist applies
Template requirements
Before creating a deployment package, verify that your ROS or Terraform template meets the following requirements.
Parameter constraint (applies to both ROS and Terraform): The image ID value must be a static string literal. You cannot supply this value from an input parameter or a built-in function.
| Resource type | ROS parameter | ROS resource type | Terraform parameter | Terraform resource type |
|---|---|---|---|---|
| ECS instance | ImageId | ALIYUN::ECS::Instance | image_id | alicloud_instance |
| ECS instance group | ImageId | ALIYUN::ECS::InstanceGroup | — | — |
| Auto Scaling group | ImageId | ALIYUN::ESS::ScalingGroup | image_id | ALIYUN::ESS::ScalingGroup |
| E-HPC cluster | ImageId | ALIYUN::EHPC::Cluster | — | — |
For ROS templates, specify ImageId in the Resources section. For Terraform templates, specify image_id in the resource block.
Create an ECS image deployment package
Prerequisites
Before you begin, ensure that you have:
An ECS image to use as the source. Compute Nest supports two image types:
Custom images — ECS images you created in your Alibaba Cloud account. If you don't have one, create a custom image from an instance.
Alibaba Cloud Marketplace images — images available in Alibaba Cloud Marketplace.
A ROS or Terraform template that meets the template requirements above.
Create and publish the deployment package
Log on to the Compute Nest console. In the left-side navigation pane, click Service Deployment Package. In the Deployment Package section, click Create Deployment Package.
In the Deployment Package Information section, configure the following parameters.
Parameter Description Deployment Package Name 3–128 characters; letters, digits, and underscores (_). Cannot be changed after creation. Version Name 3–50 characters; letters, digits, and underscores (_). Description 10–500 characters. Resource Group The resource group for this deployment package. Resource groups let you organize resources by usage, permission, and region. See Manage resource groups. Tag Settings Tags to attach to the deployment package. Up to 20 tags per package. See Add a custom tag. Configure the ECS image deployment package content.
In the Deployment Package Content section, set Deployment Package Type to ECS Image. Configure Image Type and Select Product based on the image you prepared.
In the Distribution Settings section, select the regions to distribute the package to. > Important: Select at least one region.
Click Publish Deployment Package. > Note: To test the package before publishing, click Save Deployment Package first. After testing, click Publish Deployment Package. Before you publish, the package can only be tested in the region where the source ECS image resides — not in the selected distribution regions. After a version is published, its content is locked; to make changes, create a new version or a new deployment package.
Return to the Service Deployment Package page, find the deployment package you created, and click its name to open the Deployment Package Details page. Distribution can take from several minutes to several hours, depending on the region and image size. Once the package reaches the Available state, click the Deployment Package Version tab, find the version, and click View in the Actions column to review distribution results.
Use an ECS image deployment package
The following example creates a private service to show how to associate an ECS image deployment package with a service template.
Log on to the Compute Nest console. In the left-side navigation pane, click My Services.
On the Created Services tab, click Create Service.
On the Create Service page, set Select Service Creation Method to Custom Launch and Select Service Type to Private Service, then click Next: Configure Settings.
Specify the basic service information. In the Template section, select or enter a template. This example uses Scenario-based Template.
If the template contains an
ImageIdparameter, configure Associate ECS Image in the Deployment Package Association section. Sample templateThis sample template is for testing only.
ROSTemplateFormatVersion: '2015-09-01' Description: en: This template deploys custom image for single instance, supports creating new VPC and specifying VPC. zh-cn: Conditions: CreateVpcConditions: Fn::Equals: - true - Ref: WhetherCreateVpc IfAllocatePublicIP: Fn::Equals: - Ref: AllocatePublicIP - true Parameters: PayType: Type: String Label: en: ECS Instance Charge Type zh-cn: AssociationProperty: ChargeType AssociationPropertyMetadata: LocaleKey: InstanceChargeType Default: PostPaid AllowedValues: - PostPaid - PrePaid PayPeriodUnit: Type: String Label: en: Pay Period Unit zh-cn: AssociationProperty: PayPeriodUnit AssociationPropertyMetadata: Visible: Condition: Fn::Not: Fn::Equals: - ${PayType} - PostPaid Default: Month AllowedValues: - Month - Year PayPeriod: Type: Number Label: en: Period zh-cn: AssociationProperty: PayPeriod AssociationPropertyMetadata: Visible: Condition: Fn::Not: Fn::Equals: - ${PayType} - PostPaid Default: 1 AllowedValues: - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 EcsInstanceType: Type: String Label: en: Instance Type zh-cn: AssociationProperty: ALIYUN::ECS::Instance::InstanceType AssociationPropertyMetadata: ZoneId: ${ZoneId} InstanceChargeType: ${InstanceChargeType} ZoneId: Type: String Label: en: Availability Zone zh-cn: AssociationProperty: ALIYUN::ECS::Instance::ZoneId WhetherCreateVpc: Type: Boolean Label: en: WhetherCreateVpc zh-cn: Default: false VpcCidrBlock: Type: String Label: en: VPC CIDR IPv4 Block zh-cn: Description: zh-cn: en: 'The ip address range of the VPC in the CidrBlock form; <br>You can use the following ip address ranges and their subnets: <br><font color=''green''>[10.0.0.0/8]</font><br><font color=''green''>[172.16.0.0/12]</font><br><font color=''green''>[192.168.0.0/16]</font>' AssociationProperty: ALIYUN::VPC::VPC::CidrBlock AssociationPropertyMetadata: Visible: Condition: Fn::Equals: - ${WhetherCreateVpc} - true Default: 192.168.0.0/16 VSwitchCidrBlock: Type: String Label: en: VSwitch CIDR Block zh-cn: Description: zh-cn: en: Must belong to the subnet segment of VPC. AssociationProperty: ALIYUN::VPC::VSwitch::CidrBlock AssociationPropertyMetadata: VpcCidrBlock: VpcCidrBlock Visible: Condition: Fn::Equals: - ${WhetherCreateVpc} - true Default: 192.168.1.0/24 VpcId: Type: String Label: en: VPC ID zh-cn: AssociationProperty: ALIYUN::ECS::VPC::VPCId AssociationPropertyMetadata: Visible: Condition: Fn::Equals: - ${WhetherCreateVpc} - false Default: '' VSwitchId: Type: String Label: en: VSwitch ID zh-cn: AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId AssociationPropertyMetadata: VpcId: ${VpcId} ZoneId: ${ZoneId} Visible: Condition: Fn::Equals: - ${WhetherCreateVpc} - false Default: '' InstancePassword: Type: String Label: en: Instance Password zh-cn: Description: en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in) zh-cn: ConstraintDescription: en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in) zh-cn: AssociationProperty: ALIYUN::ECS::Instance::Password AllowedPattern: '[0-9A-Za-z\_\-\&:;''<>,=%`~!@#\(\)\$\^\*\+\|\{\}\[\]\.\?\/]+$' MinLength: 8 MaxLength: 30 NoEcho: true SystemDiskCategory: Type: String Label: en: System Disk Category zh-cn: AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory AssociationPropertyMetadata: LocaleKey: DiskCategory InstanceType: ${EcsInstanceType} AllowedValues: - cloud_efficiency - cloud_ssd - cloud_essd SystemDiskSize: Type: Number Label: zh-cn: en: System Disk Space (GB) Default: 200 DataDiskCategory: Type: String Label: zh-cn: en: Data disk type AssociationProperty: ALIYUN::ECS::Disk::DataDiskCategory AssociationPropertyMetadata: InstanceType: EcsInstanceType ZoneId: ZoneId LocaleKey: DiskCategory DataDiskSize: Type: Number Label: zh-cn: en: Data disk space Description: zh-cn: en: 'ECS Instance disk size, range of values: 20-32768, units: GB' Default: 200 MinValue: 20 MaxValue: 32768 AllocatePublicIP: Type: Boolean Label: zh-cn: en: allocate public ip Default: true InternetMaxBandwidthOut: Type: Number Label: zh-cn: en: Internet Max Bandwidth Out Description: zh-cn: en: no public ip if zero AssociationPropertyMetadata: Visible: Condition: Fn::Equals: - ${AllocatePublicIP} - true Default: 5 MinValue: 0 MaxValue: 100 Resources: EcsVpc: Type: ALIYUN::ECS::VPC Condition: CreateVpcConditions Properties: CidrBlock: Ref: VpcCidrBlock VpcName: Ref: ALIYUN::StackName EcsVSwitch: Type: ALIYUN::ECS::VSwitch Condition: CreateVpcConditions Properties: ZoneId: Ref: ZoneId VpcId: Ref: EcsVpc CidrBlock: Ref: VSwitchCidrBlock EcsSecurityGroup: Type: ALIYUN::ECS::SecurityGroup Properties: # Specify a name for the security group based on the software name. #SecurityGroupName: nginx-sg VpcId: Fn::If: - CreateVpcConditions - Ref: EcsVpc - Ref: VpcId # Specify inbound rules of the security group based on the ports that are listened to by the software. By default, all ports are enabled in the outbound direction. #SecurityGroupIngress: # - PortRange: 80/80 # Priority: 1 # SourceCidrIp: 0.0.0.0/0 # IpProtocol: tcp EcsInstanceGroup: Type: ALIYUN::ECS::InstanceGroup Properties: ZoneId: Ref: ZoneId VpcId: Fn::If: - CreateVpcConditions - Ref: EcsVpc - Ref: VpcId VSwitchId: Fn::If: - CreateVpcConditions - Ref: EcsVSwitch - Ref: VSwitchId SecurityGroupId: Ref: EcsSecurityGroup ImageId: centos_7 IoOptimized: optimized InstanceChargeType: Ref: PayType PeriodUnit: Ref: PayPeriodUnit Period: Ref: PayPeriod SystemDiskCategory: Ref: SystemDiskCategory # You can adjust the size of the system disk based on your business requirements. SystemDiskSize: Ref: SystemDiskSize # The configurations of the data disk. DiskMappings: - Category: Ref: DataDiskCategory Size: Ref: DataDiskSize MaxAmount: 1 InstanceType: Ref: EcsInstanceType Password: Ref: InstancePassword # The public bandwidth. A value of 0 indicates that Internet access is disabled. InternetMaxBandwidthOut: Fn::If: - IfAllocatePublicIP - Ref: InternetMaxBandwidthOut - 0 InstanceName: Fn::Join: - '-' - - Ref: ALIYUN::StackName - '[1,4]' WaitConditionHandle: Type: ALIYUN::ROS::WaitConditionHandle Properties: {} WaitCondition: Type: ALIYUN::ROS::WaitCondition Properties: Count: 1 Handle: Ref: WaitConditionHandle # The timeout period to run the command. Timeout: 300 InstanceRunCommand: Type: ALIYUN::ECS::RunCommand Properties: InstanceIds: Fn::GetAtt: - EcsInstanceGroup - InstanceIds CommandContent: Fn::Sub: - | #!/bin/bash # 1. If you use a data disk, you must format the data disk and mount it to the specified directory. In this example, the data disk is mounted to the /data directory. init_and_mount_data_disk() { local fs_type=$1 local mount_point=$2 # Query disk devices and exclude disk partitions. devices=(`lsblk -o NAME,FSTYPE --noheadings --nodeps | awk '$2 == "" {print $1}'`) # Query the disk devices that do not have file systems. for device in ${!devices[@]}; do lsblk -o NAME,FSTYPE --noheadings | awk '$2 != "" {print $1}' | grep ${!device} if [[ $? -eq 1 ]]; then data_disk=${!device} break fi done # Create a file system for the data disk. mkfs -t ${!fs_type} /dev/${!data_disk} cp /etc/fstab /etc/fstab.bak mkdir ${!mount_point} # Update the /etc/fstab file and mount the disk. echo `blkid /dev/${!data_disk} | awk '{print $2}' | sed 's/\\\"//g'` ${!mount_point} ext4 defaults 0 0 >> /etc/fstab mount -a } # Mount the disk to the /data directory. init_and_mount_data_disk ext4 /data # 2. Install the software or initialize the software. For example, specify a data disk directory as the data file directory. # yum install -y nginx # 3. If you need to start the software at startup, add and enable the corresponding system service. # systemctl enable nginx.service # 4. Configure the startup script or start the system service. # systemctl start nginx.service # 5. If the script is successfully executed, trigger a callback and stop waiting based on WaitCondition. ${CurlCli} -d "{\"Data\" : \"Success\", \"status\" : \"SUCCESS\"}" # If the script fails to be executed, run the following command to return FAILURE and the error message. # ${CurlCli} -d "{\"Data\" : \"error message\", \"status\" : \"FAILURE\"}" - CurlCli: Fn::GetAtt: - WaitConditionHandle - CurlCli Type: RunShellScript # Set the timeout period based on the command execution time. Unit: seconds. If the command execution times out, the deployment fails. Timeout: 300 # The outputs are defined based on the software requirements. # In this example, NGINX is used and the output is the public URL to access the website. #Outputs: # endpoint: # Condition: IfAllocatePublicIP # Description: # zh-cn: # en: Public IP Addresses # Value: # Fn::Sub: # - http://${ServerAddress} # - ServerAddress: # Fn::Select: # - 0 # - Fn::GetAtt: # - EcsInstanceGroup # - PublicIps Metadata: ALIYUN::ROS::Interface: ## The order of parameter groups determines the order of the parameters displayed on the page to create the service instance. ## If most instance types are supported, such as the instances of the x86 architecture, you can specify the zone configurations first by referring to the comments. # ParameterGroups: # - Parameters: # - ZoneId # Label: # default: # zh-cn: # en: Zone Configuration # - Parameters: # - WhetherCreateVpc # - VpcCidrBlock # - VSwitchCidrBlock # - VpcId # - VSwitchId # Label: # default: # zh-cn: # en: VPC Configuration # - Parameters: # - PayType # - PayPeriodUnit # - PayPeriod # Label: # default: # en: PayType Configuration # zh-cn: # - Parameters: # - EcsInstanceType # - InstancePassword # - SystemDiskCategory # - SystemDiskSize # - DataDiskCategory # - DataDiskSize # - AllocatePublicIP # - InternetMaxBandwidthOut # Label: # default: # en: Instance # zh-cn: ParameterGroups: - Parameters: - PayType - PayPeriodUnit - PayPeriod Label: default: en: PayType Configuration zh-cn: - Parameters: - EcsInstanceType Label: default: zh-cn: en: ECS Instance Type Configuration - Parameters: - ZoneId Label: default: zh-cn: en: Zone Configuration - Parameters: - WhetherCreateVpc - VpcCidrBlock - VSwitchCidrBlock - VpcId - VSwitchId Label: default: zh-cn: en: VPC Configuration - Parameters: - InstancePassword - SystemDiskCategory - SystemDiskSize - DataDiskCategory - DataDiskSize - AllocatePublicIP - InternetMaxBandwidthOut Label: default: en: Instance zh-cn: TemplateTags: - acs:example:Independent software vendor (ISV) software deployment: This template is used to deploy a single instance with a data disk by using a custom image. A public IP address is optional.
Click Select Deployment Package. In the dialog box, select the deployment package and version, then click OK. The source image ID in the template is replaced with the ECS image deployment package.
Important- Draft version (not yet distributed): The associated image can only be used in the region where it was created. - Formal version (distributed): The associated image can be used in the region where it was created and in all regions it has been distributed to.
Save and test the service. After testing passes, verify the service meets the review criteria and submit it for review.
After approval, publish the service.
When a customer creates a service instance in a region, Compute Nest automatically uses the image already distributed to that region.
Image ID before replacement
Image ID after replacement
Limitations
You can modify the cloud resources of an ECS image deployment package in a template.
After a deployment package version is published, its content cannot be modified. To update the image or distribution regions, create a new version.
What's next
Create a service — full walkthrough for creating a Compute Nest service.
Create a new version — update distribution regions or image content by creating a new deployment package version.
Delete a deployment package — remove a deployment package or version you no longer need.
Configure service update settings — configure how your service handles updates when a new deployment package version is available.