All Products
Search
Document Center

Elastic Compute Service:ModifyInstanceAttribute

Last Updated:Jun 29, 2026

Modifies some properties of an ECS instance, including the password, instance name, hostname, security group membership, MTU, and instance user data.

Operation description

Instances that are locked for security reasons do not support this operation. For more information, see Impact of resource security locks on API calls.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

ecs:ModifyInstanceAttribute

update

*Instance

acs:ecs:{#regionId}:{#accountId}:instance/{#instanceId}

SecurityGroup

acs:ecs:{#regionId}:{#accountId}:securitygroup/{#SecurityGroupId}

  • ecs:tag
  • ecs:PasswordCustomized
None

Request parameters

Parameter

Type

Required

Description

Example

InstanceId

string

Yes

The instance ID.

i-bp67acfmxazb4ph****

Password

string

No

The password of the instance. The password must be 8 to 30 characters in length and must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. The following special characters are supported: ()`~!@#$%^&*-_+=|{}[]:;'<>,.?/ . For Windows instances, the password cannot start with a forward slash (/). Take note of the following items:

  • The instance cannot be in the Starting state.

  • The new password takes effect after you restart the instance. You can restart the instance in the ECS console (for more information, see Restart an instance) or by calling RebootInstance. Restarting the instance from within the operating system does not take effect.

Note

If you specify the Password parameter, use HTTPS to send the request to avoid password leaks.

Test123456&$

HostName

string

No

The hostname of the operating system. Take note of the following items:

  • The instance cannot be in the Pending or Starting state. Otherwise, the hostname and /etc/hosts configuration may not take effect. You can call DescribeInstances to query the current status of the instance.

  • The new hostname takes effect after you restart the instance. You can restart the instance in the ECS console (for more information, see Restart an instance) or by calling RebootInstance. Restarting the instance from within the operating system does not take effect.

The hostname has the following limits for different operating systems:

  • Windows Server: The hostname must be 2 to 15 characters in length and can contain uppercase letters, lowercase letters, digits, and hyphens (-). It cannot start or end with a hyphen (-), cannot contain consecutive hyphens (-), and cannot contain only digits.

  • Other instances (such as Linux): The hostname must be 2 to 64 characters in length. You can use periods (.) to separate the hostname into multiple segments. Each segment can contain uppercase letters, lowercase letters, digits, and hyphens (-), but cannot contain consecutive periods (.) or hyphens (-). The hostname cannot start or end with a period (.) or hyphen (-).

testHostName

InstanceName

string

No

The name of the instance. The name must be 2 to 128 characters in length. It must start with an uppercase letter, lowercase letter, or Chinese character and cannot start with http:// or https://. The name can contain digits, colons (:), underscores (_), and hyphens (-).

testInstanceName

Description

string

No

The description of the instance. The description must be 2 to 256 characters in length and cannot start with http:// or https://.

testInstanceDescription

UserData

string

No

The instance user data. We recommend that you Base64-encode the data before you pass it in. Take note of the following items:

  • The instance must meet the usage limits for instance user data. For more information, see Create instance user data.

  • After you restart the instance, the new user data is displayed on the instance but is not run.

Note

Before Base64 encoding, the raw data cannot exceed 32 KB. Do not pass in sensitive information such as passwords and private keys in plaintext. If you must pass in sensitive information, encrypt the information, Base64-encode it, and then decrypt it in the same way within the instance.

ZWNobyBoZWxsbyBlY3Mh

Recyclable

boolean

No

Note

This parameter is in invitational preview and is not publicly available.

true

CreditSpecification

string

No

The running mode of the burstable instance. Valid values:

  • Standard: standard mode.

  • Unlimited: unlimited mode.

For more information about the running modes of burstable instances, see What are burstable instances?.

Standard

DeletionProtection

boolean

No

The release protection attribute of the instance. Specifies whether the instance can be released from the console or by calling DeleteInstance.

Note

This attribute applies only to pay-as-you-go instances and only prevents manual release operations. It does not apply to system-initiated release operations.

false

NetworkInterfaceQueueNumber

integer

No

The number of queues for the primary network interface controller (NIC). Take note of the following items:

  • The instance must be in the Stopped state.

  • The value cannot exceed the maximum number of queues per NIC allowed by the instance type. The total number of queues for all NICs on the instance cannot exceed the total queue quota allowed by the instance type. You can call DescribeInstanceTypes to query the maximum number of queues per NIC and the total queue quota for an instance type.

  • If you set this parameter to -1, the number of queues for the primary NIC is reset to the default value for the instance type. You can call DescribeInstanceTypes to query the default number of Elastic Network Interface (ENI) queues for an instance type.

8

SecurityGroupIds

array

No

The IDs of the security groups to which the instance is reassigned. Take note of the following items:

  • Security group IDs in the array cannot be duplicated. The maximum length of the array depends on the maximum number of security groups to which the instance can belong. For more information, see Limits.

  • The instance leaves its current security groups. To retain the current security groups, add their IDs to the array.

  • You can switch between security group types, but the list cannot contain both basic security groups and advanced security groups at the same time.

  • The security groups must belong to the same VPC as the instance.

Note

Changes to security groups take effect on the instance shortly after the modification, but a slight delay may occur.

sg-bp15ed6xe1yxeycg7o****

string

No

The security group ID.

sg-bp15ed6xe1yxeycg7o****

RemoteConnectionOptions

object

No

Note

This parameter is in invitational preview and is not publicly available.

Password

string

No

Note

This parameter is in invitational preview and is not publicly available.

hide

Type

string

No

Note

This parameter is in invitational preview and is not publicly available.

hide

EnableJumboFrame

boolean

No

Specifies whether to enable the Jumbo Frame feature for the instance MTU. Valid values:

  • true: enables the feature.

  • false: does not enable the feature.

Take note of the following items:

  • The instance must be in the Running or Stopped state.

  • The instance must be a VPC-connected instance.

  • After the Jumbo Frame feature is enabled, the MTU value of the instance changes to 8500. After the feature is disabled, the MTU value reverts to 1500. Only some instance types support the Jumbo Frame feature. For more information, see ECS instance MTU.

false

CpuOptions.Core

integer

No

The number of CPU cores. This parameter does not support custom values and can only use the default value.

2

CpuOptions.ThreadsPerCore

integer

No

The number of threads per CPU core. The number of vCPUs of the ECS instance = CpuOptions.Core value × CpuOptions.ThreadsPerCore value.

  • CpuOptions.ThreadsPerCore=1 indicates that hyper-threading is disabled.

  • Only some instance types support custom thread counts.

2

CpuOptions.TopologyType

string

No

The CPU topology type of the instance. Valid values:

  • ContinuousCoreToHTMapping: the hyper-threads of the same core in the CPU topology are continuous.

  • DiscreteCoreToHTMapping: the hyper-threads of the same core are discrete.

Default value: none.

Take note of the following items:

  • The instance must be in the Stopped state.

Note

Only some instance families support this parameter. For information about the supported instance families, see View and modify the CPU topology structure.

DiscreteCoreToHTMapping

PrivateDnsNameOptions

object

No

The private domain name configuration of the instance.

For more information about private private domain resolution, see ECS private private domain resolution.

EnableInstanceIdDnsARecord

boolean

No

Specifies whether to enable DNS resolution from the instance ID-based domain name to the IPv4 address. Valid values:

  • true: enables the resolution.

  • false: disables the resolution.

Default value: false.

false

EnableInstanceIdDnsAAAARecord

boolean

No

Specifies whether to enable DNS resolution from the instance ID-based domain name to the IPv6 address. Valid values:

  • true: enables the resolution.

  • false: disables the resolution.

Default value: false.

false

EnableIpDnsARecord

boolean

No

Specifies whether to enable DNS resolution from the IP-based domain name to the IPv4 address. Valid values:

  • true: enables the resolution.

  • false: disables the resolution.

Default value: false.

false

EnableIpDnsPtrRecord

boolean

No

Specifies whether to enable reverse DNS resolution from the IPv4 address to the IP-based domain name. Valid values:

  • true: enables the resolution.

  • false: disables the resolution.

Default value: false.

false

HostnameType

string

No

The hostname type. Valid values:

  • Custom: custom.

  • IpBased: IP-based hostname.

  • InstanceIdBased: instance ID-based hostname.

Default value: Custom.

Custom

CpuOptions

object

No

NestedVirtualization

string

No

Note

This parameter is in invitational preview and is not publicly available.

enabled

EnableNetworkEncryption

boolean

No

Specifies whether to enable VPC network traffic encryption. Valid values:

  • true: enables the encryption.

  • false: disables the encryption.

Note

This parameter is in invitational preview and is not publicly available.

true

Response elements

Element

Type

Description

Example

object

RequestId

string

The request ID.

473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

Examples

Success response

JSON format

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}

Error codes

HTTP status code

Error code

Error message

Description

400 InvalidInstanceName.Malformed The specified parameter "InstanceName" is not valid. The specified InstanceName parameter is invalid.
400 InvalidDescription.Malformed The specified parameter "Description" is not valid. The source description can be 2 to 256 characters in length. It cannot start with http:// and https://.
400 InvalidRemoteConnectionOptions.Password The remote connection password is invalid.
400 InvalidRemoteConnectionOptions.Type The remote connection type is invalid.
400 InstanceType.ValueNotSupported The instance type not supported.
400 OSType.ValueNotSupported The OS type is not supported.
400 InvalidHostPassword.Malformed The specified parameter "Password" is not valid.
400 InvalidHostName.Malformed The specified parameter "HostName" is not valid.
400 InvalidPassword.Malformed The specified parameter "Password" is not valid.
400 InvalidUserData.SizeExceeded The specified parameter "UserData" exceeds the size.
400 InvalidUserData.NotSupported TThe specified parameter "UserData" only support the vpc and IoOptimized Instance.
400 ImageNotSupportCloudInit The specified image does not support cloud-init.
400 ChargeTypeViolation Pay-As-You-Go instances do not support this operation.
400 InvalidParameter.RecycleBin You do not have permission to set recyclable properties. You are not authorized to perform the operation.
400 InvalidParameter.CreditSpecification The specified CreditSpecification is not supported in this region. The running mode of the specified burst performance instance is not supported in this zone.
400 InvalidInstanceStatus.CreditSpecRestricted The current status of the resource does not support this operation. The resource is in a state that does not support the current operation.
400 InvalidInstanceStatus.NotRunning The current status of the resource is invalid, you can only do this operation when instance is running. The resource is in a state that does not support the operation. Perform the operation when the instance is in the Running state.
400 InvalidNetworkType.NotSupported The classic networkType does not support to modify security group
400 InvalidOperation.EniCountExceeded =The maximum number of eni in a enterprise security group is exceeded.
400 JoinedGroupLimitExceed %s The maximum number of security groups to which the specified resource can be added has been reached. For more information, see the return value of the %s placeholder in the error message.
400 InvalidParameter The specified parameter is not valid. A specified parameter is invalid.
400 InvalidOperation.InvalidEcsState %s
400 InvalidParam.NotSupportJumboFrame Not support jumbo frame.
400 InvalidOperation.InstanceStatusNotSupport The instance status is not support modify mtu config.
400 InvalidOperation.InstanceStatusUnsupported The specified instance status does not support modification of cpu topology type. The specified instance status does not support modification of cpu topology type.
400 InvalidParameter.CpuOptionsTopologyType The specified parameter CpuOptions.TopologyType: %s is not valid. Illegal enumeration value for current CPU topology type
400 InvalidInstanceType.NotSupportCpuOptionsTopologyType The specified instance type does not support CpuOptions.TopologyType: %s. The current specification does not support the specified CPU topology type
400 InvalidAdditionalInfoPvdConfig.SizeExceeded The specified parameter AdditionalInfo.PvdConfig exceeds the size.
400 InvalidInstanceType.NotSupportHighDensityMode The specified instance type does not support the use of the high density mode. The current instance type does not support the cloud disk high-density mode.
400 InvalidStatus.StoppedRequired The current state of the resource does not support this operation, it can only be operated in a stopped state. The current state of the resource does not support this operation, only down state can operate
400 InvalidParameter.CpuOptionsTurboMode The specified parameter TurboMode is not valid. The specified parameter frequency mode is invalid
400 InvalidInstanceType.EnableNVSUnsupported The specified instance type does not support EnableNVS.
400 InvalidInstanceType.EnableVISSTUnsupported The specified instance type does not support EnableVISST.
400 InvalidInstanceType.EnableVRDTUnsupported The specified instance type does not support EnableVRDT.
400 InvalidInstanceType.SingleCoreMaxModeUnsupported The specified instance type does not support TurboMode: "SINGLE CORE MAX". The specified instance type does not support single-core maximum turbo mode
400 InvalidInstanceType.GpuOptionsConfidentialComputingUnsupported The specified instance type does not support the confidential computing mode. the current instance type does not support encrypted computing mode.
400 InvalidParameter.GpuOptionsConfidentialComputing The specified parameter confidential computing mode is not valid. The enum value of the GPU encryption computing mode of the current instance is invalid.
400 InvalidParameterAuthorized.GpuOptionsConfidentialComputing The specified parameter confidential computing mode is unauthorized.
400 InvalidParameter.CpuOptionsNestedVirtualization The specified parameter CpuOptions.NestedVirtualization: %s is not valid.
400 InvalidInstanceType.NotSupportCpuOptionsNestedVirtualization The specified instance type does not support CpuOptions.NestedVirtualization: %s. The specified instance type does not support CpuOptions.NestedVirtualization value.
500 InternalError The request processing has failed due to some unknown error.
403 IncorrectInstanceStatus The current status of the resource does not support this operation.
403 InstanceLockedForSecurity The specified operation is denied as your instance is locked for security reasons.
403 OperationDenied The instance amount in the specified SecurityGroup reach its limit. The maximum number of instances in the specified security group has been reached.
403 InvalidUserData.Forbidden User not authorized to input the parameter "UserData"please apply for permission "UserData"
403 InvalidUserData.Base64FormatInvalid The specified UserData is not valid An error occurred when the specified UserData parameter is encoded.
403 InvalidChargeType.ValueNotSupported Deletion protection is only valid for postPaid instance, not for prePaid or spot instance. Release protection can be enabled only for pay-as-you-go instances.
403 InvalidUser.Unauthorized The user is not authorized You are not authorized to perform this operation.
403 EnterpriseGroupLimited.MutliGroupType The specified instance can not join multi SecurityGroup types. The specified instance cannot belong to both a basic and an advanced security group. You can call the DescribeSecurityGroups operation to query the type of security groups.
403 SecurityGroupInstanceLimitExceed %s
403 InstanceNotInSecurityGroup The instance not in the group.
403 InvalidOperation.InvalidRegion %s
403 InvalidOperation.ResourceManagedByCloudProduct %s You cannot modify security groups managed by cloud services.
403 InvalidParameter.InvalidEniQueueNumber %s
403 InvalidOperation.MaxEniQueueNumberExceeded %s
403 InvalidOperation.ExceedInstanceTypeQueueNumber %s The maximum number of queues for all ENIs on an instance has been exceeded. For more information, see the return value of the %s placeholder in the error message.
403 InvalidOperation.InstanceTypeNotSupportHighPerformanceTrafficMode %s The instance type of the specified instance does not support the NIC of the RDMA communication mode.
403 InvalidParameter.InvalidQueuePairNumber %s
403 InvalidOperation.MaxEniQueuePairNumberExceed %s
403 InvalidOperation.EniQueuePairNumberOverflow %s
403 AclLimitExceed %s The number of ACL rules for an ENI or instance exceeds the upper limit.
403 InvalidInstanceType.CpuOptionsThreadsPerCoreUnsupported The current instance type does not support setting or modifying the CpuOptions.ThreadsPerCore parameter. The current instance type does not support setting or modifying the CpuOptions.ThreadsPerCore parameter.
403 InvalidParameter.CpuOptionsCore The specified parameter CpuOptions.Core is not valid. The specified parameter CpuOptions.Core is not valid.
403 InvalidParameter.CpuOptionsThreadsPerCore The specified parameter CpuOptions.ThreadsPerCore is not valid. The specified parameter CpuOptions.ThreadsPerCore is not valid.
403 InvalidOperation.UserNotSupportNetworkEncryption User not support network encryption. The user does not support specifying network traffic encryption parameters.
403 InvalidOperation.InstanceTypeNotSupportNetworkEncryption The specified instance type does not support network encryption. the specified instance type does not support vpc traffic encryption
404 InvalidInstanceId.NotFound The specified InstanceId does not exist. The specified instanceId is invalid.
404 InvalidSecurityGroupId.NotFound The specified SecurityGroupId does not exist. The specified security group does not exist in this account. Check whether the security group ID is correct.
404 Credit.NotFound The specified credit information does not exist. The specified burst performance instance credit information does not exist.
404 InvalidInstanceStatus.NeedRestart The current status of the resource is invalid, you can only do this operation after instance is restarted.
404 InvalidParameter.SecurityGroupIdRepeated The specified security group ids has repeated. Duplicate security group IDs are specified. Check whether the specified SecurityGroupIds.N parameter is valid.
404 InvalidSecurityGroupType.NotSupportClassic The specified SecurityGroupIds have classic group type. The specified security group is in the classic network. Check whether the specified SecurityGroupIds.N parameter is valid.
404 InvalidSecurityGroupVpc.NotBelongToOneVpc The specified SecurityGroupIds are belong to different vpc. The specified security groups belong to different VPCs. Check whether the specified SecurityGroupIds.N parameter is valid. You can call the DescribeSecurityGroups operation to query the VPCs to which the security groups belong.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.