All Products
Search
Document Center

Elastic Compute Service:Security lock impact on ECS API calls

Last Updated:Jun 20, 2026

An ECS instance is placed under a security lock if a security event is triggered due to security violations, such as cryptocurrency mining, fraud, or the distribution of harmful information. This topic describes how a security lock affects API calls to the instance.

Determine if an instance is security-locked

  • Call the DescribeInstances operation. If the OperationLocks parameter in the response contains LockReason: security, the instance is security-locked.

  • Log on to the ECS console. In the left-side navigation pane, choose Events > Instance Security Events. An instance is security-locked if an event for it appears on the Events of Instances Blocked for Security Reasons tab.

    On the Events of Instances Blocked for Security Reasons tab, the table shows event details. For example, the event name is Instance Blocked for Security Violation, the event level is Critical, the event status is Pending, and the event reason is "Violation of Article 15 of the Measures for the Administration of Internet Information Services".

API call impact

Note

API operations not listed in the following table are unaffected.

API

Impact

StartInstance

The operation fails and returns the InstanceLockedForSecurity error code.

StopInstance

Unaffected.

RebootInstance

The operation fails and returns the InstanceLockedForSecurity error code.

RebootInstances

The operation fails and returns the InstanceLockedForSecurity error code.

DeleteInstance

Unaffected.

DeleteInstances

Unaffected.

DescribeInstanceStatus

Unaffected.

DescribeInstances

Unaffected.

DescribeInstanceTypes

Unaffected.

DescribeInstanceAttribute

Unaffected.

ModifyInstanceAttribute

The operation fails and returns the InstanceLockedForSecurity error code.

ModifyInstanceChargeType

The operation fails and returns the InstanceLockedForSecurity error code.

ModifyInstanceSpec

The operation fails and returns the InstanceLockedForSecurity error code.

ModifyPrepayInstanceSpec

The operation fails and returns the InstanceLockedForSecurity error code.

ModifyInstanceAutoReleaseTime

The operation fails and returns the InstanceLockedForSecurity error code.

AttachInstanceRamRole

Unaffected.

DescribeInstanceRamRole

Unaffected.

DetachInstanceRamRole

Unaffected.

DescribeInstanceVncUrl

The operation fails and returns the IncorrectInstanceStatus error code.

ModifyInstanceVncPasswd

Unaffected.

ModifyInstanceMetadataOptions

Unaffected.

DescribeUserData

Unaffected.

RenewInstance

Unaffected.

DescribeInstanceAutoRenewAttribute

Unaffected.

ModifyInstanceAutoRenewAttribute

Unaffected.

ReActivateInstances

The operation fails.

CreateImage

The operation fails with the InstanceLockedForSecurity error code when you create an image from the locked instance.

CreateDisk

Unaffected.

DescribeDisks

Unaffected.

AttachDisk

Unaffected.

DetachDisk

This error is reported when a cloud disk attached to the ECS instance is in the In_use state. Error code: InstanceLockedForSecurity

ResizeDisk

When a cloud disk attached to the ECS instance is in use (In_use), an error is reported. Error code: InstanceLockedForSecurity

ModifyDiskAttribute

Unaffected.

ModifyDiskChargeType

The InstanceLockedForSecurity error occurs when a cloud disk that is attached to the ECS instance is in the In_use state.

ModifyDiskSpec

The InstanceLockedForSecurity error is reported when a cloud disk attached to the ECS instance is in the In_use state.

ReplaceSystemDisk

An error occurs if the cloud disk attached to the ECS instance is in the In_use state. The error code is IncorrectInstanceStatus.

ResetDisk

An error occurs when a cloud disk attached to the ECS instance is in the In_use state. Error code: InstanceLockedForSecurity

ResetDisks

Unaffected.

ReInitDisk

When a cloud disk mounted on the ECS instance is in the In_use state, the InstanceLockedForSecurity error is reported.

DeleteDisk

An error is reported if the cloud disk attached to the ECS instance is in the In_use state. Error code: IncorrectInstanceStatus

CreateSnapshot

An error is reported when the cloud disk attached to the ECS instance is in use (In_use). The error code is InstanceLockedForSecurity.

DescribeSnapshots

Unaffected.

DeleteSnapshot

Unaffected.

ModifyAutoSnapshotPolicy

Unaffected.

ModifyInstanceNetworkSpec

The operation fails and returns the InstanceLockedForSecurity error code.

AllocatePublicIpAddress

The operation fails and returns the InstanceLockedForSecurity error code.

ConvertNatPublicIpToEip

The operation fails and returns the IncorrectInstanceStatus error code.

ModifyInstanceVpcAttribute

Unaffected.

JoinSecurityGroup

Unaffected.

LeaveSecurityGroup

Unaffected.

AttachKeyPair

Unaffected.

DetachKeyPair

Unaffected.

RunCommand

The command is accepted but fails to run. No error is returned.

InvokeCommand

The command is accepted but fails to run. No error is returned.

GetInstanceScreenshot

The operation fails and returns the IncorrectInstanceStatus error code.

GetInstanceConsoleOutput

The operation fails and returns the IncorrectInstanceStatus error code.

DescribeInstanceAttachmentAttributes

Unaffected.

ModifyInstanceAttachmentAttributes

The operation fails and returns the InstanceLockedForSecurity error code.

DescribeInstancesFullStatus

Unaffected.

DescribeDisksFullStatus

Unaffected.

DescribeInstanceHistoryEvents

Unaffected.

CreateSimulatedSystemEvents

Unaffected.

CancelSimulatedSystemEvents

Unaffected.

AcceptInquiredSystemEvent

Unaffected.

CreateDiagnosticReport

Unaffected.

DescribeDiagnosticReports

Unaffected.

DescribeDiskMonitorData

Unaffected.

DescribeInstanceMonitorData

Unaffected.

DescribeInstanceMaintenanceAttributes

Unaffected.

ModifyInstanceMaintenanceAttributes

Unaffected.

RedeployInstance

The operation fails.

ReportInstancesStatus

Unaffected.

TagResources

Unaffected.

ListTagResources

Unaffected.

UntagResources

Unaffected.

JoinResourceGroup

Unaffected.