All Products
Search
Document Center

Elastic Compute Service:CreateLaunchTemplateVersion

Last Updated:Jun 29, 2026

Creates a new version in a specified ECS launch template for subsequent creation of ECS instances, elastic scaling groups, or auto provisioning groups.

Operation description

Operation description

To modify the parameters of a specific version, create a new template version. Each instance launch template supports a maximum of 30 versions.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

ecs:CreateLaunchTemplateVersion

create

*LaunchTemplate

acs:ecs:{#regionId}:{#accountId}:launchtemplate/{#launchtemplateId}

None None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

Yes

The region ID. You can call DescribeRegions to query the most recent region list.

cn-hangzhou

RegionId

string

Yes

The region ID. You can call DescribeRegions to query the most recent region list.

cn-hangzhou

LaunchTemplateId

string

No

The ID of the launch template. For more information, call DescribeLaunchTemplates. You must specify LaunchTemplateId or LaunchTemplateName to determine the launch template.

lt-m5eiaupmvm2op9d****

LaunchTemplateName

string

No

The name of the launch template. The name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain digits, colons (:), underscores (_), and hyphens (-).

testLaunchTemplateName

VersionDescription

string

No

The description of the launch template version. The description must be 2 to 256 characters in length and cannot start with http:// or https://.

testVersionDescription

ImageId

string

No

The ID of the image used to create the instance. You can call DescribeImages to query available image resources.

win2008r2_64_ent_sp1_en-us_40G_alibase_20170915.vhd

ImageOwnerAlias

string

No

The source of the image.

Note

This parameter will be deprecated. To improve compatibility, use other parameters.

system

PasswordInherit

boolean

No

Specifies whether to use the preset password of the image. Valid values:

  • true

  • false

Default value: false.

Note

When you use this parameter, the Password parameter must be empty. You must also make sure that the image has a preset password.

false

InstanceType

string

No

The instance type. For more information, see Instance family. You can also call DescribeInstanceTypes to query the most recent instance type list.

ecs.g5.large

SecurityGroupId

string

No

The ID of the security group to which the instance created by using this version belongs. Instances in the same security group can communicate with each other.

Note

You cannot specify both SecurityGroupId and SecurityGroupIds.N.

sg-bp15ed6xe1yxeycg****

VpcId

string

No

The ID of the virtual private cloud (VPC) to which the instance belongs.

vpc-bp12433upq1y5scen****

VSwitchId

string

No

The ID of the vSwitch. You must specify this parameter when you create a VPC-connected instance.

vsw-bp1s5fnvk4gn2tws0****

InstanceName

string

No

The name of the instance. The name must be 2 to 128 characters in length and can contain letters, digits, and characters from the Unicode letter category (which includes characters from various languages). The name can contain colons (:), underscores (_), periods (.), and hyphens (-). The default value is the InstanceId of the instance.

When you create multiple ECS instances at a time, you can batch configure sequential instance names that contain brackets ([]) and commas (,). For more information, see Batch configure sequential names or hostnames for multiple instances.

k8s-node-[1,4]-alibabacloud

Description

string

No

The description of the instance. The description must be 2 to 256 characters in length and cannot start with http:// or https://.

testDescription

InternetMaxBandwidthIn

integer

No

The maximum inbound public bandwidth. Unit: Mbit/s. Valid values:

  • If the purchased outbound public bandwidth is less than or equal to 10 Mbit/s: 1 to 10. Default value: 10.

  • If the purchased outbound public bandwidth is greater than 10 Mbit/s: 1 to the value of InternetMaxBandwidthOut. Default value: the value of InternetMaxBandwidthOut.

50

InternetMaxBandwidthOut

integer

No

The maximum outbound public bandwidth. Unit: Mbit/s. Valid values: 0 to 100.

5

HostName

string

No

The hostname of the Elastic Compute Service (ECS) server.

  • The hostname cannot start or end with a period (.) or hyphen (-), and cannot contain consecutive periods or hyphens.

  • Windows instances: The hostname must be 2 to 15 characters in length and cannot contain periods (.) or consist entirely of digits. It can contain letters, digits, and hyphens (-).

  • Other instances (such as Linux): The hostname must be 2 to 64 characters in length. It can contain multiple periods (.), with each segment between periods allowing letters, digits, and hyphens (-).

testHostName

ZoneId

string

No

The zone ID of the instance.

cn-hangzhou-g

SystemDisk.Category

string

No

The category of the system disk. Valid values:

  • cloud: basic disk.

  • cloud_efficiency: ultra disk.

  • cloud_ssd: standard SSD.

  • cloud_auto: ESSD AutoPL disk.

  • cloud_essd: enterprise SSD (ESSD). You can use the SystemDisk.PerformanceLevel parameter to configure the performance level of the disk.

  • cloud_essd_entry: ESSD Entry disk.

For retired instance types that are not I/O optimization instances, the default value is cloud. For other instance types, the default value is cloud_efficiency.

cloud_ssd

SystemDisk.Size

integer

No

The size of the system disk. Unit: GiB. Valid values:

  • cloud: 20 to 500.

  • Other disk categories: 20 to 2048.

The value of this parameter must be greater than or equal to max{20, ImageSize}.

40

SystemDisk.DiskName

string

No

The name of the system disk. The name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain digits, colons (:), underscores (_), and hyphens (-).

cloud_ssdSystem

SystemDisk.Description

string

No

The description of the system disk. The description must be 2 to 256 characters in length and cannot start with http:// or https://.

testSystemDiskDescription

SystemDisk.Iops

integer

No

Note

This parameter is not publicly available.

30000

SystemDisk.PerformanceLevel

string

No

The performance level of the ESSD used as the system disk. Configure the performance level based on the following valid values:

  • PL0 (default): A single disk can deliver up to 10,000 random read/write IOPS.

  • PL1: A single disk can deliver up to 50,000 random read/write IOPS.

  • PL2: A single disk can deliver up to 100,000 random read/write IOPS.

  • PL3: A single disk can deliver up to 1,000,000 random read/write IOPS.

For information about how to select an ESSD performance level, see ESSDs.

PL0

SystemDisk.DeleteWithInstance

boolean

No

Specifies whether to release the system disk when the instance is released. Valid values:

  • true: releases the system disk when the instance is released.

  • false: does not release the system disk when the instance is released.

Default value: true.

true

SystemDisk.AutoSnapshotPolicyId

string

No

The ID of the automatic snapshot policy applied to the system disk.

sp-bp1dgzpaxwc4load****

SystemDisk.ProvisionedIops

integer

No

The provisioned read/write IOPS of the ESSD AutoPL disk used as the system disk. Valid values: 0 to min{50000, 1000 × Capacity - Baseline Performance}.

Baseline Performance = min{1,800 + 50 × Capacity, 50,000}.

Note

This parameter is available only when DiskCategory is set to cloud_auto. For more information, see ESSD AutoPL disks and Modify the provisioned performance of an ESSD AutoPL disk.

50000

SystemDisk.BurstingEnabled

boolean

No

Specifies whether to enable the performance burst feature. Valid values:

  • true: enables the performance burst feature.

  • false: does not enable the performance burst feature.

true

IoOptimized

string

No

Specifies whether the instance is an I/O optimized instance. Valid values:

  • none: The instance is not I/O optimized.

  • optimized: The instance is I/O optimization enabled.

optimized

InstanceChargeType

string

No

The billing method of the instance. Valid values:

  • PrePaid: subscription. If you set this parameter to PrePaid, confirm that your account supports credit payment. Otherwise, an InvalidPayMethod fault is returned.

  • PostPaid: pay-as-you-go.

PrePaid

Period

integer

No

The subscription duration of the resource. Unit: months. This parameter takes effect and is required only when InstanceChargeType is set to PrePaid. Valid values: 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 24, 36, 48, and 60.

1

InternetChargeType

string

No

The billing method for outbound Internet bandwidth. Valid values:

  • PayByBandwidth: pay-by-bandwidth.

  • PayByTraffic: pay-by-traffic.

Note

In pay-by-traffic mode, the peak inbound and outbound bandwidths are used as upper limits of bandwidths instead of guaranteed performance specifications. When resource contention occurs, the peak bandwidths may be limited. If you want guaranteed bandwidth, use the pay-by-bandwidth mode.

PayByTraffic

EnableVmOsConfig

boolean

No

Specifies whether to enable the operating system configuration of the instance.

false

NetworkType

string

No

The network type of the instance. Valid values:

  • vpc: VPC.

  • classic: classic network. The classic network has been retired. For more information, see Retirement notice.

vpc

UserData

string

No

Instance user data of the instance. Instance user data must be encoded in Base64. The raw data can be up to 32 KB in size.

ZWNobyBoZWxsbyBl****

KeyPairName

string

No

The name of the key pair.

  • For Windows instances, this parameter is ignored. Even if you specify this parameter, only the Password content is used.

  • For Linux instances, password-based logon is disabled during initialization.

testKeyPairName

RamRoleName

string

No

The name of the instance RAM role. You can call the RAM API ListRoles to query the instance RAM roles that you have created.

testRamRoleName

AutoReleaseTime

string

No

The automatic release time. Specify the time in the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format. The time must be in UTC.

  • If the value of seconds (ss) is not 00, the time is automatically rounded to the start of the current minute (mm).

  • The earliest release time is 30 minutes after the current time.

  • The latest release time cannot be more than three years from the current time.

2018-01-01T12:05:00Z

SpotStrategy

string

No

The preemption policy for the pay-as-you-go instance. This parameter takes effect when InstanceChargeType is set to PostPaid. Valid values:

  • NoSpot: The instance is a regular pay-as-you-go instance.

  • SpotWithPriceLimit: The instance is a spot instance with a user-defined maximum hourly price.

  • SpotAsPriceGo: The instance is a spot instance for which the market price at the time of purchase is automatically used as the bid price.

NoSpot

SpotPriceLimit

number

No

The maximum hourly price of the instance. A maximum of three decimal places are supported.

0.97

SpotDuration

integer

No

The protection period of the spot instance. Unit: hours. Default value: 1. Valid values:

  • 1: After a spot instance is created, Alibaba Cloud ensures that the instance is not automatically released within 1 hour. After the 1-hour protection period ends, the system compares the bid price with the market price and checks the resource inventory to determine whether to retain automatic release the instance.

  • 0: After a spot instance is created, Alibaba Cloud does not ensure that the instance runs for 1 hour. The system compares the bid price with the market price and checks the resource inventory to determine whether to retain automatic release the instance.

Alibaba Cloud sends an ECS system event notification 5 minutes before the instance is released. Spot instances are billed by second. We recommend that you select an appropriate protection period based on the expected task execution duration.

Note

This parameter takes effect only when SpotStrategy is set to SpotWithPriceLimit or SpotAsPriceGo.

1

ResourceGroupId

string

No

The ID of the resource group.

rg-bp67acfmxazb4p****

SecurityEnhancementStrategy

string

No

Specifies whether to enable security hardening for the operating system. Valid values:

  • Active: enables security hardening. This value is applicable only to public images.

  • Deactive: does not enable security hardening. This value is applicable to all image types.

Active

PrivateIpAddress

string

No

The private IP address of the instance.

When you specify a private IP address for a VPC-connected ECS instance, the IP address must be from the idle CIDR block of the vSwitch (VSwitchId).

10.1.**.**

Ipv6AddressCount

integer

No

The number of IPv6 addresses to randomly generate for the primary ENI. Valid values: 1 to 10.

1

DeploymentSetId

string

No

The ID of the deployment set.

ds-bp1brhwhoqinyjd6****

DataDisk

array<object>

No

The list of data disks.

object

No

The list of data disks.

PerformanceLevel

string

No

The performance level of the ESSD used as a data disk. The value of N must be the same as that in DataDisk.N.Category=cloud_essd. Configure the performance level based on the following valid values:

  • PL0: A single disk can deliver up to 10,000 random read/write IOPS.

  • PL1 (default): A single disk can deliver up to 50,000 random read/write IOPS.

  • PL2: A single disk can deliver up to 100,000 random read/write IOPS.

  • PL3: A single disk can deliver up to 1,000,000 random read/write IOPS.

For information about how to select an ESSD performance level, see ESSDs.

PL1

Description

string

No

The description of the data disk. The description must be 2 to 256 characters in length and cannot start with http:// or https://.

testDataDiskDescription

SnapshotId

string

No

The ID of the snapshot used to create data disk N. Valid values of N: 1 to 16. When DataDisk.N.SnapshotId is specified, DataDisk.N.Size is ignored. The actual size of the created disk is the size of the specified snapshot.

Snapshots created on or before July 15, 2013 cannot be used. Requests that use such snapshots are rejected.

s-bp17441ohwka0yuh****

Size

integer

No

The size of data disk N. Valid values of N: 1 to 16. Unit: GiB. Valid values:

  • cloud: 5 to 2000.

  • cloud_efficiency: 20 to 32768.

  • cloud_ssd: 20 to 32768.

  • cloud_essd: The valid value range depends on the value of DataDisk.N.PerformanceLevel.
    • PL0: 1 to 32768.

    • PL1: 20 to 32768.

    • PL2: 461 to 32768.

    • PL3: 1261 to 32768.

  • cloud_auto: 1 to 32,768.

  • cloud_essd_entry: 10 to 32,768.

The value of this parameter must be greater than or equal to the size of the snapshot specified by SnapshotId.

2000

Device

string

No

The mount point of the data disk. The naming conventions for mount points vary based on the number of data disks attached:

  • 1 to 25 data disks: /dev/xvd[b-z]

  • More than 25 data disks: /dev/xvd[aa-zz]. For example, the 26th data disk is named /dev/xvdaa, the 27th data disk is named /dev/xvdab, and so on.

Note

This parameter is applicable only to full image (system image) scenarios. You can set this parameter to the mount point of the data disk in the full image and modify the corresponding DataDisk.N.Size and DataDisk.N.Category parameters to change the disk category and size of the data disk in the full image.

/dev/xvdb

DiskName

string

No

The name of the data disk. The name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain digits, colons (:), underscores (_), and hyphens (-).

testDataDiskName

Category

string

No

The category of data disk N. Valid values:

  • cloud_efficiency: ultra disk.

  • cloud_ssd: standard SSD.

  • cloud_essd: enterprise SSD.

  • cloud: basic disk.

  • cloud_auto: ESSD AutoPL disk.

  • cloud_regional_disk_auto: regional ESSD.

  • cloud_essd_entry: ESSD Entry disk.
    Note

    The cloud_essd_entry value is supported only when InstanceType is configured as an instance type in the ecs.u1 or ecs.e family.

  • elastic_ephemeral_disk_standard: elastic ephemeral disk - Standard.

  • elastic_ephemeral_disk_premium: elastic ephemeral disk - Premium Edition.

For I/O optimization instances, the default value is cloud_efficiency. For non-I/O optimization instances, the default value is cloud. Default value details:

  • When InstanceType is set to a retired instance type that is not I/O optimized, the default parameter value is cloud.

  • In other cases, the default value is cloud_efficiency.

cloud_ssd

DeleteWithInstance

boolean

No

Specifies whether to release the data disk when the instance is released. Valid values:

  • true: releases the data disk when the instance is released.

  • false: does not release the data disk when the instance is released.

Default value: true.

true

Encrypted

string

No

Specifies whether to encrypt the data disk.

false

ProvisionedIops

integer

No

The provisioned read/write IOPS of the ESSD AutoPL disk used as the system disk. Valid values: 0 to min{50000, 1000 × Capacity - Baseline Performance}.

Baseline Performance = min{1,800 + 50 × Capacity, 50,000}.

Note

This parameter is available only when DiskCategory is set to cloud_auto. For more information, see ESSD AutoPL disks and Modify the provisioned performance of an ESSD AutoPL disk.

50000

BurstingEnabled

boolean

No

Specifies whether to enable the performance burst feature. Valid values:

  • true: enables the performance burst feature.

  • false: does not enable the performance burst feature.

true

AutoSnapshotPolicyId

string

No

The ID of the automatic snapshot policy applied to the data disk.

sp-bp67acfmxazb4p****

KMSKeyId

string

No

The KMS key ID for the data disk.

0e478b7a-4262-4802-b8cb-00d****

NetworkInterface

array<object>

No

The network interface controller (NIC) information.

object

No

The network interface controller (NIC) information.

VSwitchId

string

No

The ID of the vSwitch to which the secondary network interface controller (NIC) belongs. The instance and the secondary NIC must be in the same VPC and the same active zone but can belong to different vSwitches. The value of N in NetworkInterface.N cannot be greater than 1.

vsw-bp1s5fnvk4gn2tws0****

NetworkInterfaceName

string

No

The name of the secondary network interface controller (NIC). The value of N in NetworkInterface.N cannot be greater than 1.

testNetworkInterfaceName

Description

string

No

The description of the secondary network interface controller (NIC). The description must be 2 to 256 characters in length and cannot start with http:// or https://. The value of N in NetworkInterface.N cannot be greater than 1.

testNetworkInterfaceDescription

SecurityGroupId

string

No

The ID of the security group to which the secondary network interface controller (NIC) belongs. The security group of the secondary NIC must belong to the same VPC as the instance. The value of N in NetworkInterface.N cannot be greater than 1.

Note

You cannot specify both NetworkInterface.N.SecurityGroupId and NetworkInterface.N.SecurityGroupIds.N.

sg-bp15ed6xe1yxeycg****

PrimaryIpAddress

string

No

The primary private IP address of the secondary network interface controller (NIC). The value of N in NetworkInterface.N cannot be greater than 1.

192.168.**.**

SecurityGroupIds

array

No

The IDs of one or more security groups to which the secondary network interface controller (NIC) belongs. The security groups and the secondary NIC must belong to the same VPC. The valid values of N in SecurityGroupIds.N depend on the quota for the maximum number of security groups to which a secondary NIC can belong. For more information, see Limits. The value of N in NetworkInterface.N cannot be greater than 1.

Note

You cannot specify both NetworkInterface.N.SecurityGroupId and NetworkInterface.N.SecurityGroupIds.N.

sg-bp67acfmxazb4p****

string

No

The IDs of one or more security groups to which the secondary network interface controller (NIC) belongs. The security groups and the secondary NIC must belong to the same VPC. The valid values of N in SecurityGroupIds.N depend on the quota for the maximum number of security groups to which a secondary NIC can belong. For more information, see Limits. The value of N in NetworkInterface.N cannot be greater than 1.

Note

You cannot specify both NetworkInterface.N.SecurityGroupId and NetworkInterface.N.SecurityGroupIds.N.

sg-bp67acfmxazb4p****

InstanceType

string

No

The type of the ENI. Valid values of N: 1 to 2. If you configure one ENI, you can configure either a primary network interface controller (NIC) or a secondary ENI. If you configure two ENIs, you must configure one primary NIC and one secondary ENI.

Valid values:

  • Primary: primary NIC.

  • Secondary: secondary ENI.

Default value: Secondary.

Secondary

NetworkInterfaceTrafficMode

string

No

The communication mode of the primary ENI. Valid values:

  • Standard: uses the TCP communication mode.

  • HighPerformance: enables the Elastic RDMA Interface (ERI) and uses the RDMA communication mode.

Standard

DeleteOnRelease

boolean

No

Specifies whether to retain the ENI when the instance is released. Valid values:

  • true: does not retain the ENI.

  • false: retains the ENI.

Default value: true.

Note

This parameter takes effect only for secondary ENIs.

true

Tag

array<object>

No

The tags of the instances, disks, and primary ENIs created by using this version.

object

No

The tags of the instances, disks, and primary ENIs created by using this version.

Key

string

No

The tag key of the instances, disks, and primary ENIs created by using this version. Valid values of N: 1 to 20. The tag key cannot be an empty string. It can be up to 128 characters in length and cannot start with aliyun or acs:. It cannot contain http:// or https://.

TestKey

Value

string

No

The tag value of the instances, disks, and primary ENIs created by using this version. Valid values of N: 1 to 20. The tag value can be an empty string. It can be up to 128 characters in length and cannot contain http:// or https://.

TestValue

SecurityGroupIds

array

No

The IDs of one or more security groups to which the instance belongs. The valid values of N depend on the maximum number of security groups to which an instance can belong. For more information, see Limits.

Note

You cannot specify both SecurityGroupId and SecurityGroupIds.N.

sg-bp15ed6xe1yxeycg7****

string

No

The IDs of one or more security groups to which the instance belongs. The valid values of N depend on the maximum number of security groups to which an instance can belong. For more information, see Limits.

Note

You cannot specify both SecurityGroupId and SecurityGroupIds.N.

sg-bp15ed6xe1yxeycg7****

SystemDisk.Encrypted

string

No

Specifies whether to encrypt the system disk. Valid values:

  • true: encrypts the system disk.

  • false: does not encrypt the system disk.

Default value: false.

Note

System disk encryption is not supported in Zone D of the Hong Kong (China) region or Zone A of the Singapore region when you create an instance.

false

DeletionProtection

boolean

No

The release protection attribute of the instance. Specifies whether the instance can be released from the console or by calling DeleteInstance. Valid values:

  • true: enables release protection.

  • false: disables release protection.

Default value: false.

Note

This attribute is applicable only to pay-as-you-go instances. It can only restrict manual release operations and does not take effect on system-initiated release operations.

false

CreditSpecification

string

No

The running mode of the burstable instance. Valid values:

Standard

AutoRenew

boolean

No

Specifies whether to enable auto-renewal. This parameter takes effect only when InstanceChargeType is set to PrePaid. Valid values:

  • true: enables auto-renewal.

  • false: does not enable auto-renewal.

Default value: false.

true

AutoRenewPeriod

integer

No

The auto-renewal period. Valid values:

If PeriodUnit is set to Month: 1, 2, 3, 6, 12, 24, 36, 48, and 60.

Default value: 1.

1

PeriodUnit

string

No

The unit of the subscription duration. Valid values:

Month (default).

Month

HttpEndpoint

string

No

Specifies whether to enable the access channel for instance metadata. Valid values:

  • enabled: enables the access channel.

  • disabled: disables the access channel.

Default value: enabled.

Note

For more information about instance metadata, see Overview of ECS instance metadata.

enabled

HttpTokens

string

No

Specifies whether to forcefully use the security-hardened mode (IMDSv2) to access instance metadata. Valid values:

  • optional: does not forcefully use the security-hardened mode.

  • required: forcefully uses the security-hardened mode. After you set this value, the normal mode cannot be used to access instance metadata.

Default value: optional.

Note

For more information about the modes for accessing instance metadata, see Overview of ECS instance metadata.

optional

HttpPutResponseHopLimit

integer

No

Note

This parameter is not publicly available.

3

SystemDisk.KMSKeyId

string

No

The KMS key ID of the system disk.

0e478b7a-4262-4802-b8cb-00d3fb40****

ImageOptions

object

No

The image-related property information.

LoginAsNonRoot

boolean

No

Specifies whether instances that use this image support logon with the ecs-user user. Valid values:

  • true: supported.

  • false: not supported.

false

SecurityOptions

object

No

The security options.

TrustedSystemMode

string

No

The trusted system mode. Set the value to vTPM.

The following instance families support trusted system mode:

  • g7, c7, and r7.

  • Security-enhanced instance family (g7t, c7t, and r7t).

When you create ECS instances of the preceding instance families, you must configure this parameter. Details:

  • To use the Alibaba Cloud Trusted System, set this parameter to vTPM. The trusted verification is completed by the Alibaba Cloud Trusted System when the instance starts.

  • If you do not use the Alibaba Cloud Trusted System, you can leave this parameter empty. However, if the ECS instance that you create uses the Enclave-based confidential computing mode (SecurityOptions.ConfidentialComputingMode=Enclave), the trusted system is also enabled for the instance.

  • When you create a trusted ECS instance by invoking an API operation, you can only invoke RunInstances. CreateInstance does not support configuring the SecurityOptions.TrustedSystemMode parameter.

Note

If you specify an instance as a trusted instance during creation, you can only use images that support the trusted system when you replace the system disk.

For more information about the trusted system, see Overview of trusted features for security-enhanced instances.

vTPM

Response elements

Element

Type

Description

Example

object

LaunchTemplateVersionNumber

integer

The version number of the launch template that is created.

2

RequestId

string

The request ID.

473469C7-AA6F-4DC5-B3DB-A3DC0DEX****

LaunchTemplateId

string

The ID of the launch template. For more information, see DescribeLaunchTemplates.

When you use a launch template to create an instance, you must specify LaunchTemplateId or LaunchTemplateName to determine the launch template.

lt-bp1apo0bbbkuy0rj****

Examples

Success response

JSON format

{
  "LaunchTemplateVersionNumber": 2,
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DEX****",
  "LaunchTemplateId": "lt-bp1apo0bbbkuy0rj****"
}

Error codes

HTTP status code

Error code

Error message

Description

400 InvalidRegion.NotExist %s The specified region does not exist.
400 MissingParameter %s A parameter is not specified.
400 InvalidParameter %s The specified parameter is invalid.
400 InvalidDescription.Malformed The specified parameter "Description" is not valid. The source description can be 2 to 256 characters in length. It cannot start with http:// and https://.
400 InvalidUserData.SizeExceeded %s The size of your specified user data exceeds the maximum allowed value.
400 InvalidUserData.Base64FormatInvalid %s The specified user data is invalid.
400 InvalidHostName.Malformed The specified parameter "HostName" is not valid.
400 InvalidParams.CreateEniParams %s
400 Duplicate.TagKey The Tag.N.Key contain duplicate key. The specified tag key already exists. Tag keys must be unique.
500 InternalError The request processing has failed due to some unknown error.
403 LaunchTemplateVersionLimitExceed %s The maximum number of launch template versions has been reached.
404 InvalidLaunchTemplate.NotFound %s The specified launch template does not exist. Check whether the parameter value is correct.
404 InvalidResourceGroup.NotFound The ResourceGroup provided does not exist in our records. The specified resource group does not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.