All Products
Search
Document Center

Elastic Compute Service:LockSnapshot

Last Updated:Apr 04, 2026

Lock a snapshot in compliance mode to protect it from accidental or malicious deletion. While a snapshot is locked, it cannot be deleted.

Operation description

You can also use this interface to reconfigure a locked snapshot. The available configuration options depend on the locking mode and lock status:

  • If a snapshot is locked in compliance mode and is within its cool-off period, you can extend or shorten the cool-off period and the lock duration.

  • If a snapshot is locked in compliance mode and its cool-off period has expired, you can only extend the lock duration.

Note

Reconfiguring a locked snapshot during its cool-off period initiates a new lock operation. This operation resets all lock parameters instead of adjusting them individually.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

ecs:LockSnapshot

update

*Snapshot

acs:ecs:{#regionId}:{#accountId}:snapshot/{#SnapshotId}

None None

Request parameters

Parameter

Type

Required

Description

Example

RegionId

string

Yes

The region ID. You can call the DescribeRegions operation to query the latest list of Alibaba Cloud regions.

cn-hangzhou

SnapshotId

string

Yes

The snapshot ID.

s-9dp2qojdpdfmgfmf****

LockMode

string

Yes

The lock mode. Valid value:

  • compliance: Locks the snapshot in compliance mode. A snapshot in compliance mode cannot be unlocked and can be deleted only after its lock duration expires. You cannot shorten the lock duration, but users with the required RAM permissions can extend it at any time. When you lock a snapshot in compliance mode, you can optionally specify a cool-off period.

compliance

LockDuration

integer

Yes

The duration for which to lock the snapshot. The lock automatically expires at the end of this period.

Unit: days.

Valid values: 1 to 36500.

1

CoolOffPeriod

integer

Yes

The cool-off period. In compliance mode, you can set a cool-off period or skip it to lock the snapshot immediately.

During the cool-off period, users with the required RAM permissions can unlock the snapshot, modify the cool-off period and lock duration. The snapshot cannot be deleted during the cool-off period.

After the cool-off period expires, you can only extend the lock duration.

Unit: hours.

Valid values: 0 to 72. A value of 0 indicates that the cool-off period is skipped and the snapshot is locked immediately.

If the snapshot is already locked in compliance mode, you must set this parameter to 0 to extend the lock duration.

3

DryRun

boolean

No

Specifies whether to perform a dry run for the request. Valid values:

  • true: Performs a dry run without performing the actual operation. The system checks for required parameters, the request format, and service limits. If the check fails, the system returns the corresponding error. If the check succeeds, the system returns the DryRunOperation error code.

  • false (default): Sends a normal request and performs the operation after the check succeeds.

false

ClientToken

string

No

A token that you provide to ensure the idempotence of the request. The token can contain only ASCII characters and cannot be longer than 64 characters. For details, see How to ensure idempotence.

5EC38E7D-389F-1925-ABE2-D7925A8F****

Response elements

Element

Type

Description

Example

object

Response schema

RequestId

string

The request ID.

473469C7-AA6F-4DC5-B3DB-A3DC0DE3****

LockedSnapshotInfo

object

Information about the locked snapshot.

SnapshotId

string

The snapshot ID.

s-9dp2qojdpdfmgfmf****

LockMode

string

The lock mode. Possible values:

  • compliance: The snapshot is locked in compliance mode. A snapshot locked in this mode cannot be unlocked and can be deleted only after its lock duration expires. You cannot shorten the lock duration, but users with the required RAM permissions can extend it at any time. When locking a snapshot in compliance mode, you can optionally specify a cool-off period.

compliance

LockStatus

string

The lock status. Possible values:

  • compliance-cooloff: The snapshot is locked in compliance mode but is still in its cool-off period. The snapshot cannot be deleted, but users with the required RAM permissions can unlock the snapshot, extend or shorten the cool-off period, and extend or shorten the lock duration.

  • compliance: The snapshot is locked in compliance mode, and its cool-off period has expired. The snapshot cannot be unlocked or deleted, but users with the required RAM permissions can extend its lock duration.

  • expired: The lock duration has expired. The snapshot is now unlocked and can be deleted.

compliance-cooloff

LockCreationTime

string

The time when the snapshot was locked. The time is in UTC and is formatted as yyyy-MM-ddTHH:mm:ssZ according to the ISO 8601 standard.

2025-10-15T10:00:00Z

CoolOffPeriod

integer

The cool-off period for compliance mode. Unit: hours.

3

CoolOffPeriodExpiredTime

string

The time when the cool-off period for compliance mode expires. The time is in UTC and is formatted as yyyy-MM-ddTHH:mm:ssZ according to the ISO 8601 standard.

2025-10-15T13:00:00Z

LockDuration

integer

The lock duration. The snapshot is automatically unlocked when this duration expires. Unit: days.

1

LockDurationStartTime

string

The time when the lock duration starts. The time is in UTC and is formatted as yyyy-MM-ddTHH:mm:ssZ according to the ISO 8601 standard.

If you lock a snapshot in the progressing state, the lock duration starts only when the snapshot enters the accomplished state.

2025-10-15T10:00:00Z

LockExpiredTime

string

The time when the lock expires. The time is in UTC and is formatted as yyyy-MM-ddTHH:mm:ssZ according to the ISO 8601 standard.

2025-10-16T10:00:00Z

Examples

Success response

JSON format

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3****",
  "LockedSnapshotInfo": {
    "SnapshotId": "s-9dp2qojdpdfmgfmf****",
    "LockMode": "compliance",
    "LockStatus": "compliance-cooloff",
    "LockCreationTime": "2025-10-15T10:00:00Z",
    "CoolOffPeriod": 3,
    "CoolOffPeriodExpiredTime": "2025-10-15T13:00:00Z",
    "LockDuration": 1,
    "LockDurationStartTime": "2025-10-15T10:00:00Z",
    "LockExpiredTime": "2025-10-16T10:00:00Z"
  }
}

Error codes

HTTP status code

Error code

Error message

Description

400 InvalidLockMode.Malformed The specified parameter LockMode is invalid. Please check the valid range for this parameter. The specified parameter LockMode is invalid. Please check the valid range for this parameter.
400 InvalidLockDuration.ExceedRetentionDays The specified parameter LockDuration is invalid. The LockDuration should be less than the snapshot RetentionDays. The specified parameter LockDuration is invalid. The LockDuration should be less than the snapshot RetentionDays.
400 InvalidCoolOffPeriod.ExceedLockDuration The specified parameter CoolOffPeriod is invalid. The CoolOffPeriod should be less than the LockDuration. The specified parameter CoolOffPeriod is invalid. The CoolOffPeriod should be less than the LockDuration.
403 InvalidOperation.SnapshotNotAvailable The unavailable snapshot does not support locking. The unavailable snapshot does not support locking.
403 InvalidOperation.ResourceManagedByCloudProduct The current operation is not supported because the resource is managed by a cloud product [%s]. Please contact the relevant cloud product to confirm the reason. The current operation is not supported because the resource is managed by a cloud product. Please contact the relevant cloud product to confirm the reason.
403 InvalidOperation.LockSharedSnapshotUnsupported The shared snapshot does not support locking. The shared snapshot does not support locking.
403 InvalidOperation.CoolOffPeriodExpired The snapshot is locked in compliance mode, and the cool-off period has expired. The current operation is not supported. The snapshot is locked in compliance mode, and the cool-off period has expired. The current operation is not supported.
404 InvalidSnapshotId.NotFound The specified snapshot is not found The specified snapshot does not exist.

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.