Invokes StartTerminalSession to create a session based on the session management feature. You can establish a WebSocket session with an ECS instance by specifying the instance ID. The WebSocketUrl returned by this operation can be used to establish a remote connection to the ECS instance.
Operation description
Operation description
When you customize a remote connection client by using code, you can invoke this operation to obtain the WebSocketUrl for establishing a remote connection to an ECS instance. Take note of the following items:
The specified ECS instance must be in the Running state.
- Cloud Assistant Agent must be installed on the specified ECS instance. You can invoke DescribeCloudAssistantStatus to check whether Cloud Assistant Agent is installed on the ECS instance and query the version number of Cloud Assistant Agent.
If Cloud Assistant Agent is not installed on the ECS instance, invoke InstallCloudAssistant to install it.
- The version number of Cloud Assistant Agent must be later than the following versions to support the session management feature. To upgrade Cloud Assistant Agent, see Update or disable updates for Cloud Assistant Agent.
Linux operating system: 2.2.3.256
Windows operating system: 2.1.3.256
After this operation is invoked, the WebSocketUrl is valid for 10 minutes.
After a session is established, Cloud Assistant closes the connection if no data is transmitted for 3 minutes.
In a single region, a maximum of 100 sessions can be created and active. A maximum of 20 sessions can be in the connected state for a single ECS instance. The bandwidth limit for a single session is 200 KB/s.
The port forwarding feature supports only TCP port forwarding. UDP is not supported.
To permanently shutdown a session and invalidate the WebSocketUrl, invoke the EndTerminalSession operation.
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
ecs:StartTerminalSession |
update |
*Instance
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| RegionId |
string |
Yes |
The region ID of the instance. You can call DescribeRegions to query the most recent region list. |
cn-hangzhou |
| RegionId |
string |
Yes |
The region ID of the instance. You can call DescribeRegions to query the most recent region list. |
cn-hangzhou |
| InstanceId |
array |
Yes |
The instance ID list. |
|
|
string |
No |
The instance ID of the specified ECS instance. N indicates that you can specify multiple ECS instances at a time. A maximum of 1 ECS instance can be specified. Valid values of N: 1. |
i-bp1eifrtpxa9tb**** |
|
| PortNumber |
integer |
No |
The port number of the ECS instance for data forwarding. After this parameter is specified, Cloud Assistant Agent forwards data to the specified port for port forwarding. For example, SSH uses port 22. Default value: empty, which indicates that no port number is specified for data forwarding. |
22 |
| CommandLine |
string |
No |
The command to run after the session is initiated. The command can be up to 512 characters in length. Note
After you specify |
ssh root@192.168.0.246 |
| TargetServer |
string |
No |
The address of the destination server in the VPC that you want to access through the instance. Note
If this parameter is not empty, |
192.168.0.246 |
| Username |
string |
No |
The username used for the connection. |
testUser |
| ConnectionType |
string |
No |
The network type of the WebSocket URL required for the remote connection to the instance. Valid values:
|
Intranet |
| PasswordName |
string |
No |
The name of the password for the user when you use Session Manager on a Windows instance. The name can be up to 255 characters in length. When you want to use Session Manager on a Windows instance as a non-default user (System), specify both Username and this parameter. To reduce the risk of password leaks, store the plaintext password in the parameter repository of operations management and specify only the password name here. For more information, see Encryption parameters. |
axtSecretPassword |
| ClientToken |
string |
No |
The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but make sure that the token is unique among different requests. The ClientToken value can contain only ASCII characters and cannot exceed 64 characters in length. For more information, see How to ensure idempotence. |
123e4567-e89b-12d3-a456-426655440000 |
| EncryptionOptions |
object |
No |
The session encryption configuration. |
|
| Enabled |
boolean |
No |
Specifies whether to enable end-to-end encryption for the session connection. |
true |
| KMSKeyId |
string |
No |
The KMS key ID. Note:
|
xxx |
| Mode |
string |
No |
The secret key encryption pattern. Valid values:
Note:
|
Auto |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| RequestId |
string |
The request ID. |
EB5173B0-8E80-564E-AAD1-3135412***** |
| SessionId |
string |
The session ID. |
s-hz023od0x9**** |
| SecurityToken |
string |
The security token that is appended to the WebSocket request header for system verification of the request. |
d86c2df2-d19c-4bd8-b817-a19ef123**** |
| WebSocketUrl |
string |
The URL of the WebSocket session for the remote connection to the ECS instance. The URL contains the session ID ( |
wss://cn-hangzhou.axt.aliyuncs.com/session?sessionId=s-hz023od0x9****&token=d86c2df2-d19c-4bd8-b817-a19ef123**** |
Examples
Success response
JSON format
{
"RequestId": "EB5173B0-8E80-564E-AAD1-3135412*****",
"SessionId": "s-hz023od0x9****",
"SecurityToken": "d86c2df2-d19c-4bd8-b817-a19ef123****",
"WebSocketUrl": "wss://cn-hangzhou.axt.aliyuncs.com/session?sessionId=s-hz023od0x9****&token=d86c2df2-d19c-4bd8-b817-a19ef123****"
}
Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | RegionId.ApiNotSupported | The api is not supported in this region. | The API operation cannot be called in the specified region. Check whether the specified RegionId parameter is valid. |
| 400 | PortNumber.Invalid | The port number is invalid. | |
| 400 | InvalidParameter.ConnectionType | The specified parameter ConnectionType is not valid. | The specified parameter ConnectionType is illegal. |
| 400 | InvalidClientToken.Malformed | The specified parameter clientToken is not valid. | |
| 500 | InternalError.Dispatch | An error occurred when you dispatched the request. | An error occurred while the request is being sent. Try again later. |
| 403 | InstanceIds.ExceedLimit | The number of instance IDs exceeds the upper limit. | The number of specified instance IDs exceeds the upper limit. |
| 403 | SessionCount.ExceedLimit | The number of sessions exceeds the upper limit. | The number of sessions in the connected state exceeds the upper limit. |
| 403 | Operation.Forbidden | The operation is not permitted. | The operation is not supported. |
| 403 | PortForwarding.NotSupported | Port forwarding is not supported currently. | Port forwarding is not supported. |
| 403 | UserBehavior.SessionManagerDisabled | The api is disabled by user behavior. | |
| 403 | InvalidCommandLine.Conflict | The parameter PortNumber or TargetServer cannot be specified with parameter CommandLine. | |
| 403 | InvalidTargetServer.MissingPortNumber | The parameter PortNumber must be specified with parameter TargetServer. | |
| 403 | InvalidCommandLine.LengthLimitExceeded | The length of the parameter CommandLine exceeded the limit of 512 characters. | |
| 403 | InvalidInstanceIds.CountLimitExceeded | The count of Instances exceeded the maximum limit of 1 when TargetServer or CommandLine parameter was specified. | |
| 403 | Username.ExceedLimit | The length of the username exceeds the upper limit. | The length of the username exceeds the upper limit. |
| 403 | InvalidOperation.SecurityGroupRuleDenied | The operation is not allowed by the security group inbound rules of the specified instance. | |
| 403 | InvalidTargetServer.LengthLimitExceeded | The length of the parameter TargetServer exceeded the limit of 128 characters. | |
| 403 | InvalidOperation.ConnectionTypeUnsupported | The operation is not supported for the parameter ConnectionType. | |
| 403 | InvalidPasswordName.LengthLimitExceeded | The length of the parameter PasswordName exceeds the limit of 255 characters. | |
| 403 | InvalidEncryptionOptionsMode.EncryptionDisabled | EncryptionOptions.Mode cannot be specified when encryption is disabled. | The parameter EncryptionOptions.Mode cannot be specified when session encryption is not on. |
| 403 | InvalidParameter.EncryptionOptionsKMSKeyId | The specified parameter EncryptionOptions.KMSKeyId is not valid. | The specified parameter EncryptionOptions.KMSKeyId is illegal. |
| 403 | InvalidParameter.EncryptionOptionsMode | The specified parameter EncryptionOptions.Mode is not valid. | The specified parameter EncryptionOptions.Mode is illegal. |
| 403 | MissingParameter.EncryptionOptionsKMSKeyId | The input parameter EncryptionOptions.KMSKeyId that is mandatory for processing this request is not supplied. | Parameter EncryptionOptions.KMSKeyId cannot be empty. |
| 403 | UnsupportedAgentVersion.Encryption | The cloud assistant agent version on instance %s do not support encryption. | |
| 403 | InvalidEncryptionOptions.Conflict | The parameter PortNumber or TargetServer cannot be specified with parameter EncryptionOptions. | When session encryption is enabled, the parameter PortNumber or TargetServer cannot be specified. |
| 403 | IdempotentParameterMismatch | The specified parameter has changed while using an already used clientToken. | |
| 403 | IdempotentProcessing | The previous idempotent request(s) is still processing. | A previous idempotent request is being processed. Try again later. |
| 404 | InvalidRegionId.NotFound | The RegionId provided does not exist in our records. | Region information error |
| 404 | InvalidInstance.NotFound | The specified instances not found. | The specified instance ID does not exist. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.