Change the VPC of an ECS instance - Elastic Compute Service

This topic describes how to migrate an Elastic Compute Service (ECS) instance that resides in a virtual private cloud (VPC) to another VPC. If the VPC that you selected when you created an ECS instance does not meet your business requirements or if you want to re-plan the network of an ECS instance, you can use this feature to change the VPC of the instance.

Prerequisites

The instance is in the Stopped state. For information about how to stop an ECS instance, see Stop an instance.
Note
If the instance has not been restarted after it is created, you must restart it before you stop it.
The instance is not added as a backend server of a Server Load Balancer (SLB) instance. For information about how to remove a backend server from an SLB instance, see Add an ECS instance to the default server group.
All secondary elastic network interfaces (ENIs) are unbound from the instance. The secondary private IP addresses that are assigned to the ENIs are unassigned. For more information, see Unbind an ENI and Unassign secondary private IP addresses.
The instance is not connected over the private network. If the instance is connected over the private network, a PrivateLink connection is generated. In this case, the instance cannot be migrated from the current VPC. To change the VPC of the instance, release the PrivateLink connection first.
VPCs, vSwitches, and security groups are created and available.

Scenarios

You want to re-plan the VPCs of your instances because the original VPCs are unable to keep up with the growing needs of your business.
In the early business stage, only one VPC was planned. Different projects and usage environments shared this VPC, which resulted in risks stemming from data operations. You want to use different VPCs for different projects and environments.
Your instances are deployed in the default VPCs of different accounts. Instances that reside in different VPCs cannot connect to each other across Alibaba Cloud accounts due to IP address conflicts. To ensure that the instances within different Alibaba Cloud accounts can connect to each other, you must change the VPCs of the instances and resolve the IP address conflicts.

Limits

The instance cannot be used in other cloud services. For example, the instance cannot be in the process of migration or having its VPC changed, or the databases deployed on the instance cannot be managed by Data Transmission Service (DTS).
After the VPC is changed, the new vSwitch of the instance must reside within the same zone as the original vSwitch.
When you change the VPC of an instance, you must select one to five security groups of the same type (basic or advanced) for the instance.
Instances of specific instance families do not support changing to VPCs on which advanced features are enabled. For information about instance families that do not support advanced VPC features, see Instance families that do not support advanced VPC features.
You can change the VPCs of up to 20 instances at a time.
After you change the VPC of an instance, the instance can no longer communicate with other instances in the original VPC. For information about how to communicate with instances in the original VPC, see What is Express Connect?
The cut-through mode or the multi-EIP-to-ENI mode cannot be enabled for the instance.
The instance cannot be associated with a high-availability virtual IP address (HAVIP).
The vSwitch of the instance cannot be associated with a custom route table.
Global Accelerator (GA) cannot be activated for the instance.
The instance cannot have secondary ENIs.
The instance cannot be assigned an IPv6 address.
The primary ENI of the instance cannot be associated with multiple IP addresses.

Procedure

Log on to the ECS console.
In the left-side navigation pane, choose Instances & Images > Instances.
In the upper-left corner of the top navigation bar, select a region.
Change the VPCs of one or more ECS instances at a time.
- Change the VPC of a single instance
  Find the instance whose VPC you want to change and choose More > Network and Security Group > Change VPC in the Actions column.
- Change the VPCs of multiple ECS instances at a time
  Select the instances whose VPCs you want to change and choose More > Network and Security Group > Change VPC in the lower part of the page.
In the Change VPC dialog box, follow the instructions to change the VPCs of the instances.
1. In the Prepare step, check the network information and precautions and click Next.
2. In the Select VPC step, select a new VPC, a new vSwitch, and security groups from the Destination VPC, Destination VSwitch, and Destination Security Group drop-down lists and click Next.
3. (Optional) In the Configure Primary Private IP step, specify a new primary private IP address for the instance.
  - The primary private IP address must be within the CIDR block of the destination vSwitch.
  - If you do not manually specify the primary private IP address, the system assigns one automatically.
4. Click OK.

Results

After the changes are made, click the ID of the instance and check the new VPC and vSwitch in the Network Information section on the Instance Details tab.
If you configured event notifications for VPC changes of ECS instances in EventBridge or CloudMonitor, you receive a vSwitch change event notification.
- For information about how to configure event notifications, see Configure event notifications.
- For information about EventBridge, see ECS events.
- For information about vSwitch event notifications, see vSwitch event notifications.