An ECS instance is a virtual server with vCPUs, memory, OS, networking, and disks that you create, manage, and release through the console, API, or SDKs.
Instance configuration
Each instance is built from four components: instance type, image, storage, and network.
Instance type
An instance type defines the vCPU count, memory size, and other hardware specifications, including vGPUs, local storage, network cards, network bandwidth, packet forwarding rate, cloud disk bandwidth, and IOPS.
Choose an instance type based on your workload:
| Workload characteristics | Recommended instance family |
|---|---|
| Balanced CPU and memory, general web and app workloads | General-purpose |
| High CPU, low memory (batch processing, media encoding) | Compute-optimized |
| High memory, moderate CPU (in-memory databases, data analytics) | Memory-optimized |
| High sequential I/O, large local datasets (big data, data streaming) | Storage-optimized (big data) |
| GPU-accelerated workloads (machine learning, rendering) | GPU-accelerated |
See Instance family overview, Instance Types Available for Each Region, and Instance type selection.
Image
An image contains the OS and initialization data to start an instance. Alibaba Cloud provides images for Windows Server and mainstream Linux distributions. You can also create or import custom images. Alibaba Cloud Marketplace images include pre-installed runtime environments for scenarios such as website building and application development.
See Overview of images.
Storage
Each instance has a system disk and optional data disks:
-
System disk: Stores the boot image. Required for every instance.
-
Data disks: Provide extra storage. Cloud disks can serve as both system and data disks. Local disks can only serve as data disks and are available only for big data and local SSD instance types.
Cloud disks use triplicate storage to ensure data durability. Back up data regularly with snapshots. For local disks, implement redundancy at the application layer.
To add storage after instance creation, extend existing cloud disks or attach additional ones. See Overview.
Network
Elastic network interfaces (ENIs) provide network connectivity and IP addresses for VPC-based instances. Each instance gets a default ENI. Attach or detach ENIs to control internet access and communication with other cloud resources.
To enable internet access, configure public bandwidth. See Enable public bandwidth and Internal network access within a VPC.
To customize network, security group, OS, and grouping settings, see Custom launch.
Instance lifecycle
An instance's lifecycle spans from creation to release. During this period, the instance transitions between states based on your operations.
Instance states
Query instance states in two ways:
-
Console-based states: Displayed in the ECS console. See View instance information.
-
API-based states: Returned by DescribeInstanceStatus or DescribeInstances.
One API-based state can map to multiple console-based states. For example, the Stopped API state covers console states such as Expired and Locked.
Transitory states occur during transitions (e.g., Starting). Stable states are sustained operating modes (e.g., Running, Stopped).
The following table describes each lifecycle state.
| Console-based state | API-based state | State attribute | Description |
|---|---|---|---|
| Pending | Pending | Transitory | Instance created but not yet started. |
| Starting | Starting | Transitory | Instance is starting after creation, a start, or a restart. |
| Running | Running | Stable |
Instance is running.
Note
Running does not guarantee the OS is fully up. Verify via View the health status of ECS instances. |
| Expiring | Running | Stable | A subscription instance is nearing expiration but still runs normally. Renew promptly to avoid interruption. |
| Stopping | Stopping | Transitory | Instance is shutting down after a stop or hibernation request. |
| Stopped | Stopped | Stable | Instance is stopped — after creation (before first start), a normal stop, or hibernation. Console-created instances and those created by RunInstances start automatically. For pay-as-you-go instances in economical mode: vCPUs, memory, and the static public IP address are released and no longer billed; disks and associated EIPs remain billed. |
| Expired | Stopped | Stable | A subscription instance has expired, or a pay-as-you-go instance was stopped due to overdue payment. The instance awaits release. |
| Locked | Stopped | Stable | Instance is locked for security reasons. Request unlocking on the Network security control events page. |
| To Be Released | Stopped | Stable |
A refund has been applied for an unexpired subscription instance. |
State transitions
The following diagram shows how instances move between states.
Create an instance
After creation, an instance moves through Pending, Starting, and Running. Connect via SSH, RDP, or Session Manager. See Create an instance and Connect to an instance.
Stop an instance
Stopping moves an instance through Stopping and Stopped. Stop an instance before replacing the OS, changing the private IP address, or changing the instance type (pay-as-you-go only).
For pay-as-you-go instances stopped in economical mode, vCPUs, memory, and the static public IP address are released and no longer billed. Disks and associated EIPs remain billed.
See Stop an instance.
Start an instance
Starting moves an instance through Starting and Running. See Start an instance.
Restart an instance
Restarting moves an instance through Stopping, Starting, and Running. Restart for maintenance tasks such as applying updates or saving configuration changes.
A restarted instance may move to a new host. To keep it on the same host, use a dedicated host. See Restart an instance.
Release an instance
Release an instance when it is no longer needed to stop incurring charges.
After release, the instance ID, static public IP address, system disk, and data disks with Release Disk with Instance enabled are permanently deleted. Associated EIPs are detached and retained. Data disks with Release Disk with Instance disabled are detached and retained.
Enable release protection to prevent accidental deletion. See Release an instance.
Get started
Plan before you create
Before creating an instance, decide on the following:
-
Region: Which region to deploy in, and whether the instance types you need are available there. See Instance Types Available for Each Region.
-
Instance type: Which instance family and type fits your workload. See the workload table in Instance type.
-
Image: Which OS or pre-configured environment to start from.
-
Storage: How much disk space you need and whether you need data disks.
-
Network: Whether the instance needs public internet access, and which VPC and security group to use.
-
Billing method: Subscription, pay-as-you-go, or Spot Instance. Consider whether savings plans reduce costs for your usage pattern. See Subscription, Pay-as-you-go, and Spot Instance.
Create an instance
Two options are available:
-
Quick Launch (recommended for most users): Create a subscription instance in minutes with a curated set of instance types and images. Most configurations are preset.
-
Custom launch: Configure the image, instance type, storage, bandwidth, and security groups to match your requirements.
Connect to an instance
Connect via SSH (Linux), RDP (Windows), VNC, or Session Manager. See Connect to an instance.
If you did not set a logon password at creation or forgot it, reset the logon password before connecting.
Manage an instance
See Manage instances.
Deploy services
Deploy software environments, websites, or applications on your instance:
-
Development environments: See Build a software development environment.
-
Websites: See Build a website.
-
Applications (databases, code hosting): See Build an application.
Monitor and troubleshoot
-
For downtime, startup failures, or connection issues, use self-diagnostic tools. See Troubleshooting.
-
Use OOS to run scheduled or batch O&M tasks. See CloudOps Orchestration Service (OOS).
Change instance configurations
If the current configuration no longer fits your workload, change the instance type, public bandwidth, or data disk billing method. See Overview of instance configuration changes.
Security recommendations
Follow these practices to improve the security of your ECS instances:
-
Permission control: Use Resource Access Management (RAM) to control which users can manage ECS resources and what actions they can perform. See Identities.
-
Network security: Use VPCs to isolate services of different security levels. Use security groups to control inbound and outbound traffic. Allow internet access only when necessary.
-
Data integrity: ECS uses triplicate storage, secure data erasure, and CRC to protect data at rest and in transit. See Ensure data integrity.
-
Data confidentiality: ECS protects data at rest, in transit, and in use — covering storage, network transmission, and runtime computing confidentiality. See Ensure data confidentiality during data storage, transmission, and computing.
-
Monitoring and logging: Use services such as CloudMonitor and Cloud Config to monitor resource usage and performance in real time. Configure alerts for early exception detection.