Template name
ACS-ECS-UpdateAndCopyImage
Template description
Updates an Elastic Compute Service (ECS) image and clones the ECS image to other regions. This applies to scenarios in which you want update and synchronize ECS images in multiple regions, such as software update and system configuration. When you configure this template, you must specify the following parameters: regionId: the region where the images are created and updated, sourceImageId: the original ECS image ID, and targetImageName: the name of the image to be created. In addition, you also need to specify instanceType: the instance type of the image to be created and targetRegionIds: the ID of the region to which the image is cloned. After a template is executed, the ID of the created image is returned to facilitate image verification and management.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Type | Required | Default value | Limit |
sourceImageId | The ID of the source image. | String | Yes | ||
regionId | The region ID. | String | No | {{ ACS::RegionId }} | |
zoneId | The ID of the zone in which the vSwitch is deployed. | String | No | "" | |
targetImageName | The name of the new ECS image. | String | No | UpdateImage_from_{{sourceImageId}}on{{ACS::ExecutionId}} | |
instanceType | The instance type of the ECS instance. | String | No | ecs.g5.large | Regular expression for string verification: ecs.[A-Za-z0-9.-]*. |
whetherCreateVpc | Specifies whether to create a virtual private cloud (VPC). | Boolean | No | False | |
vpcCidrBlock | The IPv4 CIDR block of the VPC. | String | No | 192.168.0.0/16 | |
vSwitchCidrBlock | The CIDR block of the vSwitch. | String | No | 192.168.1.0/24 | |
securityGroupId | The security group ID. | String | No | "" | |
vSwitchId | The vSwitch ID. | String | No | "" | |
internetMaxBandwidthOut | The public bandwidth. | Number | No | 0 | |
ramRoleName | The Resource Access Management (RAM) role attached to the ECS instance. | String | No | "" | |
systemDiskCategory | The category of the system disk. | String | No | cloud_essd | |
tags | The tags of the image. | Json | No | [] | |
commandType | The type of the Cloud Assistant command. | String | No | RunShellScript | |
commandContent | The Cloud Assistant command to be run on the ECS instance. | String | No | echo hello | |
timeout | The timeout period. | Number | No | 600 | |
targetRegionIds | The ID of the destination region. | List | No | [] | |
accountIds | The IDs of Alibaba Cloud accounts with which you want to share the image. | List | No | [] | |
scalingConfigurationIds | The ID of the scaling configuration to be modified. | List | No | [] | |
launchTemplateNames | The names of the instance launch templates to be updated. | List | No | [] | |
rateControl | The rate control settings. | Json | No | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 5} | |
OOSAssumeRole | The RAM role that is assumed by CloudOps Orchestration Service (OOS). | String | No | "" |
Output parameters
Parameter | Description | Type |
updatedImageId | String | |
imageIdAndRegion | List |
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"ros:CreateStack",
"ros:DeleteStack",
"ros:GetStack"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:CopyImage",
"ecs:CreateImage",
"ecs:CreateLaunchTemplateVersion",
"ecs:DeleteInstance",
"ecs:DeleteLaunchTemplateVersion",
"ecs:DescribeCloudAssistantStatus",
"ecs:DescribeImages",
"ecs:DescribeInstances",
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:DescribeLaunchTemplateVersions",
"ecs:DescribeLaunchTemplates",
"ecs:DescribeRegions",
"ecs:InstallCloudAssistant",
"ecs:ModifyImageSharePermission",
"ecs:ModifyLaunchTemplateDefaultVersion",
"ecs:RebootInstance",
"ecs:RunCommand",
"ecs:RunInstances",
"ecs:StopInstance"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ess:ModifyScalingConfiguration"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
References
For more information, see ACS-ECS-UpdateAndCopyImage.yml at GitHub.
Template content
FormatVersion: OOS-2019-06-01
Description:
name-en: ACS-ECS-UpdateAndCopyImage
name-zh-cn: the description in Chinese
en: 'Updates an existing ECS image via ECS Cloud Assistant then creates an ECS image and copies the new image to other regions. This is applicable to scenarios requiring update and synchronization of ECS images across multiple regions, such as software upgrade and system configuration. During configuration, users need to provide the following required parameter information: Region ID (regionId), which specifies the region of the ECS instances for the update and creation operations, Source Image ID (sourceImageId), which identifies the original ECS image that needs updating, and Target Image Name (targetImageName), for naming the newly created ECS image. Additionally, users need to configure the Instance Type (instanceType) for installing and configuring the new image, and Target Region IDs (targetRegionIds), which specify the other regions to clone the new image to. Upon execution, the template will return the IDs of the newly created and cloned images, facilitating the verification of the image update and cloning status.'
zh-cn: the description in Chinese
categories:
- image_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: the description in Chinese
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
zoneId:
Type: String
Label:
en: VSwitch Availability Zone
zh-cn: the description in Chinese
Default: ''
AssociationProperty: ALIYUN::ECS::Instance::ZoneId
AssociationPropertyMetadata:
RegionId: regionId
targetImageName:
Label:
en: TargetImageName
zh-cn: the description in Chinese
Type: String
Description:
en: <p class="p">Note:</p> <ul class="ul"> <li class="li">Length is 2~128 English or Chinese characters</li> <li class="li"><font color='red'>must start with big or small letters or Chinese, not http:// and https://. </font></li> <li class="li">Can contain numbers, colons (:), underscores (_), or dashes (-). </li> </ul>
zh-cn: the description in Chinese </li> </ul>
Default: 'UpdateImage_from_{{sourceImageId}}_on_{{ACS::ExecutionId}}'
sourceImageId:
Label:
en: SourceImageId
zh-cn: the description in Chinese
Type: String
AssociationProperty: 'ALIYUN::ECS::Image::ImageId'
AssociationPropertyMetadata:
RegionId: regionId
instanceType:
Label:
en: InstanceType
zh-cn: the description in Chinese
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
AllowedPattern: ecs\.[A-Za-z0-9\.\-]*
Default: 'ecs.g5.large'
whetherCreateVpc:
Type: Boolean
Label:
en: WhetherCreateVpc
zh-cn: the description in Chinese
Default: false
vpcCidrBlock:
Type: String
Label:
en: VPC CIDR IPv4 Block
zh-cn: the description in Chinese
Description:
zh-cn: the description in Chinese
en: 'The ip address range of the VPC in the CidrBlock form; <br>You can use the following ip address ranges and their subnets: <br><font color=''green''>[10.0.0.0/8]</font><br><font color=''green''>[172.16.0.0/12]</font><br><font color=''green''>[192.168.0.0/16]</font>'
Default: 192.168.0.0/16
AssociationProperty: ALIYUN::VPC::VPC::CidrBlock
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${whetherCreateVpc}
- true
vSwitchCidrBlock:
Type: String
Label:
en: VSwitch CIDR Block
zh-cn: the description in Chinese
Description:
zh-cn: the description in Chinese
en: Must belong to the subnet segment of VPC
Default: 192.168.1.0/24
AssociationProperty: ALIYUN::VPC::VSwitch::CidrBlock
AssociationPropertyMetadata:
VpcCidrBlock: vpcCidrBlock
Visible:
Condition:
Fn::Equals:
- ${whetherCreateVpc}
- true
securityGroupId:
Label:
en: SecurityGroupId
zh-cn: the description in Chinese
Type: String
Default: ''
AssociationProperty: 'ALIYUN::ECS::SecurityGroup::SecurityGroupId'
AssociationPropertyMetadata:
RegionId: regionId
Visible:
Condition:
Fn::Equals:
- ${whetherCreateVpc}
- false
vSwitchId:
Label:
en: VSwitchId
zh-cn: the description in Chinese
Type: String
Default: ''
AssociationProperty: 'ALIYUN::VPC::VSwitch::VSwitchId'
AssociationPropertyMetadata:
RegionId: regionId
ZoneId: zoneId
Filters:
- SecurityGroupId: securityGroupId
Visible:
Condition:
Fn::Equals:
- ${whetherCreateVpc}
- false
internetMaxBandwidthOut:
Type: Number
Label:
zh-cn: the description in Chinese
en: Internet Max Bandwidth Out
Description:
zh-cn: the description in Chinese
en: no public ip if zero
Default: 0
MinValue: 0
MaxValue: 100
ramRoleName:
Label:
en: RamRoleName
zh-cn: the description in Chinese
Type: String
AssociationProperty: ALIYUN::ECS::RAM::Role
Default: ''
systemDiskCategory:
Label:
en: SystemDiskCategory
zh-cn: the description in Chinese
Type: String
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
RegionId: regionId
InstanceType: instanceType
Default: cloud_essd
tags:
Label:
en: Tags
zh-cn: the description in Chinese
Type: Json
AssociationProperty: Tags
AssociationPropertyMetadata:
ShowSystem: false
Default: []
commandType:
Label:
en: CommandType
zh-cn: the description in Chinese
Type: String
AllowedValues:
- RunBatScript
- RunPowerShellScript
- RunShellScript
Default: RunShellScript
commandContent:
Label:
en: CommandContent
zh-cn: the description in Chinese
Type: String
AssociationProperty: Code
Default: 'echo hello'
timeout:
Label:
en: Timeout
zh-cn: the description in Chinese
Type: Number
Default: 600
targetRegionIds:
Label:
en: TargetRegionIds
zh-cn: the description in Chinese
Type: List
AllowedValues:
- all-regions
- cn-beijing
- cn-qingdao
- cn-zhangjiakou
- cn-huhehaote
- cn-hangzhou
- cn-shanghai
- cn-shenzhen
- cn-chengdu
- cn-hongkong
- cn-heyuan
- cn-wulanchabu
- ap-northeast-1
- ap-southeast-1
- ap-southeast-2
- ap-southeast-3
- ap-southeast-5
- ap-south-1
- us-east-1
- us-west-1
- eu-west-1
- me-east-1
- eu-central-1
Default: []
accountIds:
Label:
en: AccountIds
zh-cn: the description in Chinese
Type: List
Default: []
scalingConfigurationIds:
Description:
en: <font color='red'><b>Must correspond to the selected region</b></font>
zh-cn: the description in Chinese
Label:
en: ScalingConfigurationIds
zh-cn: the description in Chinese
Type: List
Default: []
launchTemplateNames:
Description:
en: <font color='red'><b>Must correspond to the selected region</b></font>
zh-cn: the description in Chinese
Label:
en: LaunchTemplateNames
zh-cn: the description in Chinese
Type: List
Default: []
rateControl:
Label:
en: RateControl
zh-cn: the description in Chinese
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 5
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: the description in Chinese
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: createStack
Action: 'ACS::ExecuteAPI'
When:
Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
Description:
en: Create a resource stack
zh-cn: the description in Chinese
Properties:
Service: ROS
API: CreateStack
Parameters:
RegionId: '{{ regionId }}'
StackName: 'OOS-{{ACS::ExecutionId}}'
TimeoutInMinutes: 10
DisableRollback: false
Parameters:
- ParameterKey: ZoneId
ParameterValue: '{{ zoneId }}'
- ParameterKey: VpcCidrBlock
ParameterValue: '{{ vpcCidrBlock }}'
- ParameterKey: VSwitchCidrBlock
ParameterValue: '{{ vSwitchCidrBlock }}'
TemplateBody: |
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
ZoneId:
Type: String
VpcCidrBlock:
Type: String
VSwitchCidrBlock:
Type: String
Resources:
EcsVpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock:
Ref: VpcCidrBlock
VpcName:
Ref: ALIYUN::StackName
EcsVSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ZoneId
VpcId:
Ref: EcsVpc
CidrBlock:
Ref: VSwitchCidrBlock
EcsSecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: EcsVpc
Outputs:
SecurityGroupId:
Value:
Ref: EcsSecurityGroup
VSwitchId:
Value:
Ref: EcsVSwitch
Outputs:
StackId:
Type: String
ValueSelector: StackId
- Name: untilStackReady
Action: 'ACS::WaitFor'
When:
Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
Description:
en: Wait for the stack status CREATE_COMPLETE
zh-cn: the description in Chinese
OnError: deleteStack
Properties:
Service: ROS
API: GetStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
DesiredValues:
- CREATE_COMPLETE
StopRetryValues:
- CREATE_FAILED
- CHECK_FAILED
- ROLLBACK_FAILED
- ROLLBACK_COMPLETE
- CREATE_ROLLBACK_COMPLETE
PropertySelector: Status
Outputs:
securityGroupId:
Type: String
ValueSelector: 'Outputs[0].OutputValue'
vSwitchId:
Type: String
ValueSelector: 'Outputs[1].OutputValue'
- Name: runInstances
Action: ACS::ECS::RunInstances
Description:
en: Create a ECS instance with source image
zh-cn: the description in Chinese
OnError: deleteStack
Properties:
regionId: '{{ regionId }}'
imageId: '{{ sourceImageId }}'
instanceType: '{{ instanceType }}'
securityGroupId:
Fn::If:
- Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
- '{{ untilStackReady.securityGroupId }}'
- '{{ securityGroupId }}'
vSwitchId:
Fn::If:
- Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
- '{{ untilStackReady.vSwitchId }}'
- '{{ vSwitchId }}'
internetMaxBandwidthOut: '{{ internetMaxBandwidthOut }}'
ramRoleName: '{{ ramRoleName }}'
systemDiskCategory: '{{ systemDiskCategory }}'
Outputs:
instanceId:
ValueSelector: instanceIds[0]
Type: String
- Name: installCloudAssistant
Action: ACS::ECS::InstallCloudAssistant
Description:
en: Install cloud assistant for ECS instance
zh-cn: the description in Chinese
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ runInstances.instanceId }}'
- Name: runCommand
Action: ACS::ECS::RunCommand
Description:
en: Run cloud assistant command on ECS instance
zh-cn: the description in Chinese
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
commandContent: '{{ commandContent }}'
commandType: '{{ commandType }}'
instanceId: '{{ runInstances.instanceId }}'
timeout: '{{ timeout }}'
- Name: stopInstance
Action: ACS::ECS::StopInstance
Description:
en: Stops the ECS instance
zh-cn: the description in Chinese
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ runInstances.instanceId }}'
- Name: createImage
Action: ACS::ECS::CreateImage
Description:
en: Create new image with the specified image name and instance ID
zh-cn: the description in Chinese
OnError: deleteInstance
Properties:
regionId: '{{ regionId }}'
tags: '{{tags}}'
imageName: '{{ targetImageName }}-{{ ACS::CurrentUTCTime }}'
instanceId: '{{ runInstances.instanceId }}'
Outputs:
imageId:
ValueSelector: imageId
Type: String
- Name: deleteInstanceAfterUpdateImageSuccessfully
Action: ACS::ExecuteAPI
Description:
en: Release the instance after updating the image successfully
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DeleteInstance
Risk: Normal
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
Force: true
- Name: deleteStack
Action: 'ACS::ExecuteApi'
When:
Fn::Equals:
- '{{ whetherCreateVpc }}'
- true
Description:
en: Delete the stack
zh-cn: the description in Chinese
Properties:
Service: ROS
API: DeleteStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{ createStack.StackId }}'
- Name: queryAllAvailableRegions
Action: 'ACS::ExecuteAPI'
Description:
en: View all available regions
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DescribeRegions
Parameters:
RegionId: '{{ regionId }}'
Outputs:
regionIds:
Type: List
ValueSelector: >-
Regions.Region[]|.RegionId|select([scan("{{regionId}}|test")]|length<1)
allRegionsChosen:
Type: String
ValueSelector: '.|{{targetRegionIds}}|sort|.[0]'
- Name: whetherCloneToAllRegions
Action: 'ACS::Choice'
Description:
en: Choose next task by targetRegionIds Chosen
zh-cn: the description in Chinese
Properties:
DefaultTask: copyImage
Choices:
- When:
'Fn::Equals':
- all-regions
- '{{ queryAllAvailableRegions.allRegionsChosen }}'
NextTask: copyImageToAllRegions
- Name: copyImage
Action: 'ACS::ECS::CopyImage'
OnSuccess: whetherToShareImage
OnError: 'ACS::END'
Description:
en: Copy image to regions chosen
zh-cn: the description in Chinese
Properties:
regionId: '{{ regionId }}'
imageId: '{{ createImage.imageId }}'
targetRegionId: '{{ ACS::TaskLoopItem }}'
targetImageName: '{{ targetImageName }}-{{ ACS::CurrentUTCTime }}'
Loop:
Items: '{{ targetRegionIds }}'
RateControl: '{{ rateControl }}'
Outputs:
imageIdsWithRegion:
AggregateType: 'Fn::ListJoin'
AggregateField: imageIdWithRegion
Outputs:
imageIdWithRegion:
ValueSelector: '.|(.imageId),"{{ ACS::TaskLoopItem }}"'
Type: List
- Name: copyImageToAllRegions
Action: 'ACS::ECS::CopyImage'
Description:
en: Copy image to all available regions
zh-cn: the description in Chinese
Properties:
regionId: '{{ regionId }}'
imageId: '{{ createImage.imageId }}'
targetRegionId: '{{ ACS::TaskLoopItem }}'
targetImageName: '{{ targetImageName }}-{{ ACS::CurrentUTCTime }}'
Loop:
Items: '{{ queryAllAvailableRegions.regionIds }}'
RateControl: '{{ rateControl }}'
Outputs:
imageIdsWithRegion:
AggregateType: 'Fn::ListJoin'
AggregateField: imageIdWithRegion
Outputs:
imageIdWithRegion:
ValueSelector: '.|(.imageId),"{{ ACS::TaskLoopItem }}"'
Type: List
- Name: whetherToShareImage
Action: 'ACS::Choice'
Description:
en: Choose next task by accountIds
zh-cn: the description in Chinese
Properties:
DefaultTask: shareImage
Choices:
- When:
'Fn::Equals':
- []
- '{{ accountIds }}'
NextTask: modifyScalingConfiguration
- Name: shareImage
Action: 'ACS::ExecuteAPI'
Description:
en: Shares a custom image to other Alibaba Cloud accounts
zh-cn: the description in Chinese
Properties:
Service: ECS
API: ModifyImageSharePermission
Parameters:
RegionId: '{{ regionId }}'
ImageId: '{{ createImage.imageId }}'
AddAccount: '{{ accountIds }}'
- Name: modifyScalingConfiguration
Action: 'ACS::ExecuteAPI'
OnError: ACS::NEXT
Description:
en: Modify scaling configuration
zh-cn: the description in Chinese
Properties:
Service: ESS
API: ModifyScalingConfiguration
Parameters:
RegionId: '{{ regionId }}'
ScalingConfigurationId: '{{ ACS::TaskLoopItem }}'
ImageId: '{{ createImage.imageId }}'
Loop:
Items: '{{ scalingConfigurationIds }}'
- Name: updateLaunchTemplate
Action: 'ACS::ECS::UpdateLaunchTemplate'
OnSuccess: ACS::END
Description:
en: Update instance launch template
zh-cn: the description in Chinese
Properties:
regionId: '{{ ACS::RegionId }}'
imageId: '{{ createImage.imageId }}'
launchTemplateName: '{{ ACS::TaskLoopItem }}'
Loop:
Items: '{{ launchTemplateNames }}'
- Name: deleteInstance
Action: ACS::ExecuteAPI
Description:
en: Deletes the ECS instance after updating the image failure
zh-cn: the description in Chinese
Properties:
Service: ECS
API: DeleteInstance
Risk: Normal
Parameters:
RegionId: '{{ regionId }}'
InstanceId: '{{ runInstances.instanceId }}'
Force: true
Outputs:
updatedImageId:
Type: String
Value: '{{ createImage.imageId }}'
imageIdAndRegion:
Type: List
Value:
'Fn::If':
- 'Fn::Equals':
- all-regions
- '{{ queryAllAvailableRegions.allRegionsChosen }}'
- '{{ copyImageToAllRegions.imageIdsWithRegion }}'
- '{{ copyImage.imageIdsWithRegion }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- regionId
- zoneId
- sourceImageId
Label:
default:
zh-cn: the description in Chinese
en: Select Origin Image
- Parameters:
- targetImageName
- tags
Label:
default:
zh-cn: the description in Chinese
en: Image Configure
- Parameters:
- instanceType
- whetherCreateVpc
- vpcCidrBlock
- vSwitchCidrBlock
- securityGroupId
- vSwitchId
- internetMaxBandwidthOut
- systemDiskCategory
- ramRoleName
Label:
default:
zh-cn: the description in Chinese
en: ECS Instance Configure
- Parameters:
- commandType
- commandContent
- timeout
Label:
default:
zh-cn: the description in Chinese
en: Run Command
- Parameters:
- targetRegionIds
- accountIds
Label:
default:
zh-cn: the description in Chinese
en: Copy Image
- Parameters:
- scalingConfigurationIds
- launchTemplateNames
- rateControl
- OOSAssumeRole
Label:
default:
zh-cn: the description in Chinese
en: Control Options