# ECS Reference Script: `scripts/ecs.py` | API style: RPC | Version: ecs/2014-05-26 ECS is the most general-purpose compute resource, suitable for all scenarios, and is the default choice. ## Region Selection Guidance **If the task involves installing external dependencies (pip install, apt-get install, npm install, downloading GitHub assets via curl, etc.), prefer overseas regions** to avoid connectivity issues when accessing overseas sources from mainland China. | Scenario | Recommended Region | Notes | |----------|--------------------|-------| | External dependencies required | `ap-southeast-1` (Singapore) | Smooth network; access to PyPI/npm/GitHub/Docker Hub works without issue | | No external dependencies | `cn-hangzhou` (Hangzhou) and other mainland regions | Low latency, lower price | | User-specified region | Per user request | — | > When using an overseas region, the VPC/VSwitch must also be created in the same region (`ensure_vpc_and_vswitch(region="ap-southeast-1", zone_id=...)`). > A public IP must also be allocated (`internet_max_bandwidth_out > 0`); otherwise the instance cannot reach external networks. ## Full Workflow ``` 1. Spec recommendation/lookup -> 2. Inventory check -> 3. Price quote -> 4. Network preparation -> 5. Security group -> 6. Image lookup -> 7. Create instance -> 8. Run script -> 9. Resource cleanup ``` ## API Quick Reference ### 1. Spec Recommendation / Lookup #### describe_recommend_instance_type(...) -> dict **Recommended entry point**. Recommends instance specs based on requirements (vCPU/memory), with results sorted by inventory, price, or newest products. Avoids manually filtering through a large set of specs. ```python from ecs import describe_recommend_instance_type result = describe_recommend_instance_type( cores=2, # vCPU count (used together with memory) memory=4.0, # Memory in GiB (used together with cores) # instance_type="ecs.g7.large", # Or specify a spec to find alternatives (mutually exclusive with cores/memory) instance_family_level=None, # EntryLevel | EnterpriseLevel | CreditEntryLevel instance_charge_type="PostPaid", # PostPaid | PrePaid priority_strategy="InventoryFirst", # InventoryFirst | PriceFirst | NewProductFirst zone_id=None, # Restrict to a specific zone system_disk_category="cloud_essd", # Disk type filter max_price=None, # Maximum hourly unit price (spot only) instance_type_family=None, # Restrict to instance families, e.g. ["ecs.g7", "ecs.c7"] region=None, ) # result["Data"]["RecommendInstanceType"] -> [{InstanceType: {InstanceType, Cores, Memory, MemoryGB, ...}, ZoneId, Priority, ...}] # Note: Memory is originally in MB; the function automatically adds a MemoryGB field (converted to GB). Use MemoryGB when displaying. ``` #### describe_instance_types(...) -> dict Filters instance spec details by CPU/memory/GPU. Use this when you need to inspect CPU, memory, and GPU information for specific specs. ```python from ecs import describe_instance_types result = describe_instance_types( instance_type_family=None, # Instance family, e.g. "ecs.g7" instance_types=None, # Exact spec list, e.g. ["ecs.g7.xlarge"] min_cpu=8, # Minimum vCPU max_cpu=32, # Maximum vCPU min_memory=None, # Minimum memory (GB) max_memory=None, # Maximum memory (GB) gpu_amount=None, # Number of GPU cards, e.g. 1 region=None, ) # result["InstanceTypes"]["InstanceType"] -> [{InstanceTypeId, CpuCoreCount, MemorySize, GPUAmount, ...}] ``` #### describe_instance_type_families(generation, region) -> dict Lists instance families (e.g. ecs.g7 general-purpose, ecs.c7 compute-optimized). Returns `InstanceTypeFamilies.InstanceTypeFamily[]`. ### 2. Inventory Check #### describe_regions(region) -> dict Returns the list of all available regions. #### describe_zones(region) -> dict Returns the list of all available zones in the current region. #### describe_available_resource(...) -> dict Queries purchasable resources (specs/disk types/etc.) within a zone. **After picking a spec, you must call this to confirm inventory.** ```python from ecs import describe_available_resource result = describe_available_resource( destination_resource="InstanceType", # InstanceType | SystemDisk | DataDisk | Network zone_id="cn-hangzhou-h", # Optional, specifies a zone instance_type="ecs.g7.2xlarge", # Optional, filters a specific spec instance_charge_type="PostPaid", # PostPaid (pay-as-you-go) | PrePaid (subscription) io_optimized="optimized", # Defaults to optimized region=None, ) # result["AvailableZones"]["AvailableZone"] -> available resources grouped by zone ``` ### 3. Price Quote and Cost Confirmation #### describe_price(...) -> dict Queries the real-time price of an instance configuration. **Must be called before creating an instance; show the cost to the user and obtain confirmation before proceeding.** ```python from ecs import describe_price result = describe_price( instance_type="ecs.g7.2xlarge", # Required period=1, # Billing period price_unit="Hour", # Hour | Month | Year instance_charge_type="PostPaid", # PostPaid | PrePaid system_disk_category="cloud_essd", # System disk type system_disk_size=40, # System disk size (GB) internet_max_bandwidth_out=0, # Public bandwidth (Mbps); 0 = no public IP, >0 = allocate public IP amount=1, # Number of instances region=None, zone_id=None, ) # result["PriceInfo"]["Price"] -> {TradePrice, OriginalPrice, DiscountPrice, Currency} ``` #### Cost Confirmation Flow (Mandatory) After getting a quote, follow the steps below; **do not call run_instances without user confirmation**: 1. Call `describe_price` to obtain the real-time unit price 2. Estimate the runtime based on task type 3. Compute estimated total cost = unit price * estimated runtime * number of instances 4. Present the cost breakdown to the user and wait for confirmation ``` ECS Cost Estimate: Spec: ecs.t6-c1m2.large (2 vCPU, 4 GB) Image: Ubuntu 24.04 System disk: cloud_essd 40 GB Unit price: CNY 0.017/hour (trade price) Estimated runtime: ~5 minutes Estimated total cost: CNY 0.002 Billing: pay-as-you-go (PostPaid), released after completion Proceed with creation? ``` Runtime estimation reference: - Simple shell commands (echo/ls/curl): < 1 minute - Data processing/compilation: 5-30 minutes - Model training: 1-24 hours - Long-running services (Web/API): runs continuously, quoted hourly ### 4. Network Preparation You must prepare a VPC and VSwitch first (see the network preparation steps in SKILL.md). Once you have `vpc_id` and `vsw_id`, proceed to the next step. ### 5. Security Group #### setup_security_group(vpc_id, sg_name, ingress_rules, region) -> str **Recommended entry point**. Creates a security group, opens inbound ports per application requirements, and applies a full-egress rule in one step. Returns `security_group_id`. > WARNING: **Inbound rules must be set based on the application actually being deployed**: open 80/443 for websites; for management ports such as SSH, restrict `source_cidr_ip` to the operator's public IP (e.g. `1.2.3.4/32`); never expose database ports to `0.0.0.0/0`. When external access is not needed, pass `None` or `[]`. ```python from ecs import setup_security_group # Public website sg_id = setup_security_group(vpc_id="vpc-xxx", ingress_rules=[ {"port_range": "80/80"}, {"port_range": "443/443"}, ]) # Website + SSH only from the operator's IP sg_id = setup_security_group(vpc_id="vpc-xxx", ingress_rules=[ {"port_range": "80/80"}, {"port_range": "443/443"}, {"port_range": "22/22", "source_cidr_ip": "203.0.113.5/32"}, ]) # Internal-only worker, no inbound traffic sg_id = setup_security_group(vpc_id="vpc-xxx", ingress_rules=None) ``` Per-rule fields: `port_range` (required, e.g. `"80/80"`), `source_cidr_ip` (defaults to `0.0.0.0/0`), `ip_protocol` (defaults to `tcp`). For finer-grained control, call the steps separately: - `create_security_group(vpc_id, sg_name, description, region)` -> str (sg_id) - `authorize_security_group(sg_id, ip_protocol, port_range, source_cidr_ip, region)` - inbound rule - `authorize_security_group_egress(sg_id, ip_protocol, port_range, dest_cidr_ip, region)` - outbound rule ### 6. Image Lookup #### describe_images(...) -> dict ```python from ecs import describe_images result = describe_images( image_name=None, # Exact image name os_type=None, # linux | windows image_family=None, # e.g. "acs:ubuntu_24_04_x64" instance_type=None, # Filter compatible images by spec region=None, page_size=20, ) # result["Images"]["Image"] -> [{ImageId, ImageName, OSName, ...}] ``` **Prefer using image_family to retrieve the latest image precisely** - it returns a single image that is the latest version in that family. Common image families (official names): | OS | image_family | |----|--------------| | Alibaba Cloud Linux 3 LTS 64-bit (recommended) | `acs:alibaba_cloud_linux_3_2104_lts_x64` | | Ubuntu 24.04 LTS 64-bit | `acs:ubuntu_24_04_x64` | | Ubuntu 22.04 LTS 64-bit | `acs:ubuntu_22_04_x64` | | Ubuntu 20.04 LTS 64-bit | `acs:ubuntu_20_04_x64` | | CentOS 7.9 64-bit | `acs:centos_7_9_x64` | | Anolis OS 8.10 ANCK 64-bit | `acs:anolis_8_10_anck_x64` | | Debian 12 64-bit | `acs:debian_12_x64` | > Note: image_family follows the format `acs:__[_]`, and does not include suffixes such as `20G_alibase`. ### 7. Create Instance #### Recommended two-step flow: find → confirm → create **Step A: find_available_instance_type(...)** — searches across regions/zones to find an instance type with stock AND returns its pricing. Call this BEFORE cost confirmation. ```python from ecs import find_available_instance_type spec = find_available_instance_type( cores=2, memory=4, regions=["cn-hangzhou", "cn-shanghai", "cn-beijing"], # instance_type="ecs.c7.large", # Optional: check a specific type ) # spec = { # "instance_type": "ecs.c7.large", # "region": "cn-shanghai", # "zone_id": "cn-shanghai-b", # "cores": 2, "memory": 4.0, # "price_per_hour": 0.17, "currency": "CNY" # } ``` **→ Now present the cost to the user and wait for confirmation (see Cost Confirmation rule).** **Step B: create_instance_with_infra(...)** — creates VPC/VSwitch/SecurityGroup/Image and the instance. Call this AFTER user confirms the cost. ```python from ecs import create_instance_with_infra result = create_instance_with_infra( instance_type=spec["instance_type"], # From step A zone_id=spec["zone_id"], # From step A region=spec["region"], # From step A image_family="acs:alibaba_cloud_linux_3_2104_lts_x64", internet_max_bandwidth_out=5, # 0=no public IP, >0=with public IP ) # result keys: instance_id, region, zone_id, instance_type, # vpc_id, vswitch_id, security_group_id, image_id, # vpc_is_new, vswitch_is_new ``` > When using these two functions, you do NOT need to manually call `ensure_vpc_and_vswitch`, `create_security_group`, `describe_images`, or `run_instances` — they are all handled internally by `create_instance_with_infra`. > > **⛔ Do NOT pass `image_id`/`ImageId` or `UserData`** to `create_instance_with_infra()` — these are managed internally and will raise `ValueError` if passed. Use `image_family` to select the OS, and `run_command()`/`run_command_and_wait()` for script execution after creation. #### run_instances(...) -> dict (low-level) Creates an ECS instance and waits until it reaches Running. Requires VPC, VSwitch, SecurityGroup, and ImageId to be prepared in advance. Use the two-step flow above instead unless you need fine-grained control. > **⛔ UserData is forbidden**: `run_instances()` will raise `ValueError` if `UserData` is passed. To execute scripts on the instance, create the instance first, then use `run_command()` or `run_command_and_wait()` (see Section 8). This ensures script execution is observable and retriable. ```python from ecs import run_instances result = run_instances( instance_type="ecs.g7.2xlarge", # Required vswitch_id="vsw-xxx", # Required security_group_id="sg-xxx", # Required image_id="aliyun_3_x64_20G_alibase_xxx", # Required instance_name="acf-instance", # Instance name system_disk_category="cloud_essd", # System disk type system_disk_size=40, # System disk size (GB) internet_max_bandwidth_out=0, # Public bandwidth (Mbps); see note below instance_charge_type="PostPaid", # PostPaid | PrePaid amount=1, # Number of instances region=None, # **extra_params accepts any additional RunInstances parameters (except UserData) ) # result["InstanceIdSets"]["InstanceIdSet"] -> ["i-xxx"] ``` **Public IP allocation rules** (`internet_max_bandwidth_out` parameter): | Value | Effect | Use case | |-------|--------|----------| | `0` (default) | **No public IP allocated** | Pure internal tasks, no external access required | | `1~100` | **Public IP allocated automatically**, with the value as outbound bandwidth (Mbps) | Scenarios that require public network access | Typical scenarios that require a public IP: - Deploying a website / Web service (external users need access) - Scripts that need `apt-get install`, `pip install`, or `curl` to download external resources - The user wants to SSH directly to the instance > Once a public IP is allocated, bandwidth is billed by traffic (`PayByTraffic`), based on actual usage. #### describe_instances(instance_ids, instance_name, status, region, page_size) -> dict Queries instance information. Returns `Instances.Instance[]`. ### 8. Run Script #### run_command_and_cleanup(...) -> dict (ONE-SHOT TASKS) **For one-shot tasks (run script then release).** Runs the script, collects output, then automatically releases the instance + security group. VSwitch and VPC are only deleted if they were freshly created (not shared/reused). Cleanup errors are logged but do not raise — the command result is always returned. **Preferred usage** — pass the `infra` dict returned by `create_instance_with_infra()`: ```python from ecs import run_command_and_cleanup result = run_command_and_cleanup( instance_id=infra["instance_id"], command_content="#!/bin/bash\necho hello && date", # script_path="/path/to/a.sh", # Alternative: read from local file timeout=600, infra=infra, # From create_instance_with_infra(); handles cleanup scope automatically ) # result -> {ExitCode, DecodedOutput, ...} # Instance + SG released; VPC/VSwitch released only if they were newly created ``` When `infra` is provided, the function reads `vpc_is_new` / `vswitch_is_new` flags to decide cleanup scope — reused VPC/VSwitch are preserved. You can also pass individual IDs manually if needed. > **⛔ You MUST use this function for one-shot ECS tasks.** Using `run_command_and_wait()` for one-shot tasks will leave the instance running and incurring charges. #### run_command_and_wait(instance_id, ...) -> dict (LONG-RUNNING SERVICES) **For long-running services (keep the instance alive).** Runs the script and returns output, but does NOT release the instance. Use this only when the user needs the instance to keep running (e.g. web server, API service). ```python from ecs import run_command_and_wait result = run_command_and_wait( instance_id="i-xxx", script_path="/path/to/a.sh", # Local script file path command_type="RunShellScript", timeout=600, region=None, ) # result -> {ExitCode, Output(Base64), DecodedOutput, ErrorInfo, ...} ``` > When the user provides a script file (e.g. `a.sh`), prefer `script_path` to read the file content; do not manually hard-code the file content into `command_content`. Cloud Assistant InvocationStatus state transitions: `Pending -> Running -> Success/Failed/Stopped` For asynchronous execution, call the steps separately: - `run_command(instance_id, command_content, command_type, timeout, region, script_path)` -> str (invoke_id) - `describe_invocations(invoke_id, region)` -> dict - query execution status - `describe_invocation_results(invoke_id, instance_id, region)` -> dict - retrieve output ### 9. Resource Cleanup #### Cleanup Strategy (Decide by Scenario) | Scenario | Strategy | Examples | |----------|----------|----------| | One-shot script | **Automatically release all resources** after execution | `echo hello`, data processing scripts, batch compute | | Long-running service | **Do not release**; report the resource list and cost to the user | Web servers, API services, databases | | Unclear scenario | **Ask the user** whether to release | Dev/test environments, debugging tasks | Decision logic: 1. Does the script start a persistent process (e.g. `nohup`, `systemctl`, `docker run -d`, a Web framework `serve`)? -> Long-running, do not release 2. The user explicitly says "release after execution" or the script is a one-shot command -> Auto-release 3. Otherwise -> Ask the user #### Cleanup Order (Reverse of Creation Order) ``` ECS instance -> Security group -> VSwitch -> VPC ``` For each step, describe to confirm resource state, delete, then describe again to verify deletion: ```python from ecs import describe_instances, delete_instances, delete_security_group # 1. Confirm the instance exists and check its state, then release instances = describe_instances(instance_ids=["i-xxx"]) # Release (built-in retry; automatically handles states such as IncorrectInstanceStatus.Initializing) delete_instances(instance_ids=["i-xxx"], force=True) # Verify the release completed (instance disappears or state becomes Deleted) describe_instances(instance_ids=["i-xxx"]) # 2. Delete the security group (only possible after instances are released) delete_security_group(security_group_id="sg-xxx") # 3. Delete the VSwitch / VPC (see the network cleanup steps in SKILL.md) ``` > **Do not delete reused resources**: `create_instance_with_infra()` returns `vpc_is_new` / `vswitch_is_new` flags. Only delete resources where the flag is `True`. If using `run_command_and_cleanup()` with the `infra` parameter, this is handled automatically. > **Handling delete failures**: if a delete call fails (e.g. resources still have dependencies), use describe to inspect the relationships, resolve the dependencies, then retry. #### Resource Summary Regardless of whether resources are released, output a resource list to the user after the script finishes: ``` Created resources: - ECS: i-xxx (ecs.t6-c1m2.large, PostPaid ~CNY 0.017/h) [released/running] - SecurityGroup: sg-xxx [released/retained] - VSwitch: vsw-xxx [released/retained (reused)] - VPC: vpc-xxx [released/retained (reused)] ``` ## Spec Lookup Strategy Selection | Scenario | Recommended API | Notes | |----------|-----------------|-------| | Known requirements (vCPU + memory) | `describe_recommend_instance_type(cores, memory)` | Auto-recommends and sorts | | Pick the cheapest by price | `describe_recommend_instance_type(priority_strategy="PriceFirst")` | Sorted by per-vCPU hourly price | | Find which zones have stock for a given spec | `describe_available_resource(instance_type=...)` | Inventory grouped by zone | | Inspect detailed spec parameters | `describe_instance_types(instance_types=[...])` | View CPU/memory/GPU details | ## Instance Family Quick Reference | Family | Ratio | Suitable For | |--------|-------|--------------| | g (general) | 1:4 (vCPU:memory) | Web, middleware | | c (compute) | 1:2 | Batch compute, high concurrency | | r (memory) | 1:8 | Databases, big data | | t (burstable) | Baseline + credits | Dev/test | | gn (GPU) | Includes GPU | AI inference/training | ## Documentation Search When you encounter uncertain parameters, unknown error codes, or need to consult the latest API docs, use `scripts/doc_search.py` to search the official Alibaba Cloud documentation: ```python from doc_search import search_and_format # Search ECS-related docs print(search_and_format("RunInstances parameter reference", product="ecs")) print(search_and_format("DescribeImages ImageFamily", product="ecs")) print(search_and_format("Cloud Assistant InvocationStatus states", product="ecs")) # Search by error code print(search_and_format("OperationDenied.NoStock", product="ecs")) ``` Search results return titles, summaries, and links; use the web_fetch tool to inspect the full document content. ## Common Error Handling | Error | Cause | Resolution | |-------|-------|------------| | OperationDenied.NoStock | Insufficient inventory | Switch to another zone or spec; use describe_recommend_instance_type to find alternatives | | InvalidInstanceType.NotSupported | The zone does not support this spec | Confirm with describe_available_resource | | QuotaExceed | Quota exceeded | Prompt the user to request a quota increase | | InvalidSystemDiskCategory.NotSupported | The disk type is unavailable | Switch to cloud_essd or cloud_ssd |