• Elastic Cloud Server

  1. Help Center
  2. Elastic Cloud Server
  3. User Guide
  4. Service Overview
  5. Network and Security
  6. Cloud-Init


Cloud-Init is an open-source cloud initialization program, which initializes specified customized configurations, such as the hostname, key pair, and user data, of a newly created ECS.

All standard (Standard_xxx) and enterprise (Enterprise_xxx) images support Cloud-Init. Only certain community images (Community_xxx) do not support it.

Using Cloud-Init to initialize your ECSs will affect your ECS, IMS, and AS services.

Impact on IMS

To ensure that ECSs created using private images support customized configurations, you must install Cloud-Init or Cloudbase-Init before creating private images.

  • For Windows OSs, download and install Cloudbase-Init.
  • For Linux OSs, download and install Cloud-Init.

After Cloud-Init or Cloudbase-Init is installed in an image, Cloud-Init or Cloudbase-Init automatically configures initial ECS attributes when the ECS is created. For instructions about how to install Cloud-Init or Cloudbase-Init, see Image Management Service User Guide.

Impact on ECS

Impact on AS

  • When creating an AS configuration, you can use user data injection to specify ECS configurations for initialization. If the AS configuration has taken effect in an AS group, the ECSs newly created in the AS group will automatically initialize their configurations.
  • For an existing AS configuration, if its private image does not have Cloud-Init or Cloudbase-Init installed, the login mode of the ECSs created in the AS group where the AS configuration takes effect will be affected. To resolve this issue, see section "How Does Cloud-Init Influence the AS Service?" in Auto Scaling User Guide.

For more information about AS, see Auto Scaling User Guide.


  • When using Cloud-Init, enable DHCP in the VPC to which the ECS belongs.
  • When using Cloud-Init, ensure that security group rules in the outbound direction meet the following requirements:
    • ProtocolTCP
    • Port Range80
    • Remote End169.254.0.0/16

    If you use the default security group rules in the outbound direction, the preceding requirements are met, and the metadata can be accessed. Default security group rules in the outbound direction are as follows:

    • ProtocolANY
    • Port RangeANY
    • Remote End0.0.0.0/16