检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Cross-region replication Encrypted images cannot be replicated across regions. Can I Replicate Images Across Regions Between the Chinese Mainland, International, and European Websites?
Image Encryption How Can I Share an Encrypted Image or Publish It in KooGallery? You are not allowed to share an encrypted image or publish it in KooGallery directly.
Encrypted full-ECS images cannot be replicated across regions. Introduction You can create an encrypted image from an image file or an encrypted ECS. Create an encrypted image from an image file.
An encrypted image will be created. Create an Encrypted Image from an Encrypted ECS When you use an ECS to create a private image, if the system disk of the ECS is encrypted, the private image created from this ECS will also be encrypted.
Authentication Requests for calling an API can be authenticated using either of the following methods: AK/SK authentication: Requests are encrypted using AK/SK pairs. AK/SK authentication is recommended because it is more secure than token authentication.
Table 6 Constraints on other image operations Operation Item Constraint Encrypting an image Creating an encrypted image from an encrypted ECS or an external image file An image encrypted using the default key cannot be shared with other tenants.
Exporting an Image Encrypting images You can create encrypted images to improve data security. KMS envelope encryption is used. Encrypted images can be created from external image files or encrypted ECSs.
The following images cannot be shared: KooGallery images Encrypted images Full-ECS images created from a CSBS backup Images can only be shared within the same region. If you are attempting to share an image across regions, your attempt will fail.
An image encrypted using the default key cannot be shared with other users. Only full-ECS images created from CBR backups can be shared. Full-ECS images created using other methods cannot be shared. Parent topic: Common Parameters
Replicate an encrypted image to an encrypted one. Keys for encrypting the images cannot be changed. If you want to change the key of an encrypted image, you can replicate this image to a new one and encrypt the new image using an encryption key.
Encrypted images can be created from external image files or encrypted ECSs. Launched regions: all How Do HUAWEI CLOUD Services Use KMS to Encrypt Data?
An image cannot be replicated to generate an encrypted image. Procedure Access the IMS console. Log in to the management console. Under Compute, click Image Management Service. The IMS console is displayed. On the displayed IMS console, click the Images Shared with Me tab.
Fast Export is unavailable for encrypted images. To export an encrypted image, decrypt it first. Constraints An image can only be exported to a Standard bucket that is in the same region as the image.
Image replication Replicate images within a region for conversion between encrypted and non-encrypted images. Replicate images across regions to migrate services between regions. Image quota Query the number of private images in the current region.
Only an encrypted private image can be created from an encrypted ECS. Name Set a name for the image. Enterprise Project Select an enterprise project from the drop-down list.
Image encryption You can create encrypted images to ensure data security. Parent topic: Security
Constraints Only an unencrypted image file or an image file encrypted using SSE-KMS can be uploaded to an OBS bucket. When uploading an image file, you must select an OBS bucket with the storage class of Standard. Procedure Use OBS Browser+ to upload the image file.
Constraints Only an unencrypted image file or an image file encrypted using SSE-KMS can be uploaded to an OBS bucket. When uploading an image file, you must select an OBS bucket with the storage class of Standard. Procedure Use OBS Browser+ to upload the image file.
Scenarios To share an encrypted image, you need to authorize the key used for encrypting the image. This section describes how to authorize a key. The key can only be a custom key. The default key cannot be authorized. Prerequisites You have confirmed the key to be authorized.
Replicating images: In-region: You can convert encrypted and unencrypted images into each other or enable some advanced features (such as fast ECS creation from an image) by replicating an image within a region.
