Terraform for dummies part 6: Deploy a static website on Alibaba Cloud

Intro

3 years ago, I started the terraform for dummies series where I wanted to deploy a static website in any cloud provider there was (the dummy in question was me duh:)). But the mistake most of us make is to think AWS, Azure, GCP, Oracle Cloud are the only Hyperscalers out there.

Wrong!
Alibaba Cloud market share even stole GCP’s 3rd place in 2021 (9.5% or $8.7 Billion). It has also moved from "Niche Players" to the "Visionaries" quadrant since in the Gartner Cloud infrastructure report.
 

 
You can learn more about AliCloud services, on my previous post > Intro to Alibaba Cloud

In this 6th tutorial (as done for AWS/Azure/GCP/OCI), we will deploy a webserver with a custom homepage.
We’ll cover 2 deployments (VPC + Instance) before ending with some thoughts on AliCloud experience/challenges.
 

Here’s a direct link to my GitHub repo linked to this lab => terraform-examples/terraform-provider-alicloud

Content :
I. Terraform setup
IV. Partial deployment (VPC)
 V. Full deployment (instance)
Alibaba Cloud experience (hits and misses)

Overview

Topology

The below shows the layers involved between your workstation and AliCloud while provisioning through terraform.

Where do I find a good AliCLoud deployment sample?

You can either check the AliCloud registry, their GitgHub examples, or create a resource from the console then use the terraform import function to generate the deployment in HCL format (vpc,instance,subnet,etc..) based on their id.

Example for a VPC >>

1- Create a shell resource declaration for the vpc ina  file called vpc.tf

2- Get the id of the VPC resource from your AliCloud Console

3- Run the Terraform import then Terraform show to load the vpc’s full declaration on the same file (vpc.tf)

4- Now you can remove the id and all non required attributes to create a vpc resource

1- $ vi vpc.tf 

  provider "alicloud" {     region = "us-east-1"    }
  resource "alicloud_vpc" "terra_vpc" {
   }
2- $ terraform import alicloud_vpc.terra_vpc vpc-0xio5hkexl4c43jpqw5yw
3- $ terraform show -no-color > vpc.tf 

Terraform lab content

• VPC Deployment:To grasp the basics of a single network resource deployment.

• Instance Deployment: includes the instance provisioning (with above vpc) with a nginx web sever.

I.Terraform setup

 

Windows: Download and run the installer from their website (32-bit ,64-bit)

Linux Download, unzip and move the binary to the local bin directory

$ wget https://releases.hashicorp.com/terraform/1.0.3/terraform_1.0.3_linux_amd64.zip
$ unzip terraform_1.0.3_linux_amd64.zip
$ mv terraform /usr/local/bin/
$ terraform --version
  Terraform v1.0.3

AliCloud authentication

Same as AWS, you will need to provide both access_key_id & secret_access_key. This can be done by Including them within environment variables (TF_VAR_*) or using terraform.tfvars

Assumptions

I’ll assume either of the two above options are present/configured in your workstation:

Example: using environment variables

EXPORT TF_VAR_access_key = "<my_access_key_id>"  
EXPORT TF_VAR_secret_key = "<my_secret_key>" 

I’ll also assume you have an ssh key pair to attach to your ecs instance. If not, here is a handy command   

$  ssh-keygen -P "" -t rsa -b 2048 -m pem -f ~/.ssh/id_rsa_ali
     Generating public/private rsa key pair.

II. Clone the repository

• Pick an area on your file system to hold the terraform config and issue the following command.

$ git clone https://github.com/brokedba/terraform-examples.git

Note: You will find 2 directories inside the repository which will make things easier:  

• terraform-provider-alicloud/create-vpc/        Single VPC deploy.

•  terraform-provider-alicloud/launch-instance Web instance deploy.

III. Provider setup

Install and setup the alicloud provider for our VPC config

• Cd Into terraform-provider-ali/create-vpc where our configurations resides

ubuntu $ cd ~/terraform-examples/terraform-provider-ali/create-vpc 

• Alicloud provider will be automatically installed by terraform init.

$ terraform init
  Initializing provider plugins...
  - Finding aliyun/alicloud versions matching "1.211.2"...
  - Downloading plugin for provider "alicloud" (aliyun/alicloud) 1.211.2...


$ terraform --version
  Terraform v1.0.3
  + provider.a v1.211.2   ---> the provider is now installed
  

• Let's see what's in the create-vpc directory (click to see content)

$ tree
  .
  |-- outputs.tf        ---> displays resources detail after the deploy
  |-- variables.tf      ---> Resource variables needed for the deploy   
  |-- vpc.tf            ---> Our vpc terraform declaration
  |—- terraform.tfvars  ---> Our authentication variables to alicloud  

IV. VPC Deployment

 

This will create several components including a resource group, VPC, Vswitch (subnet) and a security group

• Once the authentication (access_key_id/secret) set, we can run terraform plan
  

$ terraform plan
   Refreshing Terraform state in-memory prior to plan... 
  ------------------------------------------------------------------------
  An execution plan has been generated and is shown below.
    Terraform will perform the following actions:

    # alicloud_resource_manager_resource_group.rg will be created  
    + "alicloud_resource_manager_resource_group" "rg" 
    {..}
    # alicloud_security_group.terra_sg will be created
    + resource "alicloud_security_group" "terra_sg" {
    + display_name        = "TerraDemo-rg"
    {..} 
    # alicloud_security_group_rule.allow_http_80 will be created
    + resource "alicloud_security_group_rule"  "allow_http_80" 
    + cidr_ip           = "0.0.0.0/0"
    + policy            = "accept"
    + port_range        = "80/80"
    {..}
    # alicloud_security_group_rule.allow_http_22 will be created
    + resource "alicloud_security_group_rule"  "allow_http_22" 
    {..}
    # alicloud_security_group_rule.allow_http_443 will be created
    + resource "alicloud_security_group_rule"  "allow_http_443" 
    {..}
    # alicloud_vpc.terra_vpc will be created
    + resource "alicloud_vpc" "terra_vpc" {
    ...
    + cidr_block             = "192.168.10.0/16"
   ...}
    # alicloud_vswitch.terra_sub will be created
    + resource "alicloud_vswitch" "terra_sub" {
    ...
    + cidr_block             = "192.168.0.0/24"
    ...
    + zone_id              = "us-east-1b"               
    {..}

  Plan: 7 to add, 0 to change, 0 to destroy.

Note: I deliberately kept only relevant attributes for the VPC resource plan

• Next, we can finally run terraform deploy to create a resource group , VPC, Vswitch and SG

$ terraform apply -auto-approve
alicloud_vpc.terra_vpc: Creating...
...
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Subnet_CIDR = "192.168.10.0/24"
Subnet_Name = "terrasub"
vpc_CIDR = "192.168.0.0/16"
vpc_dedicated_security_group_Name = "terra-sg"
vpc_dedicated_security_ingress_rules = tolist([
  "allow_https_22:  22/22 , CIDR: 0.0.0.0/0",
  "allow_http_80:   80/80 , CIDR: 0.0.0.0/0",
  "allow_https_443: 443/443 , CIDR: 0.0.0.0/0",
])
vpc_id = "vpc-0xi0eft7h4mq33yx7s0hn"
vpc_name = "Terravpc"

Observations:

When setting security groups, the nic_type parameter must be set to intranet when linked to a VPC, while  registry doc says the default value is internet (this will fire an error).

Now let’s destroy the VPC as the next instance deploy contains the same VPC specs.

$ terraform destroy -auto-approve

Destroy complete! Resources: 7 destroyed.

V. Full deployment (Instance)

Let's launch a full instance deployment from scratch by switching to the second directory
terraform-provider-alicloud/launch-instance/

• Here's the content:

$ tree ./terraform-provider-alicloud/launch-instance
.
|-- cloud-init           ---> SubFolder
|   `--> vm.cloud-config ---> script to config a webserver & add a HomePage
|-- compute.tf    ---> Instance related terraform configuration
|-- outputs.tf    ---> displays the resources detail at the end of the deploy
|-- variables.tf  ---> Resource variables needed for the deploy   
|-- vpc.tf        ---> same vpc terraform declaration deployed earlier

compute.tf holds the ecs instance block. All the rest comes from the vpc example.
                                                         -- “ Cloud-init subfolder” --
Cloud-init: is a cloud instance initialization method that executes tasks upon instance Startup by providing the user_data entry in the aclicloud_instance resource definition (See below).

...variable "user_data" { default = "./cloud-init/vm.cloud-config"} 
    
 $ vi compute.tf
resource "alicloud_instance" "terra_inst" {
...
user_data                    = filebase64(var.user_data)
...     

• I used cloud-init to install nginx and load an html page that will be the server's HomePage.

• Make sure you set the path for ssh public key accordingly in the variable (see variables.tf)

resource "alicloud_key_pair" "terra_key" {
   key_name   = var.key_name
   public_key = file(var.ssh_public_key)}

LAUNCH THE INSTANCE

• Cd in “launch-instance” directory, run the init , then plan command to validate the ecs instance info. 

$ terraform plan
   Refreshing Terraform state in-memory prior to plan... 
  ------------------------------------------------------------------------
  An execution plan has been generated and is shown below.
    Terraform will perform the following actions:

  ... # VPC declaration <----------------- (see previous vpc deploy) 
  ...
  # alicloud_resource_manager_resource_group.rg will be created
   + resource "alicloud_resource_manager_resource_group" "rg" {
      + display_name  = "TerraDemo-rg")
      ...}

 # alicloud_instance.terra_inst will be created
  + resource "alicloud_instance" "terra_inst" {
    + ...
    + image_id                 = "centos_7_9_uefi_x64_20G_alibase_20230816.vhd"  
    + availability_zone        = "us-east-1a"   
    + instance_name            = "ecs.c5.large" 
    + host_name            = "TerraHost" 
    + instance_type            = "ecs.c5.large" 
    + key_name                 = "demo_ali_KeyPair"
    + private_ip              = "192.168.10.51"
    + instance_charge_type     = "PostPaid"
    + internet_charge_type     = "PayByTraffic"
    + user_data                = "c8c701575f9c76db131ccf77cf352da……"
    + system_disk_size         = 20
    + stopped_mode             = "StopCharging"
    + ...
    + ...}
   
  # alicloud_key_pair.key_pair will be created
  + resource "alicloud_key_pair" "key_pair" {
    {...}
   ...
  }
  Plan: 9 to add, 0 to change, 0 to destroy.

• Let’s launch our instance using terraform apply (I left a map of different OS images in the variables.tf)

$ terraform apply -auto-approve
...
alicloud_vpc.terra_vpc: Creating...
alicloud_key_pair.key_pair: Creation complete after 2s [id=demo_ali_KeyPair]
alicloud_vpc.terra_vpc: Creation complete after 11s [id=vpc-0xiug9rc5utxaj3wl39a4]
alicloud_security_group.terra_sg: Creation complete after 1s [id=sg-0xiis3c92f51bgmybx4c]
alicloud_vswitch.terra_sub: Creation complete after 7s [id=vsw-0xi6lj5g2hvlaleytf54a] 
alicloud_instance.terra_inst: Creating... [10s elapsed]
alicloud_instance.terra_inst: Creating... 17s [id=i-0xi6p7buqfj6902i8ul5]

...
Apply complete! Resources: 9 added, 0 changed, 0 destroyed.

Outputs:
...
vpc_Name    = Terravpc
vpc_CIDR    = 192.168.0.0/16
Subnet_CIDR = 192.168.10.0/24
private_ip  = "192.168.10.51"
public_ip   = "47.89.159.135"
vpc_dedicated_security_ingress_rules = [
  "allow_https_80 :  80/80   , CIDR: 0.0.0.0/0",
  "allow_https_443:  443/443 , CIDR: 0.0.0.0/0",
  "allow_https_22:  22/22   , CIDR: 0.0.0.0/0",
]
SSH_Connection = ssh connection to instance TerraCompute ==>  ssh -i ~/id_rsa_ali root@47.89.159.135

• Once the instance is provisioned, juts hit the public IP address in your browser and Voila!

• Here I just embedded a video clip into the webpage but you can adapt the cloud-init file to your own liking.

• You can also tear down this configuration with a terraform destroy

Tips

•  You can fetch any of the specified attributes in outputs.tf  using terraform output command i.e: 

  $ terraform output SSH_Connection
  ssh connection to instance TerraCompute ==> ssh -i ~/.ssh/id_rsa_ali root@47.89.159.135

• Sometimes an instance type is not available in the specified region/AZ, you’d have to switch the zones 

  $ terraform apply
  Error: [ERROR]
  │    StatusCode: 403
  │    Code: Zone.NotOnSale
  │  Message: code: 403, The resource in the specified zone is no longer available
   for sale
  ------------>fix: switch from us-east-1b to us-east-b
  

Alibaba Cloud Hits and Misses

   
     Pros

• I was really impressed by the speed at which the compute instances were spun (17seconds)

• No brainer for  those who have the majority of their business and customers in south Asian region

• High availability option in China regions is insane.i.e Beijing region has a whooping 12 Availability zones

• Different billing types like Prepaid/Postpaid, By traffic/By Bandwidth, even via Paypal.

  
  
  Cons

• AliCloud lacks popularity & support in the community (fewer blogs/articles) or maybe most of it is Chinese.

• It can be a headache to find Zones supporting the service you want to deploy especially out of Asia.

• The learning curve is a bit stiff once you go beyond the simple sandbox, The doc alone won’t cut it. 

• Customers Should Choose Regions, Zones out of choice not because it’s the only one that’s not sold out. 

• There is no way to extract a Zone id based on it’s region in the alicloud_zones Data block:
  
  

  
  

    
  

   CONCLUSION

• We just demonstrated how to quickly deploy an instance using terraform in AliCloud 

•  Alibaba Cloud presents impressive strengths, especially for businesses operating in specific regions

• However, it does come with challenges, such as limited global community support &potential complexities.

• This is probably the last chapter of this Series unless I decide to add Kubenetes to the party
                                                                          Time will tell :)

Thank you for reading!

Explore Alibaba Cloud part 2: AliCloud CLI installation and few examples

Cloud CLI tools are the Most direct and simple way to interact with a new Cloud platform, It is the perfect tool for executing simple and repeatable tasks which you don’t need to keep track off. Alibaba Cloud CLI tool which also manages Cloud resources (or stacks) is no exception. In this blog post, we will install AliCloud cli and try few API requests. I do that every time I explore a cloud platform (see previous posts aws, oci, azure, gcp).

As usual, this post will be followed by another article about provisioning a vm in Ali Cloud through terraform.

Requirement

Whether on windows or on Linux the basic installation of Aliyun CLI will always require 2 elements:

• Alibaba Cloud Free Tier account
• Python 2.7.x. or higher
  
  

I. Alibaba Cloud CLI Installation

Aliyun (translated “Ali Cloud”) was the original name of the company until 2017. Therefore you will install Aliyun CLI not Alibaba Cloud cli ;).

• Windows

       1- Download & execute the following AzliyunCli installer(current version: v3.0.123) from

            Alibaba Cloud website (latest zipped version)

            GitHub(aliyun/aliyun-cli) (different version available)

       2- Unzip the downloaded file to get the executable file named aliyun.exe

       3- Add the exe file location directory path to your User %PATH% environment variable via GUI or cmd terminal

-- Option 1: from the GUI
C:\> SystemPropertiesAdvanced
 Note: Once the window is displayed –> click environment variables
--- Option 2: using pathed
C:\> PathEd.exe add "C:\DATA\cloud\alibaba”

C:\> aliyun version
     3.0.124

     Note: I used the handy pathed tool to append the %PATH% environment variable permanently


• Linux
  Download the installation package for Linux using curl , decompress it and copy the content to the user bin directory.
  

brokedba~$ curl -sL https://github.com/aliyun/aliyun-cli/releases/download/v3.0.123/aliyun-cli-linux-3.0.123-amd64.tgz | sudo tar xzC /usr/local/bin

brokedba~$ aliyun version
3.0.123

II. Authenticate to Alibaba Cloud from Aliyun CLI

Once your Alibaba Cloud Free Tier account is created and aliyun cli installed. You will need API credentials including region, and language. There is a list of credentials type available to use in order to authenticate with.
 

The 2 categories are:  1. Key/StsToken based        2. Role/Instance principal based

Obtain your Access key
We will choose AccessKey authentication for our example. 

1. Hover onto the profile picture in the upper-right corner, and click AccessKey management.  
   
   

2. On Access Key pair section click create AccessKey to generate AccessKey ID /AccessKey and copy them.
   
   
   
   

3. Now that we obtained our key pair we can finally configure our aliyun CLI profile (find all region ids here)

1. Interactive Configuration
brokedba~$  aliyun configure --mode AK -–profile default
Configuring profile 'default' in '' authenticate mode...
 Access Key Id []: AccessKey ID 
 Access Key Secret []: AccessKey Secret 
Default Region Id []: us-east-1 
Default Output Format [json]: json (Only support json) 
Default Language [zh|en] en: Saving profile[default] ...Done.
Configure Done!!!
..............888888888888888888888 ........=8888888888888888888D=..............
...........88888888888888888888888 ..........D8888888888888888888888I...........
.........,8888888888888ZI: ...........................=Z88D8888888888D..........
.........+88888888 ..........................................88888888D..........
.........+88888888 .......Welcome to use Alibaba Cloud.......O8888888D..........
.........+88888888 ............. ************* ..............O8888888D..........
.........+88888888 .... Command Line Interface(Reloaded) ....O8888888D..........
.........+88888888...........................................88888888D..........
..........D888888888888DO+. ..........................?ND888888888888D..........
...........O8888888888888888888888...........D8888888888888888888888=...........
............ .:D8888888888888888888.........78888888888888888888O ..............

2. static configuration  
brokedba~$ aliyun configure set \ --profile akProfile \ --mode AK \ --region cn-hangzhou \ --access-key-id AccessKeyID \ --access-key-secret AccessKeySecret

• We can run aliyun configure command to verify our new configuration   

$  aliyun configure list  
Profile   | Credential      | Valid   | Region  | Language
--------- | --------------- | ------- | --------- | --------
default * | AK:****6        | Valid   | us-east-1 | en

•  aliyun cli configuration is typically stored in the below directory

  $ more $HOME/.aliyun/config.json
   {
    "current": "default",
    "profiles": [
    { 
       "name": "default",   
       "mode": "AK",
       "access_key_id": xxxxxxxx
       "access_key_secret":
  …
  

III.Test your first API request




Few notions worth reminding before hitting the terminal with aliyun requests :    


A. Command structure: is based on the below components

$ aliyun <product> <operation> [--parameter1 value1 --parameter2 value2 ...]

 Parameters: 
Each followed by  values.It will always depend on the product & operation value in the command.

• Result related parameters :
     1-  unfortunately aliyun doesn’t support table output format unlike any other CSP (JSON only.Bummer!)
     2- “--output” : Allows to pick the list of fields to return in the response. It can be used to do some filtering.
  




B.  output :


The --output option allows to specify either a field, rows (using JMESpath), or num(row number).
The best way to learn is to fetch all the output then locate the rows(path) and columns to display.

 
To demonstrate the principle, here’s an example based on the ecs regions list command

--- Original command 
$ aliyun ecs DescribeRegions | head
{
"Regions": {
        "Region": [       ----> path/rows is Regions.Region[]
         { "LocalName": "华北1（青岛）",
  "RegionEndpoint": "ecs.cn-qingdao.aliyuncs.com",
           "RegionId": "cn-qingdao"
          },
...
 
--- Fileterd output based on RegionId and RegionEndPoint

$ aliyun ecs DescribeRegions --output cols=RegionId,RegionEndpoint rows=Regions.Region[]

RegionId       | RegionEndpoint
--------       | --------------
us-east-1      | ecs.us-east-1.aliyuncs.com
us-west-1      | ecs.us-west-1.aliyuncs.com
eu-west-1      | ecs.eu-west-1.aliyuncs.com
me-east-1      | ecs.me-east-1.aliyuncs.com
eu-central-1   | ecs.eu-central-1.aliyuncs.com
...


Examples 


You will have to rely on the help command first because there is no Alyun cli command reference available. This is the first time I see a CSP that doesn’t have a dedicated reference for its CLI tool.
Needless to say you’re on your own as all I found was this pdf.



•You can get help by using the following commands:

    ○ aliyun help: get product list
    ○ aliyun help <product>: get the API information of a specific product


$ aliyun Ecs StopInstance help
Alibaba Cloud Command Line Interface Version 3.0.123
Product: Ecs (Elastic Compute Service)
Parameters:  
--InstanceId  String  Required  
--ConfirmStop Boolean Optional  
--DryRun      Boolean Optional  
--ForceStop   Boolean Optional  
--Hibernate   Boolean Optional  
--StoppedMode String  Optional
...

• List of publicly available images in the current default region (us-east-1)

  $ aliyun ecs DescribeImages --output cols=OSNameEn,Architecture,OSType,IsPublic rows=Images.Image[]  
  OSNameEn                                            | Architecture | OSType | IsPublic
  --------                                            | ------------ | ------ | --------
  CentOS  7.9 64 bit for SCC                          | x86_64       | linux  | true
  CentOS  8.4 64 bit for SCC                          | x86_64       | linux  | true
  AlmaLinux  9.0 64 bit                               | x86_64       | linux  | true
  Ubuntu  22.04 64 bit                                | x86_64       | linux  | true
  CentOS Stream  9 64 bit                             | x86_64       | linux  | true
  Fedora  35 64 bit                                   | x86_64       | linux  | true
  Alibaba Cloud Linux  3.2104 LTS 64 bit UEFI Edition | x86_64       | linux  | true
  Alibaba Cloud Linux  3.2104 LTS 64 bit ARM Edition  | arm64        | linux  | true
  Alibaba Cloud Linux  3.2104 LTS 64 bit              | x86_64       | linux  | true

• Object storage tool:

• Download and install ossutil

$ wget http://gosspublic.alicdn.com/ossutil/1.7.7/ossutil64 
$ chmod 755 ossutil64
./ossutil64 config

• Create a private bucket with Zonal redundancy in us-east-1 region

$ ./ossutil64 mb oss://brokedbabucket -e oss-us-east-1.aliyuncs.com --acl private --storage-class IA --redundancy-type ZRS

Auto completion 

This commands is supposed to command to enable auto completion in zsh/bash . But it doesn’t autocomplete operation commands as available in aws cli for example. 


$ aliyun auto-completion 

Conclusion:

In this tutorial we learned how to install and configure Aliyun cli. We also described the command syntax and tried few requests using output options.

○The filtering seem to be very limited as there are no JMESPATH examples anywhere associated with rows option

○ I wish there was a command line reference that could provide more help to end users

○ FREE tier: You will still have to confirm you can use your Free tier credits before deploying any resource. 

Cheers.

Explore Alibaba Cloud part 1: Intro to Alibaba Cloud

Intro

I always believed in the horizontal approach to learn the cloud rather than the vertical method. I’m just convinced there is more to learn when you open your perspectives, even if you lose the ability to narrow your expertise on one platform. That’s a little price to pay if you want to broaden your lenses. This is why after exploring AWS, Azure, OCI, & GCP, I decided to sneak into Alibaba Cloud.

In this blog post, I will introduce you to Alibaba Cloud through a little tour of the provider’s interface, available offering along with billing options. I’m hoping to find helpful insights on the user experience while navigating this platform based on my multi-cloud background. All while staying fair and unbiased so we can solely focus on the technical aspect (geopolitical considerations aside) .

Table of contents

• Regions

• Alibaba Cloud free tier

• Interface

• Billing

• Network

• Compute

• Simple Application Server(SAS)

• Automation (IaC)

Is Alibaba Cloud a thing :)?

If you ever doubted on the role of Alibaba in the Cloud World, here’s a memo to catch up on. Alibaba Cloud market share overtook GCP to become No.3 Worldwide in 2021 (9.5% or $8.7 Billion). It has also moved from "Niche Players" quadrant to the "Visionaries" quadrant in the Gartner 2021 report for Cloud Infrastructure & Platform services, reaching the 4th place. 
Did you know that Aliyun (translated “Ali Cloud”) was the original name of the company until 2017? You can still see it hardcoded in their Console sub-pages URL.

Regions

Alibaba Cloud operates in 27 regions totaling 84 availability zones around the world with more regions set to follow. Huge presence in the Asia-Pacific area with 13 regions for China only, and new ones in S-Korea/Thailand.

Alibaba Cloud CDN service leverages a network of 2800 nodes in 70 countries across the globe (2300 in China)

Alibaba Cloud free tier

The Alibaba Cloud Free Tier provides FREE Cloud services Including 50+ Free Offers Worth $1700-$8500 USD.

The offers are time based (1-12 Months) and sometimes based in cash credit for both Individuals and enterprises.

Here are some Cloud services/products you’ll get for free and their period of availability.

Compute

• Simple Application Server-Linux (1CPU, 1G, 20GB Disk, 4Mbps ) 3 months   (+ preinstalled app)

• ECS- Burstable t5 (1CPU, 1GB , 40GB Disk, 1Mbps) 12 months

• ECS- Shared Compact Type xn4 (1CPU, 1GB , 40GB System Disk, 3Mbps) 3 months
  Note: Activating the free trial on ECS will disqualify you from using free trial on Simple Application Server.

Other

• Server Load Balancer: $15 Credit

• Alibaba Cloud CDN   6 months

• Object Storage Service 500 GB 1 month

• File storage NAS 100 GB 1month

• Tablestore 500 GB storage 750 hrs instance $19 Credit

• Hybrid Backup Recovery 100 GB storage 3 months

• ApsaraDB RDS for MySQL/PostgresSQL Dual hot-standby nodes or single node (20GB storage) 1 month

• ApsaraDB for Redis 4 GB instance 1 month

• ApsaraDB for MongoDB  3 nodes +20 Gb storage 1 month

• Elasticsearch 3 nodes (2CPU, 4GB) 1 month

• Developer After-sales support plan 1 month

• API Gateway 1 MM calls/month 1 year

• AI (image Search, speech interaction) 1-6 month

If you want to check the full package you can dig through here: Alibaba-Fee-trial

Alibaba Cloud free usage tier expiration

These free tier offers are only available in the first for 12 months following your the sign-up date. After a year

or when your service use exceeds the tiers, you simply switch to pay-as-you-go service rates.

Note: Fee usage does not accumulate. 

Alibaba Always Free Services

These services are,obviously, always free because they are merely services to manage cloud native resources like Container Registry, VPC, Basic monitoring tools, etc.. It is implicitly free for all other Cloud providers, so I’ll pass.

Interface

Here we see a `feel and look` that’s pretty close to AWS. Even the ECS(Elastic Compute Service) is likely derived from AWS EC2.

The annoying things are:

• Some links will open a new page which can led to a chrome tab chaos after few clicks.

• Beware, if you have Cloud shell open, any click on your main page will refresh the whole thing and you’ll loose all what you were working on in the terminal.

I don’t know about you, having the category of resources listed on the right side of the screen is not super intuitive.

Billing

Did you know Alibaba is the only Cloud that also takes PayPal as payment method?That’s actually quite cool, no more credit card needed as PayPal can be linked to your Debit cards.

Unfortunately, Free tier credit can’t be used if PayPal is the unique payment configured in your account (PAYG).  
Billing options:
What struck me is everything you deploy ends up with a Buy or Add to Cart button, as if you were shopping on amazon. It doesn’t matter what Billing Method you choose.

• Subscription: Allows you to use a resources only after you pay for them (at discounted rates).

• You can choose 1 month to 1 year  ( i.e USD 155/month  = USD 0.215/hour)

• Renewal: This is a very weird feature and even dangerous sometimes.

• By default, AliCloud resources will just run for a duration chosen at creation but after say 1month you’d have to renew manually. Meaning you can end up with a total mess if you have a dozen of instances with different expiration dates. Hence Auto-Renewal safety.   

 

• Pay-as-You-Go: Bills you for the exact amount of resources you use on an hourly basis.

• example : polar.mysql.mmx4.large4  => USD 0.323/hour

• Can be paired with PayPal but not enough to use Free tier resources 
  
  

• Reserved instance and saving plans:  these are similar to what AWS offers
  

Network

Same here, the naming convention doesn’t go far from AWS. VPC is also present in Alibaba but funny enough this is the only vendor I know who has a unique name for subnets. In Alibaba Cloud it is rather called vSwitch.
There can be a maximum of two VPCs per account for starters.

• The VPC CIDR bock size can be from /8 to /24

• The VSwitch CIDR block size can be from /16 to /29.

• You can expand a VPC by adding a secondary CIDR block to the VPC. (kinda like GCP)

VPC is their 2nd gen and more isolated network which is slowly replacing their 1st gen Classic Network.
See comparison below

Traffic vs bandwidth pricing

When assigning a Public IP Address to your compute instance, you have 2 billing choices for the egress traffic
 

• Pay-By-Bandwidth
  Based on a specified outbound bandwidth (i.e 3Mb/s). Fees are added to Total ECS instance fees.

• Pay-By-Traffic
  Based on the actual amount of the outbound traffic usage in GB per hour.It is a postpaid billing method.

Compute

The Compute is the cornerstone of any Cloud provider , naming convention are –as expected- pretty similar with AWS. ECS (Elastic compute service) for EC2. With different instance families and architectures.
 See full list >> here or here

• Architecture: X86, ARM, Bare Metal , heterogenous (With GPU/NPU)  

• Category: General Purpose, Compute/Memory optimized, big data, high clock speed,local SSD

• Type: Regular, Burstable (i.e baseline of 20% CPU), Preemptible Instance (aws spot instance)

• OS: The usual windows and Linux distributions including Alibaba Cloud Linux 

• Storage: EBS disks are SSD minimum, no HDD available. 

• Pricing: PAYG or subscription based and usual discounts through Reserved Instances and Saving Plans.
       Please have a look at the full detailed pricing >>here 
  
  

• Deploying in China regions

• Beijing region, allows you span deployments through a whooping 12 Availability zones.
  That’s what I call a “Mega” High availability plan ;)

• Beware, local regulation still requires your identity registration including your passport number   

Simple Application Server(SAS)

SAS is a lightweight compute product that provides ready-to-use applications to help build websites or other developments stacks with Custom Application Images. Worth a try.

• Features

• 14x Application Images (WordPress, LAMP, Docker, Plesk,Drupal, cPanel..) Autoconfigured

• 6x OS images

• Integrated with many AliCloud Services in few clicks (DNS,WAF,CDN, Firewall, ApsaraDB RDS)

• As low as US $3.5/month with enhanced SSDs (ESSDs)
  
  

 

Automation (IaC)

API based Management tools are also to a good cloud automation and governance. Here are the tools I found.

• Alibaba Cloud CLI: same as any cloud CLI tools.

• OpenAPI Explorer: allows you to retrieve/call API operations, & dynamically generate SDK sample code.

• Alibaba Cloud SDK: For several languages(Java, Python,PHP) to build and manage AliCloud services.

• Operation Orchestration Service (OOS): Automatically manages and executes O&M(operations & maintenance) tasks. You can define items such as execution tasks, sequence, & inputs and outputs in execution templates and use the templates to automate O&M tasks (i.e check CPU% and scale).

Resource Orchestration Service (ROS):
This is a user-defined templates similar to AWS Cloudformation. I said similar but it’s an understatement :).
Just look at this Cloudformation–to-ROS converter below 

Command : $ rostran transform ./cloudformation/vpc_sg.json --target-format json

CONCLUSION

• That’s it I said I’ll give some time to explore my 5th Cloud provider and it has finally happened.

• It was supposed to be a little one pager on the Alibaba Cloud Free-tier but I dug deeper than I should :)

• I hope that the above (deep dive) introduction gave you a glimpse of what to expect on Alibaba platform

• Part 2 and 3 will cover Alibaba Cloud CLI installation and a terraform deployment of a website

Stay tuned