Skip to content

Alibaba Cloud

This document shows how to set up new environment on Alibaba Cloud (AliCloud)

Step 1: Prepare an Alibaba Cloud Account

If you do not have an Alibaba Cloud account, create one.

To configure your Alibaba Cloud account:

Obtain Alibaba Cloud Credentials

Your Alibaba Cloud credentials consist of an Access Key ID and a Secret Access Key. Follow Creating RAM Users to create a new RAM user.

Create a Virtual Private Cloud (VPC)

  1. Log on to the VPC console.

  2. Select the region of the VPC. The VPC and the cloud resources to deploy must be in the same region.

  3. Click Create VPC, configure the VPC and the VSwitch according to the following information, and click OK.

See Create a VPC.

Create an Elastic IP

  1. On the VPC Dashboard, click Elastic IPs and click Create EIP.

  2. Configure the EIP according to the following information, and then click Buy Now to complete the payment.

See Create an EIP.

Create a Key Pair

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Networks & Security > Key Pairs.

  3. On the Key Pairs page, select a region, and click Create Key Pair.

  4. On the Create Key Pair page, enter a name for the key pair, and select Automatically Create a Key Pair.

  5. Save private key to ~/Downloads/bosh.pem.

See Create an SSH key pair

Create and Configure Security Group

Log on to the ECS console. In the left-side navigation pane, select Networks & Security > > Security group.

  1. On the ECS Dashboard, select Networks & Security and then select Security group.

  2. Select a region and then click Create Security Group.

  3. Complete the Create Security Group form with the following information:

  4. Select the created security group with group name "bosh", in the Actions column click Configure Rules.

  5. On the Security Group Rules page, click Add Security Group Rules.

  6. Fill out the Edit inbound rules form and click Save.


    It highly discouraged to run any production environment with source or to make any BOSH management ports publicly accessible.

    Type Port Range Source Purpose
    Custom TCP Rule22(My IP)SSH access from CLI
    Custom TCP Rule6868(My IP)BOSH Agent access from CLI
    Custom TCP Rule25555(My IP)BOSH Director access from CLI
    All TCP0 - 65535ID of this security groupManagement and data access
    All UDP0 - 65535ID of this security groupManagement and data access

See Creating a Security Group

See Add security group rules

Step 2: Deploy

  1. Install CLI v2.

  2. Use bosh create-env command to deploy the Director.

    # Create directory to keep state
    $ mkdir bosh-1 && cd bosh-1
    # Clone Director templates
    $ git clone
    # Fill below variables (replace example values) and deploy the Director
    $ bosh create-env bosh-deployment/bosh.yml \
        --state=state.json \
        --vars-store=creds.yml \
        -o bosh-deployment/alicloud/cpi.yml \
        -o bosh-deployment/jumpbox-user.yml \
        -o bosh-deployment/credhub.yml \
        -o bosh-deployment/uaa.yml \
        -v director_name=bosh-1 \
        -v internal_cidr= \
        -v internal_gw= \
        -v internal_ip= \
        -v access_key_id=AKI... \
        -v secret_access_key=wfh28... \
        -v region=us-east-1 \
        -v zone=us-east-1a \
        -v vswitch_id=vsw-rj9rio... \
        -v security_group_id=sg-rj9dtcbw... \
        -v key_pair_name=bosh \
        -v private_key=~/Downloads/bosh.pem

    If running above commands outside of an Alibaba Cloud VPC, refer to Exposing environment on a public IP for additional CLI flags.

    See Alibaba Cloud CPI errors for list of common errors and resolutions.

  3. Connect to the Director.

    # Configure local alias
    $ bosh alias-env bosh-1 -e --ca-cert <(bosh int ./creds.yml --path /director_ssl/ca)
    # Log in to the Director
    $ export BOSH_CLIENT=admin
    $ export BOSH_CLIENT_SECRET=`bosh int ./creds.yml --path /admin_password`
    # Query the Director for more info
    $ bosh -e bosh-1 env
  4. Save the deployment state files left in your deployment directory bosh-1 so you can later update/delete your Director. See Deployment state for details.