A bucket is the basic container for objects in Object Storage Service (OSS). All objects are stored directly in a bucket — there is no directory hierarchy like a traditional file system.
To simulate a folder structure, use a forward slash (/) as a delimiter in object names — for example, folder/file.jpg. The OSS console and OSS Browser display these prefixes as folders.
Key concepts
Region
A region is the physical location of the data center where the bucket resides. The region cannot be changed after the bucket is created.
Storage class
Choose a storage class based on how frequently you access your data. This choice directly affects storage costs.
| Storage class | Key features | Minimum storage duration | Typical use cases |
|---|---|---|---|
| Standard | Supports frequent read and write access | None | Dynamic data for websites and applications |
| Infrequent Access | Lower access frequency | 30 days | Monitoring data, logs, and enterprise backups |
| Archive Storage | Rarely accessed data | 60 days | Long-term archiving and medical imaging |
| Cold Archive/Deep Cold Archive | Almost never accessed; must be restored before access | 180 days | Compliance data and historical image archives |
If you are unsure which storage class to use, start with Standard. Then use lifecycle rules to automatically transition data to a lower-cost storage class as it ages. For more details, see Storage classes and OSS pricing.
Storage redundancy type
The redundancy type determines how many copies of your data OSS maintains and the resulting reliability level.
| Redundancy type | Data reliability | Recommended for |
|---|---|---|
| LRS (locally redundant storage) | 99.999999999% (11 nines) | Development and testing environments |
| ZRS (zone-redundant storage) | 99.9999999999% (12 nines) | Production environments |
You can upgrade a bucket from LRS to ZRS, but cannot downgrade from ZRS to LRS. For more details, see Data redundancy types.
Basic operations
An Alibaba Cloud account can create a maximum of 100 buckets per region. A single bucket has no capacity limit.
Create buckets: Create a new bucket to store your objects.
List buckets: View a list of the buckets that you created.
Get the region of a bucket: Check which region a bucket is located in.
Delete buckets: Delete a bucket you no longer need.
Bucket FAQ: Find solutions to common problems.
Access control
OSS enforces bucket access using a layered model. Policies are applied in the following order, from highest to lowest precedence:
Block Public Access — A bucket-level switch that blocks all public access, overriding any ACL or bucket policy that might otherwise grant it. Keep this enabled unless you have a specific requirement for public access. This setting is on by default for all new buckets created in the console.
Bucket policies — Resource-based policies that grant fine-grained access to specific buckets and objects, including access from other Alibaba Cloud accounts or anonymous users.
RAM Policy — User-based policies that control which OSS resources Resource Access Management (RAM) users under your account can access. Use RAM policies to grant least-privilege access to internal users and applications.
Bucket ACL — A simplified permission model with three preset levels: private, public-read, and public-read-write.
Scenario-specific configurations
Ensure data security and compliance
Protect data from unauthorized access and accidental leaks with a layered security approach:
Keep Block Public Access enabled as a baseline security measure.
Use a RAM policy to grant least-privilege access to internal users and applications.
Enable server-side encryption to protect data at rest.
Enable log storage to record all access requests for security audits and troubleshooting.
Implement data disaster recovery and backup
Prevent data loss from accidental deletion or regional failures:
Prevent accidental deletion: Enable versioning to retain historical versions of objects and restore them at any time.
Automate backups: Use the scheduled backup feature to back up your data automatically every day.
Reduce long-term storage costs
For data that is accessed less frequently over time — such as logs and backup files — configure lifecycle rules to automatically transition objects from Standard to Infrequent Access or Archive Storage, and delete them after they expire. This optimizes storage costs without manual intervention.
Accelerate global access
To improve upload and download speeds for a global user base, enable transfer acceleration. This feature routes traffic through a global network of access points to accelerate data transfers across countries and regions. For static websites or frequently accessed small files, combine transfer acceleration with CDN.
Automate data processing and analytics
To trigger downstream workflows automatically when objects are uploaded to OSS, use event notification. When events such as object creation or deletion occur, OSS sends notifications to a destination such as Message Service (MNS) or Function Compute (FC). Use this to build event-driven pipelines for tasks like automated image processing, video and audio processing, or data analytics.