Alibaba Cloud Object Storage Service (OSS) is a secure and cost-effective object storage service that offers 99.9999999999% (twelve 9's) of data durability and 99.995% of data availability. OSS provides multiple storage classes to help you manage and reduce storage costs.

OSS provides platform-independent API operations, which allows you to upload and access your data from any application at any time and anywhere.

Aside from the API operations, OSS provides SDKs and migration tools that can help you transfer large amounts of data to and from OSS. OSS offers a selection of storage classes that are designed to meet the requirements for a variety of use cases. For example, you can store images, audio, and videos used in your apps and websites as Standard objects for frequent access, and save costs by storing infrequently accessed data that you want to retain for long periods of time as Infrequent Access (IA), Archive, or Cold Archive objects.

Get started with OSS

  • Video introduction

    The following video provides a quick introduction to OSS and its features.

  • FAQ

    Browse the FAQ to obtain answers to frequently asked questions about OSS.


OSS stores data as objects within buckets. To store data in OSS, you must first create a bucket within a region and specify the access control list (ACL) and storage class for the bucket. When you upload an object to OSS, you must specify a name for the object (also referred to as an object key or a key). This name is used as the unique identifier of the object within a bucket.

OSS provides region-specific endpoints through which you can access your data. Endpoints allow you to use OSS operations to manage your data. OSS authenticates a request by verifying the symmetric AccessKey pair (AccessKey ID and AccessKey secret) contained in the request.

OSS ensures atomic updates to all objects and provides strong read-after-write consistency for operations on all objects.

  • Bucket

    A bucket is a container for objects that are stored in OSS. Every object in OSS is contained in a bucket. You can configure a variety of attributes for a bucket, including its region, permissions, and storage class. Storage classes are useful when you need to store data that have different access patterns.

  • Object

    Objects are the smallest manipulatable data unit in OSS. Files uploaded to OSS are called objects. Unlike typical file systems, objects in OSS are stored in a flat structure instead of a hierarchical structure. An object is composed of a key, metadata, and the data stored in it. Each object in a bucket is uniquely identified by its key. Object metadata is a group of key-value pairs that define the properties of an object, such as the size of the object and the time when the object is last modified. You can also specify custom user metadata to objects in OSS.

  • Object key

    In SDKs for different programming languages, ObjectKey, Key, and ObjectName indicate the full path of the object. You must specify the full path of an object when you perform operations on the object. For example, when you upload an object to a bucket, ObjectKey indicates the full path that includes the extension of the object. For example, you can set ObjectKey to abc/efg/123.jpg.

  • Region

    A region is a physical location from which OSS provides services. When you create a bucket, you can select a region based on the cost or location from which the bucket is most frequently accessed. In most cases, when a user accesses OSS from a geographically closer location, the access speed is faster. For more information, see Regions and endpoints.

  • Endpoint

    An endpoint is a domain name used to access OSS. OSS provides region-specific endpoints that you can use to access your data. You can manage your data in different regions by using the OSS API operations. A region has different endpoints for access over the internal network and for access over the Internet. For example, the public endpoint used to access OSS data in the China (Hangzhou) region is, and the internal endpoint is For more information, see Regions and endpoints.

  • AccessKey pair

    An AccessKey pair is used to authenticate a requester. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. OSS uses an AccessKey pair to implement symmetric encryption and verify the identity of a requester. The AccessKey ID is used to identify a user. The AccessKey secret is used to encrypt and verify the signature string. The AccessKey secret must be kept confidential. OSS supports AccessKey pairs obtained by using the following methods:

    • AccessKey pairs applied for by the bucket owner.
    • AccessKey pairs granted by the bucket owner through Resource Access Management (RAM).
    • AccessKey pairs granted by the bucket owner through Security Token Service (STS).

    For more information about AccessKey pairs, see Obtain an AccessKey pair.

  • Strong consistency

    OSS guarantees atomic updates to all objects. Operations performed in OSS can either succeed or fail. When an object is updated and you attempt to retrieve the object, you will get either the data before or after the update, but never partial or corrupt data.

    Object operations in OSS are highly consistent. For example, when a user receives an upload (PUT) success response, the uploaded object can be immediately read, and replicas of the object are created for redundancy. This ensures that you can always obtain data when you perform the read-after-write operation. Delete operations in OSS are also highly consistent. After a user deletes an object, the object and its replicas no longer exist.

For more information about the basic concepts in OSS, see Terms.


  • Versioning

    You can configure versioning for a bucket to protect objects stored in the bucket against unintended operations. When versioning is enabled for a bucket, existing objects in the bucket are stored as previous versions when they are overwritten or deleted. Previous versions provide an insurance against accidental deletions or overwrites. You can recover objects to a previous version at any time. For more information about versioning, see Overview.

  • Bucket Policy

    OSS provides bucket-level access control in the form of bucket policies, which can be used to implement flexible and fine-grained permission management. The owner of a bucket can configure bucket policies to grant users access to the bucket and assign permissions to users on objects in the bucket. For example, you can configure bucket policies to authorize other Alibaba Cloud accounts or anonymous users to access or manage all or part of resources in your bucket. You can also configure bucket policies to grant read-only, read/write, or full permissions to different RAM users of the same Alibaba Cloud account. For more information about how to configure bucket policies, see Configure bucket policies to authorize other users to access OSS resources.

  • Cross-region replication

    Cross-region replication (CRR) enables you to automatically and asynchronously (near real-time) replicate objects across buckets in different OSS regions. Operations performed on the source bucket (such as creating, overwriting, and deleting objects) are performed asynchronously on the destination bucket. CRR is ideal for meeting compliance requirements for cross-region disaster recovery and data replication. For more information about CRR, see CRR.

  • Encryption

    Server-side encryption: Objects uploaded to a bucket that has server-side encryption enabled are encrypted before they are committed to storage. When you attempt to download objects from the bucket, OSS decrypts the objects before returning the objects. A header is added in the response to indicate that the object is encrypted on OSS servers. For more information about server-side encryption, see Server-side encryption.

    Client-side encryption: Objects are encrypted on the local client before they are uploaded to OSS. For more information about client-side encryption, see Client-side encryption.

  • Data durability

    By default, OSS permanently stores objects uploaded to your buckets except in the following circumstances:

    • Objects are manually deleted by using the OSS console, OSS SDKs, ossutil, ossbrowser, or API operations. For more information, see Delete objects.
    • Objects are automatically deleted within a specified time period based on a lifecycle rule. For more information, see Lifecycle rules based on the last modified time.
    • Overdue fees are not paid within 15 days after service suspension. For more information, see Service suspension.

For more information about OSS features, see Functions and features.


You can use a variety of methods to upload, download, and manage objects in OSS.

  • Manage OSS by using the OSS console

    OSS provides a web-based console. You can log on to the OSS console to manage your OSS resources. For more information, see Overview of the OSS console.

  • Manage OSS by using API operations or SDKs

    OSS provides RESTful API operations and SDKs for multiple programming languages to facilitate secondary development. For more information, see List of operations by function and Overview.

  • Manage OSS by using tools

    OSS provides multiple management tools, such as ossbrowser, ossutil, and ossftp. For more information, see OSS tools.

  • Manage OSS by using CSG

    OSS uses a flat structure instead of a hierarchical structure to store objects. All elements are stored as objects in buckets. To use OSS in the same manner in which local file systems are used, you can configure Cloud Storage Gateway (CSG). For more information, go to the CSG product page.


OSS supports the following billing methods:
  • Pay-as-you-go: By default, the pay-as-you-go billing method applies to all billable items. You are charged for the actual usage of each billable item. Fees are paid after resources are consumed. This billing method is ideal for scenarios in which the usage of resources is difficult to predict. For more information, see Pay-as-you-go.
  • Subscription (resource plan): OSS provides resource plans to offset fees generated for some billable items. You can purchase resource plans that cover specific billable items at discount prices. Resources are consumed before fees are offset by resource plans. Resource plans are ideal for scenarios in which the usage of resources is easy to predict. For more information, see Overview.
  • Storage capacity unit (SCU): You can use SCUs to offset storage fees that are generated for using OSS and other Alibaba Cloud storage services. For more information, see SCU.
  • Compared with the pay-as-you-go billing method, resource plans and SCUs are more cost-effective.
  • Each resource plan or SCU provides a quota of resource usage. If the quota is exceeded, you are charged for the excess resource usage based on the pay-as-you-go billing method. We recommend that you purchase resource plans and SCUs based on your workloads and business scale.

Related services

After you upload your data to OSS, you can use other Alibaba Cloud features and services to manage your data.

The following features and services are frequently used with OSS:

  • Image Processing (IMG) is a service that allows you to perform a variety of image manipulation operations such as format conversion, resizing, cropping, rotating, and adding watermarks to images stored in OSS. For more information, see IMG implementation modes.
  • Elastic Compute Service (ECS) is a cloud computing service that offers elastic and efficient computing capability. For more information, go to the ECS product page.
  • Alibaba Cloud CDN is a distributed network that caches resources from an origin server to edge nodes in different regions to accelerate content delivery. For more information, go to the CDN product page.
  • E-MapReduce (EMR) is a big data processing solution built on ECS. EMR is developed based on open source Apache Hadoop and Apache Spark to facilitate data analysis and processing. For more information, go to the E-MapReduce product page.
  • ApsaraVideo Media Processing is a service that converts audio or video objects stored in OSS into files that are suitable for playback on PCs, TVs, and mobile devices. ApsaraVideo Media Processing leverages deep learning technologies to perform multimodal analysis on the audio, text, and images in video files and the content of audio files. ApsaraVideo for Media Processing uses the analysis results to intelligently audit, comprehend, and edit the content of the audio or video files. For more information, go to the ApsaraVideo Media Processing product page.
  • Data Online Migration is a service that allows you to migrate data from a third-party storage service such as Amazon Web Services (AWS) and Google Cloud to OSS with ease. For more information, go to the Data Online Migration documentation.
  • Data Transport is a service that helps you migrate large amounts of data to OSS under limited network conditions. For example, you can use Data Transport to migrate petabyte-scale data to OSS when upload speed is slow and hardware expansion costs are high. For more information, see What is Data Transport?

Alibaba Cloud storage services

In addition to OSS, Alibaba Cloud also provides a variety of storage services such as file storage and block storage that you can use to meet the varied demands of your unique business scenarios. For more information about Alibaba Cloud storage services, see Overview.

For more information about use cases and solutions of Alibaba Cloud storage services, visit Alibaba Cloud Storage.