To trigger function execution by using an event source such as Object Storage Service (OSS), Log Service, a time trigger, or Alibaba Cloud CDN, you can grant the event source permissions to access Function Compute. Such permissions are granted to a corresponding trigger. You must grant permissions to each trigger based on your requirements. This topic describes a sample scenario. This topic also describes how to grant an OSS event trigger permissions to access Function Compute.

Sample scenario

In this example, an OSS event trigger is used to trigger code execution in Function Compute. For example, to trigger Function B in Function Compute after files are uploaded to OSS bucket A, you must create an OSS event trigger and attach the required policy to the trigger. Resource Access Management (RAM) provides the AliyunOSSEventNotificationRole policy that is used to grant an OSS event trigger the permissions to trigger code execution in Function Compute. When you create an OSS event trigger, you can assign a new RAM role or an existing RAM role to the trigger, and attach the AliyunOSSEventNotificationRole policy to the RAM role. Then, the OSS event trigger can be used to trigger code execution in Function Compute. buhuoshijianyuanfangshujisuan


  1. Log on to the Function Compute console.
  2. In the top navigation bar, select a region.
  3. In the left-side navigation pane, click Services and Functions.
  4. In the Services pane, click the service that you require. On the Functions tab, click the name of the function that you require.
  5. Click the Triggers tab. Then, click Create Trigger.
  6. In the Create Trigger panel, enter the related information. Then, click OK.
    Note The process of configuring permissions for other types of triggers is similar to that for an OSS event trigger. Select a trigger type as required. An HTTP trigger is created when you create an HTTP function.
    Parameter Configuration method
    Trigger Type Select Object Storage Service (OSS).
    Trigger Name Enter a custom trigger name.
    Version/Alias Enter a version or an alias for the trigger. Default value: LATEST. For more information, see Introduction to versions.
    Bucket Select a created OSS bucket.
    Events Select a trigger event type. For more information, see Definition of OSS events.

    oss:ObjectCreated:PutObject is selected in this example.

    Trigger Rule Enter the prefix and suffix of the trigger rule. For more information about usage notes, see Trigger rules.
    Invocation Role You can assign a RAM role in one of the following ways:
    • Select an existing role
      1. Select Select an existing role from the Role Operation drop-down list.
      2. Select a RAM role that you want to assign to the trigger from the Existing Role drop-down list.
    • Create new role
      1. Select Create new role from the Role Operation drop-down list.
      2. Click Authorize.
      3. On the Role Templates page, set the parameters such as Role Name and Policy Name, and click Confirm Authorization Policy.
    • Quick authorize
      1. Select Quick authorize from the Role Operation drop-down list.
      2. Click Authorize.

        The RAM role for the trigger is AliyunOSSEventNotificationRole.

  7. Click OK.