After you activate Alibaba Cloud OSS, you must create a bucket in the OSS console to store objects.
Use the OSS console
To create a bucket in the OSS console, perform the following steps:
- Log on to the OSS console.
- Open the Create Bucket dialog box.
- New console: In the left-side navigation pane, click Buckets. On the page that appears, click Create Bucket.
- Old console: In the left-side bucket list, click the + icon.
You can also click Overview. Click Create Bucket in the upper-right corner.
- In the Create Bucket dialog box that appears, configure the parameters listed in the following table.
Parameter Description Bucket Name Set the name of the bucket. The name cannot be changed after the bucket is created. The naming conventions are as follows:
- The bucket name must be globally unique in Alibaba Cloud OSS.
- The name can contain only lowercase letters, digits, and hyphens (-).
- The name must start and end with a lowercase letter or digit.
- The name must be 3 to 63 bytes in length.
Region Select the region for the bucket. The region cannot be changed after the bucket is created. To access OSS from an ECS instance over the internal network, select the region in which the ECS instance is located. For more information, see Endpoints. Storage Class Select the storage class for the bucket.
- Standard: provides storage services featuring high performance, reliability, and availability. This storage class is suitable for frequently accessed data.
- IA: has lower storage prices and is suitable for long-term storage of data. Data of this type is less frequently accessed. Objects of the IA storage class must be stored for a minimum period of 30 days. Fees are incurred if objects of the IA storage class are deleted before they are stored for 30 days. Objects of the IA storage class also have a minimum billable size of 64 KB. Any objects smaller than 64 KB are charged as 64 KB. In addition, retrieving data of this type also incurs fees.
- Archive: has the lowest price among the three storage classes. It is suitable for long-term (at least six months) storage of data that is infrequently accessed. The data may take up to one minute to restore before it can be read. This storage option is suitable for data such as archival data, medical images, scientific materials, and video footage.
For more information, see Overview.
Zone-redundant Storage Select whether to enable zone-redundant storage (ZRS).
- Enable: backs up your data to three zones within the same region to provide data center disaster recovery. The redundancy type of the objects in the bucket is ZRS after this feature is enabled. If the storage class of the bucket is Standard, the objects in the bucket are standard (LRS) objects by default. For more information, see Zone-redundant storage.
- Disable: The redundancy type of the objects in the bucket is locally redundant storage (LRS) after this feature is disabled. If the storage class of the bucket is Standard, the objects in the bucket are standard (LRS) objects by default.
- ZRS is available in the Singapore, China (Shenzhen), China (Beijing), China (Hangzhou), and China (Shanghai) regions. This feature will be available in other regions.
- ZRS cannot be disabled after it is enabled. Exercise caution when you enable this feature.
- This feature incurs extra costs.
Versioning Select whether to enable versioning.
Note Versioning is available in all regions except for China (Hangzhou), China (Shenzhen), and China (Zhangjiakou).
- Enable: When versioning is enabled for a bucket, data that is overwritten or deleted is saved as a previous version of an object. Versioning allows you to restore objects in a bucket to any previous point in time, and protects your data from being accidentally overwritten or deleted. For more information, see Introduction to versioning.
- Disable: disables versioning.
Access Control List (ACL) Select the bucket ACL.
- Private: Only the bucket owner can perform read and write operations on objects in the bucket. Other users cannot access the objects in the bucket.
- Public Read: Only the bucket owner can perform write operations on objects in the bucket. Other
users, including anonymous users, can perform only read operations on objects in the
Warning All Internet users can access objects in the bucket. This may cause unwanted access to the data in your bucket, and cause an increase in your fees. Exercise caution when you set your bucket ACL to Public Read.
- Public Read/Write: All users, including anonymous users, can perform read and write operations on objects
in the bucket.
Warning All users on the Internet can access objects in the bucket and write data to the bucket. This may cause unwanted access to the data in your bucket, and cause an increase in your fees. If a user uploads prohibited data or information, it may affect your legitimate interests and rights. Therefore, if there are no special requirements, we recommend that you do not set your bucket ACL to Public Read/Write.
Server-side Encryption Select whether to enable server-side encryption.
- None: Server-side encryption is disabled.
- AES256: Objects are encrypted by using AES-256. OSS server-side encryption uses AES-256 to encrypt objects with different data keys. AES-256 uses master keys that are regularly rotated to encrypt data keys.
- KMS: You can use a specified CMK ID or the default CMK stored in KMS to encrypt or decrypt
data. For more information about KMS-based encryption, see Implement server-side encryption with CMKs stored in KMS.
- alias/acs/oss: The default CMK stored in KMS is used to encrypt different objects and decrypt the objects when they are downloaded.
- CMK ID: The keys generated by a specified CMK are used to encrypt different objects and the specified CMK ID is recorded in the metadata of the encrypted object. Objects are decrypted when they are downloaded by users who have decryption permissions. Before specifying a CMK ID, you must create a normal key or an external key in the same region as the bucket in the KMS console. This feature is in public preview. To obtain the related permissions, contact technical support personnel.
- Before using the KMS-based encryption, you must activate KMS.
- You are charged for calling API operations when you use CMKs to encrypt or decrypt data.
Real-time Log Query Select whether to enable real-time log query for OSS.
- Enable: enables real-time log query for OSS. OSS uses Log Service to provide real-time OSS log queries for the last seven days free of charge. After this feature is enabled, you can query and analyze records of access to objects in OSS buckets through the OSS console in real time. For more information, see Real-time log query.
- Disable: disables real-time log query.
- Click OK.
ossutil is a command line tool for OSS. You can use ossutil to create a bucket. For more information, see mb.
Use APIs and SDKs
- API operation: PutBucket
- Java SDK: Manage buckets
- Python SDK: the "Create a bucket" section in Manage buckets
- PHP SDK: the "Create a bucket" section in Bucket
- Go SDK: the "Create a bucket" section in Bucket
- C SDK: the "Create a bucket" section in Bucket