edit-icon download-icon

Storage & CDN

Last Updated: Jun 11, 2018

Alibaba Cloud for AWS Professionals


This article discusses the main differences and similarities between AWS and Alibaba Cloud of storage & Content Delivery Network (CDN) services. It covers the following products:

Feature AWS Alibaba Cloud
Object storage Simple Storage Service(S3) Object Storage Service(OSS)
Content Delivery Network CloudFront CDN
File Storage Elastic File System (EFS) Network Attached Storage (NAS)
NoSQL Database DynamoDB Table Store

1. Object storage

This section compares AWS Simple Storage Service S3 and the distributed Object Storage Service (OSS) of Alibaba Cloud.

Object storage is a type of data storage where data are managed as objects, instead of blocks or files. Typically, object storage is used to store large files that are dominated by read operations. Like AWS S3, Alibaba Cloud OSS boasts high reliability, cost effectiveness, and scalability. Users can request data of any amount, regardless of time or location.

To distinguish between scenarios requiring different data access frequencies, Alibaba Cloud OSS categorizes storage types into Standard, Infrequent Access, and Archive, which are equally reliable but have different availability, shortest storage time, and storage overhead. For details, see Introduction to Storage Types.

1.1 Service models

The following table compares the basic functions and terminologies of AWS S3 vs Alibaba Cloud OSS:

Function Feature Amazon S3 Alibaba Cloud OSS
Deployment unit Bucket Storage space
Object identifier Key Key
Object metadata Metadata Object meta
Object version control Supported Not supported
Object lifecycle management Supported Supported
Update event notification Supported Supported
Storage type Standard, Infrequent Access, Glacier, and low redundancy storage Standard, Infrequent Access, and Archive
Deployment location Region Region

1.1.1 Storage space (bucket)

Similar to AWS S3, Alibaba Cloud OSS uses buckets to store data. As the place where data is stored, a bucket is configured with a region, access permission, and lifecycle to meet user requirements. An AWS S3 bucket must be named in accordance with the DNS standard. Similarly, a bucket of Alibaba Cloud OSS must be named in line with certain standards. Bucket names of AWS S3 and Alibaba Cloud OSS must be globally unique, and they should not be nested.

By setting a bucket ACL, Alibaba Cloud OSS authenticates a user to see whether the user has access permission for a bucket, thereby implementing access control by storage space levels.

Buckets of Alibaba Cloud OSS do not currently support version control, though it is supported by AWS S3. Alibaba Cloud OSS will support this feature soon, please stay tuned for more information.

The following table compares the features and terminologies of the deployment unit functions belonging to AWS S3 and Alibaba Cloud OSS:

Function Feature Amazon S3 Alibaba Cloud
Object storage Simple Storage Service(S3) Alibaba Cloud OSS
Deployment Unit Bucket Storage space (bucket)
Bucket ACL Supported Supported
Lifecycle Management Supported Supported
Max Bucket Quantity 100 30
Storage Type Standard, Standard IA, and Glacier Standard, Infrequent Access, and Archive
Version Control Supported Not Supported
Deployment Location Region Region

1.1.2 Object

Like AWS S3, Alibaba Cloud OSS stores file data in buckets. The file data is composed of a Key-Value and Object Meta pair. The Key is unique within a bucket, the Value stores object content, and the Object Meta is a pair of key values which describe object properties, including last modification time, size, and custom information.

Similar to AWS S3, Alibaba Cloud OSS does not place a limit on the quantity of objects in a bucket. For large files, Alibaba Cloud OSS supports segment-by-segment uploading. The max file size cannot exceed 48.8 TB.

1.2 Security

1.2.1 Object permission management (Object ACL)

Alibaba Cloud OSS and AWS S3 use similar methods to manage object permissions. Each Alibaba Cloud OSS object can be configured with read and write permissions for the root account or any sub-account. By default, access permissions inherit bucket ACL properties. Users can set an ACL to Private-Read-Write, Public-Read, or Public-Read-Write. You are strongly discouraged from using the Public-Read-Write permission, and are should use it cautiously.

In addition, in combination with Alibaba Cloud Security Token Service (STS), OSS can employ the temporary security credentials of STS to implement object access, without exposing the account AccessKey, thereby achieving highly secure access control.

1.2.2 Data security management

Alibaba Cloud OSS provides similar data encryption functions as AWS S3 to protect data during transmission and storage. Users can protect data in transmission by encrypting it through a client.

Alibaba Cloud OSS uses AES256 algorithms to implement data encryption on a server. After data is uploaded to OSS, the server encrypts the data and stores it on OSS. If a user downloads the data, the OSS decrypts the data and returns original data to the user.

1.3 Object management

1.3.1 Object lifecycle management

Alibaba Cloud OSS and AWS S3 provide similar lifecycle management functions. Alibaba Cloud OSS provides conversion and expiration operations for object lifecycles, allowing users to set matching rules, countdown times, and a schedule for objects, based on which the OSS degrades the storage type of the objects or deletes the objects that have expired.

Alibaba Cloud OSS categorizes storage types into Standard, Infrequent Access, and Archive, which correspond to the Standard, Standard IA, and Glacier types on AWS S3.

1.3.2 Event notification

Both Alibaba Cloud OSS and AWS S3 provide event notification functions. To enable users to receive notifications in case of an event in the storage space, Alibaba Cloud OSS allows users to create event notification rules. Based on these rules, a message will be sent to a target after the corresponding event.

Alibaba Cloud OSS has a different message push target from AWS S3. The OSS allows an event message to be sent to a specified URL over HTTP or a topic of Alibaba Cloud Message Service. Users can obtain event messages after subscribing to the topic.

1.4 OSS image processing service (Image service)

Alibaba Cloud OSS provides easy-to-use image processing functions for image files. After a user uploads images to OSS, the user can process the images through the RESTful API, for example, converting the image format, zooming, cropping, rotating, or adding watermarks.The following table compares the features and terminologies of the object function between AWS S3 and Alibaba Cloud OSS:

Function Feature Amazon S3 Alibaba Cloud OSS
Storage object Object Object
Object ACL Supported Supported
Max object size 5T 48.8T
Data reliability 99.999999999%(11s 9) 99.99999999%(10s 9)
Object metadata Metadata Object meta
Object lifecycle management Supported Supported
Object version control Supported Not Supported
Update event notification Supported Supported
Cross-region Replication Supported Supported
Object append write Not Supported Supported
Concurrent or segment upload Supported Supported
High consistency YES YES
Data encryption Encrypted on client and server Encrypted on client and server
Request protocol HTTP/HTTPS HTTP/HTTPS/Bit Torrent
Image processing function Not Supported Supported

1.5 Service level agreement (SLA)

Both AWS S3 and Alibaba Cloud OSS provide service availability guarantees. For KPIs that do not reach the guarantee standard, the cloud providers will provide compensation according to the time the service is unavailable. For details about the Alibaba Cloud OSS SLA, see Alibaba Cloud OSS Service Level Agreement.

1.6 Pricing

Amazon S3 offers a free usage tier for each month, where users only pay for the resources they consumed that exceed a predefined limit. The pricing for your S3 is dependent on the storage usage by storage type and size, request type and quantity, storage management fees, data transferred “out” of Amazon S3, and data transfer acceleration fees.Like Amazon S3, Object Storage Service (OSS) fees are calculated based on the total volume of storage used, the amount of data transferred, and number of API requests made. Learn more about OSS Pricing.

2. Content delivery

Content delivery network refers to the network of edge or proxy servers, which cache data in order to accelerate access to certain files. AWS CloudFront and Alibaba Cloud CDN are two global content delivery network (CDN) vendors that provide network of Edge Locations and Edge Nodes distributed globally. This section compares the AWS CloudFront and Alibaba Cloud CDN in different dimensions.

2.1 Service model

Similar to AWS CloudFront, Alibaba Cloud CDN publishes source content to an edge node over a transmission network that is composed of edge nodes deployed globally. In combination with a precise scheduling system, the CDN improves users’ web request speed.

2.2 Basic functions

The following table compares the basic features and terminologies of content delivery network between AWS CloudFront and Alibaba Cloud CDN:

Function Feature Amazon CloudFront Alibaba Cloud CDN
Source Station Type S3 domain name, custom domain name OSS domain name, custom domain name, and IP address
Automatic Compression Supported Supported
Cache Request Type Default: GET, HEAD Optional: OPTIONS GET
Transparently Transmitted Request Type Configurable, the following options are supported: 1) GET, HEAD; 2) GET, HEAD, OPTIONS; 3) GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE The following requests are supported but not configurable: GET, POST, HEAD, PUT, DELETE, OPTIONS
Cache Refresh Not supported supported
Cache Failure supported Not supported
HTTP Jump to HTTPS Supported Supported
CDN Cache TTL Configuration Supported Supported
Access Log S3 Console
Geographic Location Limit Supported Not Supported

2.2.1 Source station type

Alibaba Cloud CDN can be configured as an origin site, including OSS domain name, custom origin domain name, and IP address.

AWS CloudFront accelerates delivery of S3 domain name or custom origin domain name configurations.

2.2.2 Data compression

To reduce transmission content and accelerate delivery speed, both Alibaba Cloud CDN and AWS CloudFront provide the data compression function.

2.2.3 Cache request type

Alibaba Cloud CDN caches GET requests, and transmits POST/HEAD/PUT/DELETE/OPTIONS requests to the origin site transparently. Unlike Alibaba Cloud CDN, AWS CloudFront caches GET and HEAD requests by default, and caches OPTIONS requests selectively, depending on the requirements of CloudFront users.

2.2.4 Cache refresh

In certain scenarios, for example, origin site updates or static content modifications, users may need to refresh the CDN cache manually. Alibaba Cloud CDN allows users to pull the latest content from the origin site manually to refresh the CDN content. Alibaba Cloud CDN supports URL refresh, directory refresh, and URL push. AWS CloudFront does not support refreshing specified cache content.

2.2.5 Cache invalidation

In certain scenarios, users may need to remove CDN cache content in advance. On AWS CloudFront, users set cache objects to the Invalidation state and pull the latest content from the origin site to access the objects or access objects based on a file name that carries a version of the objects using the object version management function. Alibaba Cloud CDN does not currently support forcibly configuring cache invalidation.

2.2.6 Access log

Alibaba Cloud CDN and AWS CloudFront provide log download/combination tools. Alibaba Cloud CDN implements log download on the console, but AWS CloudFront stores logs in S3 buckets for users to download.

2.2.7 Geographic location restriction

To specify the regions where content is delivered, AWS CloudFront allows users to set a whitelist and blacklist of countries. Where data can be delivered is determined based on the whitelist and blacklist. Alibaba Cloud CDN does not support this function.

2.3 Security

The following table compares the security functions and terminologies of content delivery network between AWS CloudFront and Alibaba Cloud CDN:

Function Feature Amazon CloudFront Alibaba Cloud CDN
Full Link HTTPS Supported Supported
Integrated Certificate Management Yes Yes
Access Authentication Supported Supported
Sub-account Access Control Supported Supported
WAF Security Defense Supported Supported

2.3.1 Https

Similar to AWS CloudFront, Alibaba Cloud CDN supports full link HTTPS speedup. Alibaba Cloud users can select a certificate using the certificate service or upload a custom certificate/private key and query and update the certificate in online mode.

The two cloud providers support redirect HTTP to HTTPS. Alibaba Cloud CDN supports HTTP and HTTPS, redirect HTTP to HTTPS, and redirect to HTTP or HTTPS.

Alibaba Cloud CDN does not currently support SNI back-to-source.

2.3.2 Access authentication

AWS CloudFront and Alibaba Cloud CDN support access authentication for private content. Alibaba Cloud CDN uses signature URL through which a user initiates a request to the CDN. Upon receiving the request, the CDN node checks the request for its validity and rejects invalid requests. Alibaba Cloud CDN supports three models of signature encryption methods.

AWS CloudFront creates Origin Access Identity user (Trusted Signer), and authorizes the Trusted Signer with the right to access private content. When a user who meets the permission requirement requests to access the private content, an App delivers a Signed URL or Set-Cookie headers. The user clicks the Signed URL or Set-Cookie, and AWS CloudFront checks the request for its validity using a key and rejects invalid requests.

2.3.3 Sub-account access control

Like AWS CloudFront, Alibaba Cloud CDN authorizes sub-accounts with a policy to access CDN resources based on the Resource Access Management (RAM) service, thereby limiting or authorizing permissions on the CDN resources.

2.3.4 WAF security defense

AWS CloudFront and Alibaba Cloud CDN can combine with WAF to implement security defense.

2.4 Streaming media

Alibaba Cloud CDN supports live streaming, on-demand, RTMP video scenarios, and provides video transcoding, slicing, and playback functions.

The following table compares the streaming media functions of AWS CloudFront and Alibaba Cloud CDN:

Function Feature Amazon CloudFront Alibaba Cloud CDN
Live Streaming Supported Supported
On-demand Videos Supported Supported
Video Transcoding Supported Supported
Format Microsoft Smooth, HLS, HDS or MPEG-DASH, and RTMP HLS, RTMP

2.5 Pricing

AWS CloudFront offers two types of pricing model: On-demand pricing and reserved capacity pricing. The costs for CloudFront comprises of data transfer fees out to Internet/region and the request fees of all HTTP/HTTPS methods.

The pricing of Alibaba Cloud CDN comprises of data transfer traffic and HTTPS requests for secure acceleration. There are two billing methods for data transfer fees: Pay-By-Bandwidth and Pay-By-Traffic. You can also subscribe to one or more Traffic Packages for a year.

For the duration of the resource package, fees are deducted for your use of the traffic quota. For traffic exceeding the quota, fees are billed based on the existing billing rules.

3. File storage

AWS and Alibaba Cloud both provide file storage services. In this section we are going to compare and contrast Amazon Elastic File System (Amazon EFS) with Alibaba Cloud Network Attached Storage (NAS).

3.1 Service model

An Amazon Elastic File System (Amazon EFS) is accessed by EC2 instances running inside VPC. Amazon EFS allow users to create and configure file systems. You can mount EFS file system on EC2 instance through a standard file system interface and file system access semantic.

Like Amazon EFS, you can access the Alibaba Cloud NAS file system through standard POSIX interfaces when using Alibaba Cloud ECS instances or other nodes such as HPC or Docker.

Function Feature Amazon EFS Alibaba Cloud NAS
Access Point Mount target Mount Point
Storage Capacity Petabyte scale 10 PB (Capacity-type),1 PB (Performance-type)*
Scale Up/Down Supported (automation) Supported
Performance Supported Supported
Cross Instance Access Supported Supported
Multiple Client Access Supported Supported
Access Control Supported Supported
Protocol NFSv4.0, v4.1 NFSv3, NFSv4, >SMB2.0*
Compute Node EC2 ECS, HPC, Docker

3.2 Performance

There are two performance modes that Amazon EFS offers: General Purpose and Max I/O. Users can choose the preferred performance mode according to specific use cases.

Throughput on Amazon EFS scales as a file system grows. And Amazon EFS offers a burstable performance capability for high throughput levels in short periods of time.

Like Amazon EFS, Alibaba Cloud NAS also offers two performance modes: capacity-type and performance-type*. Each model offers different performance and storage capability.

Total throughput for each performance-type* file system (MB/s) = minimum [0.6MB/s * capacity of file system (GB) + 600MB/s, 20GB/s]

Total throughput for each capacity-type file system (MB/s) = minimum [0.15MB/s * capacity of file system (GB) + 150MB/s, 10GB/s]

The upper limit of the storage capacity of an SSD performance-type file system is 1 petabyte, and that of a capacity-type file system is 10 petabytes.

Performance Amazon EFS Alibaba Cloud NAS
Latency Millisecond-level Millisecond-level
Total throughput for Each File System 1-3GB/s,Burst up to 10+ GB/s 10 GB/s (Capacity-type),20 GB/s(Performance-type)*
Concurrent Clients per File System Several thousand 10,000+
  • As of January 2018, SMB for Windows and performance type NAS (all SSD) are only available on the Mainland China portal. These two features will be launched on the International portal soon.

3.3 Security

Amazon EFS offers four levels of access control to consider for Amazon EFS file systems, with different mechanisms used for each.

Like Amazon EFS, Alibaba Cloud NAS also provided multiple security mechanisms including support for network isolation (VPC) and user isolation (classic network), file system standard access and group permissions control, and RAM master account and sub-account authorization. These features are implemented to ensure complete data security in the file system.

3.4 Migration

Amazon EFS File Sync provides a fast and simple way for you to securely sync data from existing on-premises or in-cloud file systems into Amazon EFS file systems. Users need to download and deploy a File Sync agent into the source environment, configure the source and destination file systems, and start the sync.

Alibaba Cloud NAS also provides migration tool named nasimport. It supports migration to Alibaba Cloud NAS from a wide variety of source storage including:

  • Local data centers
  • Alibaba Cloud OSS
  • Third-party storage services (Amazon S3, Baidu Object Storage, Tencent Cloud COS, Jinshan Object Storage, UPYUN, Qiniu, and HTTP links)

Learn more about Nasimport Tools.

3.5 Pricing

With Amazon EFS, you pay only for the storage used by your file system. You don’t need to provision storage in advance and there is no minimum fee or setup cost.

Like Amazon EFS, Alibaba Cloud NAS fees are calculated based on the total volume of storage used per month. There is no minimum fee and there are no set-up charges. There are also no charges for bandwidth or requests. Furthermore, NAS provides a storage plan for users who want to create a NAS file system. By purchasing a storage plan ahead of time, you realize significant cost savings compared to Pay-As-You-Go storage fee per GB.

Learn more about Alibaba Cloud NAS pricing.

4. Nosql database

Amazon DynamoDB and Alibaba Cloud Table Store are two similar fully managed cloud NoSQL database services. With cloud based NoSQL database service, users do not have to care about hardware provisioning, setup and configuration, replication, partition, software patching, and cluster scaling.

4.1 Service model

Amazon DynamoDB is a fully managed NoSQL database service whose service-side latencies are typically within a single-digit millisecond. With a distributed database cluster, DynamoDB provides unlimited storage space and it automatically scales up and down.

DynamoDB supports both document and key-value data structures. Like other database systems, DynamoDB stores data in tables. A table is a collection of items, and each item is a collection of attributes. Once you have created a DynamoDB table, use the AWS SDKs to write, read, modify, and query items in DynamoDB.

Similarly, Alibaba Cloud Table Store is a fully managed NoSQL database service based on automatic data partitioning and load balancing technologies. Based on SSD technology, this cloud NoSQL database service enables you to store large quantities of structured and semi-structured data with real-time access. Table Store also features strong consistency and single-digit millisecond latency.You can query Table Store by RESTful API, web-based Management Console, or SDKs.

Function Feature Amazon DynamoDB Alibaba Cloud Table Store
Data Model Amazon DynamoDB Alibaba Cloud Table Store
Latency Single-digit milliseconds Single-digit milliseconds
Scale Any Any
Storage Medium SSD SSD
Data Partition Supported Supported
Data structure Document/ Key-value Structured and semi-structured
Access method SDKs, the Management Console and API RESTful API and SDKs

4.2 Data model

A table is a collection of data in Amazon DynamoDB. Each table contains multiple items. An item is a group of attributes and can have its own distinct attributes. Each item is composed of one or more attributes. Most of the attributes are scalar, which means that they can have only one value. Some of the items have a nested attribute (address).

In order to determine the partition for each item, you must specify the primary key in each table. A primary key can be either a partition key or a partition key & sort key.

DynamoDB also allows user to define up to 5 global secondary indexes and 5 local secondary indexes in each table to improving data access. DynamoDB supports nested attributes up to 32 levels deep.Like Amazon DynamoDB, the data model of Alibaba Cloud Table Store is described by Table, Row, Primary Key, and Attribute. A table is a set of rows, and a row consists of the Primary Key and Attribute. The Primary Key and Attribute consist of names and values.

A table must define at least a Primary Key. And the first primary key will be the partition key.

Each Attribute column can contain multiple versions, and each version (that is, the timestamp) corresponds to a value, which is different from that of a Primary Key column.

4.2.1 Version control

Unlike Amazon DynamoDB, Alibaba Cloud Table Store provides version management for each attribute columns. The version is a timestamp defined by the number of milliseconds that have elapsed since 01/01/1970 00:00:00 UTC. When you read from each row, you can specify the maximum number of versions per attribute column, or the version range. The earlier versions will be discarded when the number of version exceeds the value of Max Versions.

4.2.2 Time to live (TTL)

Similar to Amazon DynamoDB, Alibaba Cloud offers TTL attribute which provide a mechanism to set a specific timestamp for expiring items from your table. Table Store clears any data asynchronously that exceeds the TTL.

The following table compares the data model of each service:

Data Model Amazon EFS Alibaba Cloud Table Store
Schema Schema-less Schema-less
Data Unit Table Table
Data Record Item Row
Unique Identifier Partition key /Partition key and sort key Primary Key
Primary Key Type String, number, or binary String, integer, or binary
Secondary Indexes Supported Not Supported
Nested Attribute Supported Not Supported
Versioning Not Supported Supported
TTL Supported Supported

4.3 Performance

You need to specify the throughput capacity in terms of read capacity units and write capacity units when creating a table or index in Amazon DynamoDB. And if your read or write requests exceed the throughput settings for a table, DynamoDB can throttle that request.

DynamoDB provides the three mechanisms for managing throughput:

  • DynamoDB Auto Scaling: By setting a DynamoDB auto scaling, the table will increase and decrease the throughput to adjust the request.

  • Provisioned Throughput: By defining the throughput manually, DynamoDB will throttle your application if it exceeds your provisioned throughput settings.

  • Reserved Capacity: You pay a one-time upfront fee and commit to a minimum usage level over a period of time.

Like AWS DynamoDB, the read/write throughput of Alibaba Cloud Table Store is measured by read/write capacity units (CUs). Table Store provides two options for managing throughput:

  • Reserved throughput: Set the reserved read/write throughput to a value greater than 0, and Table Store will assign and reserve enough resources for the table according to this configuration to guarantee low resource costs.

  • Additional throughput: If the actual consumed read/write throughput exceed the reserved read/write throughput, Table Store will give an additional throughput automatically to meet user’s requests.

Performance Amazon DynamoDB Alibaba Cloud Table Store
Read Capacity Units(per second) Strongly consistent read: 4 KB/item 4 KB/item
Write Capacity Units(per second) 1 KB/item 4 KB/item

4.4 Security

AWS provides authentication and access control for Amazon DynamoDB by integrating with AWS Identity and Access Management (IAM) for fine-grained access control for users within your organization. You can assign unique security credentials to each user and control each user’s access to services and resources. You can also obtain temporary security credentials from AWS Security Token Service (AWS STS) by using web identity federation.

Alibaba Cloud Table Store also offers user-level data isolation, access control and permission management. With Resource Access Management (RAM) and Security Token Service (STS), Table Store enable users to access the tables through subaccounts with different permissions and grant users temporary access authorization.

4.5 Backup and restore

Amazon DynamoDB provides on-demand backup and restore capability. You can back up and restore your DynamoDB table data with a single click in the AWS Management Console or with a single API call.

Unlike Amazon DynamoDB, Alibaba Cloud Table Store automate the backup and restore process. Table Store manages data with multiple cloud data backups across different servers in different racks. When any node of the backups fails, the other servers with backup copies will immediately restore to achieve virtually zero data loss.

4.6 Pricing

Amazon DynamoDB offers a free tier limit. Users only need to pay for the resources they consumed exceeding the limits. The DynamoDB fees depend on indexed data storage, throughput type, Capability Units consumption, the traffic of data transfer “out”, and the storage size of the table for backup and restore operations.

Like DynamoDB, Alibaba Cloud Table Store pricing is divided into four parts: data storage that exceed free quota, the reserved read/write throughput, the additional read/write throughput and the Internet downstream traffic. Learn more about Table Store Pricing.

Thank you! We've received your feedback.