All Products
Search

This Product

    Function Compute:Configure an OSS bucket

    Document Center

    Function Compute:Configure an OSS bucket

    Last Updated:Nov 18, 2025

    Object Storage Service (OSS) is a secure, low-cost, and highly reliable cloud storage service. You can mount an OSS bucket to a Function Compute function. This allows the function to access OSS as if it were a local file system, which simplifies resource access and data processing.

    Limits

    • A function in Function Compute supports a maximum of five NAS mount targets and five OSS mount targets in the same region.

    • The local directories specified for NAS and OSS mount targets in the function's runtime environment cannot conflict.

      For more information about how to configure a NAS mount target, see Configure a NAS file system.

    Prerequisites

    Procedure

    Step 1: Configure an OSS mount target

    1. Log on to the Function Compute console. In the navigation pane on the left, choose Functions > Functions.

    2. In the top navigation bar, select a region. On the Functions page, click the target function.

    3. On the function details page, click the Configuration tab. Click Edit next to Advanced Configuration. In the Advanced Configuration panel, find the Storage section and enable Mount OSS Bucket. Configure the following parameters as needed, and then click Deploy.

      Parameter

      Description

      Example

      OSS Mount Target: Enter the information for the OSS mount target.

      Bucket

      Select an existing bucket. To create a new OSS bucket, click Create New OSS Bucket below to go to the OSS console and create one. For information about the costs of using OSS, see Billing overview for OSS.

      example-bucket

      Bucket Subdirectory

      Specify a subdirectory in the bucket. This must be an absolute path. If you leave this empty or set it to /, the root directory of the bucket is mounted.

      /files

      OSS Endpoint

      After you select a bucket, its corresponding endpoint is selected by default. You can select Custom Endpoint and change the endpoint value as needed. For information about the endpoints for OSS in different regions, see Regions and endpoints.

      Note

      • If you select a bucket in the same region as your Function Compute function, use the internal OSS endpoint.

      • If you select a bucket in a different region, you must use the public OSS endpoint. This incurs charges for outbound traffic over the Internet.

      Default address

      Local Directory

      Specify a local directory in the function's runtime environment. The directory must be a subdirectory of /home, /mnt, or /data.

      /mnt/oss

      Local Directory Permissions

      Select the access permissions for the local directory after the bucket is mounted. You can set the permissions to Read-only or Read/Write.

      Read/Write

      Note

      The OSS mount feature is dependent on the function's network configuration. If a function is configured to access only a VPC and Allow Function To Access Internet On Default NIC is set to No, the function must be able to access the Internet through that VPC to use a public OSS endpoint. For more information, see Configure a static public IP address.

    Step 2: Access files in the mounted OSS directory

    After you configure the OSS mount target, you can access files in the mounted OSS directory in the same way that you access local files.

    1. On the function details page, click the Code tab. Write your code in the editor, and then click Deploy Code.

      This topic uses a Python function as an example. The sample code is as follows.

      import os


def handler(event, context):
    # Mount directory
    mount_path = '/mnt/oss'
    
    # List files in the mount directory
    files = os.listdir(mount_path)
    print("Files in OSS mount:", files)  
    # Read a file from the mount directory
    file_path = os.path.join(mount_path, 'example.txt')
    if os.path.exists(file_path):
        with open(file_path, 'r') as file:
            content = file.read()
            print("Content of example.txt:", content)
    else:
        print("example.txt does not exist.")
    # Write a file to the mount directory
    write_path = os.path.join(mount_path, 'output.txt')
    with open(write_path, 'w') as file:
        file.write("Hello, OSS mount!")
        print("Wrote to output.txt in OSS mount.")
    
    return "Function execution completed."
      Note

      In the code, replace example.txt with the name of an actual file in your mounted OSS directory.

    2. After the code is deployed, on the Code tab, click Test Function.

      After the execution is complete, you can view the results below the Code tab. The Log Output tab shows the content of the example.txt file read from the OSS directory. In the OSS console, you can see that the output.txt file has been written to the corresponding mounted directory.

    FAQ

    The OSS mount fails with the error message bucket not found.

    Confirm that the OSS endpoint and bucket name are correct.

    The OSS mount fails with the error message host resolv error or deadline exceeded.

    Confirm that the endpoint is correct.

    • A domain name resolution failure for the endpoint causes the host resolv error.

    • Internal endpoints cannot be used across regions. Using an internal endpoint from a different region causes a connection timeout, which results in the deadline exceeded error.

    The mount fails with the error message invalid credentials.

    Confirm that the RAM role configured for the function has the required permissions to access OSS. The required permissions are as follows. For more information, see Grant Function Compute permissions to access other Alibaba Cloud services using a function role.

    • Read-only: Includes the oss:ListObjects and oss:GetObject policies.

    • Read/Write: Includes oss:ListObjects, oss:GetObject, oss:PutObject, oss:DeleteObject, oss:ListParts, and oss:AbortMultipartUpload.

    Note

    oss:ListObjects is a bucket-level operation. Therefore, when you enable access to a specific bucket, the access policy must include a bucket-level resource identifier, such as acs:oss:*:*:bucketName. For more information, see OSS Resource description.

    An Input/output error is reported when reading a mounted file.

    Check the storage class of your OSS bucket. If the storage class is Archive Storage or Cold Archive, files in the bucket are in a frozen state. These files must be restored before they can be accessed. Set the storage class of your OSS bucket to Standard.

    How do I view files in the configured local directory of a function?

    1. On the function details page, click the Instances tab to view the list of instances with the Running status. Select an instance and click Log On To Instance in the Actions column.

    2. After you log on to the instance, you can run commands to view file information in the configured local directory. For example:

      image

    Accessing the mount target from within a function instance returns the error Transport endpoint is not connected.

    If the function instance has a low memory specification or high memory usage, the OSS mount feature may become unavailable due to an out of memory error, which causes this error. Increase the function's memory specification based on your business needs. When you use an OSS mount target, the function's memory should be at least 512 MB.

    Is data written to the function directory persistent?

    When a function instance is destroyed, data written to the function directory is also deleted. To make data persistent, you can configure a mount target. You can configure either a NAS file system mount or an OSS mount. For more information, see Configure a NAS file system and Configure an OSS bucket.

    How do I use an access policy to grant read-only access to a specific bucket?

    Expand to view a sample access policy. Replace bucketName in the sample with your bucket name. For more information, see RAM Policy.

    {
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "oss:ListObjects",
        "oss:GetObject"
      ],
      "Resource": [
        "acs:oss:*:*:bucketName",
        "acs:oss:*:*:bucketName/*"
      ],
      "Effect": "Allow"
    }
  ]
}

    How do I use an access policy to grant read/write access to a specific bucket?

    Expand to view a sample access policy. Replace bucketName in the sample with your bucket name. For more information, see RAM Policy.

    {
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "oss:ListObjects",
        "oss:GetObject",
        "oss:PutObject",
        "oss:DeleteObject",
        "oss:AbortMultipartUpload",
        "oss:ListParts"
      ],
      "Resource": [
        "acs:oss:*:*:bucketName",
        "acs:oss:*:*:bucketName/*"
      ],
      "Effect": "Allow"
    }
  ]
}

    How do I use an access policy to grant read-only access to a subdirectory of a specific bucket?

    Expand to view a sample access policy. Replace bucketName in the sample with your bucket name and bucketPath with the specified bucket subdirectory. For more information, see RAM Policy.

    {
  "Version": "1",
  "Statement": [
    {
      "Action": "oss:ListObjects",
      "Effect": "Allow",
      "Resource": [
        "acs:oss:*:*:bucketName"
      ],
      "Condition": {
        "StringLike": {
          "oss:Prefix": [
            "bucketPath/*"
          ]
        }
      }
    },
    {
      "Action": [
        "oss:GetObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:oss:*:*:bucketName/bucketPath/*"
      ]
    }
  ]
}

    How do I use an access policy to grant read/write access to a subdirectory of a specific bucket?

    Expand to view a sample access policy. Replace bucketName in the sample with your bucket name and bucketPath with the specified bucket subdirectory. For more information, see RAM Policy.

    {
  "Version": "1",
  "Statement": [
    {
      "Action": "oss:ListObjects",
      "Effect": "Allow",
      "Resource": [
        "acs:oss:*:*:bucketName"
      ],
      "Condition": {
        "StringLike": {
          "oss:Prefix": [
            "bucketPath/*"
          ]
        }
      }
    },
    {
      "Action": [
        "oss:GetObject",
        "oss:PutObject",
        "oss:DeleteObject",
        "oss:AbortMultipartUpload",
        "oss:ListParts"
      ],
      "Effect": "Allow",
      "Resource": [
        "acs:oss:*:*:bucketName/bucketPath/*"
      ]
    }
  ]
}

    When writing a file through an OSS mount target, the file appears empty from the OSS side.

    When you write a file using an OSS mount target, the system uploads the content to OSS only when you explicitly call Flush or close the file.

    Operations such as compression, decompression, or file transfer are slow when performed on an OSS mount target.

    OSS does not natively support file system APIs. When you mount an OSS bucket as a directory, Function Compute combines and encapsulates OSS APIs to simulate file system API behavior. For example, OSS does not support random writes. To use a file system API to modify an existing file on an OSS mount target, Function Compute downloads the entire source file from OSS, modifies it, and then re-uploads it to OSS.

    When a file system API corresponds directly to an OSS API feature, such as sequential file reads and writes, performance is generally good. However, operations that require combining multiple OSS APIs, such as random read/write operations used for compression or decompression, may require multiple interactions with OSS. This results in lower performance compared to a local file system.

    Do different function instances coordinate and synchronize access to an OSS mount target?

    Different function instances are independent of each other. The content of an OSS mount target that is queried from different instances may not be the same. For example, if you create a file F on an OSS mount target using function instance A, you may not be able to view the file in real time from function instance B.