Object Storage Service (OSS) is a secure, cost-effective, and highly reliable cloud storage service. OSS allows you to store large amounts of data in the cloud. You can configure an OSS file system for a function in Function Compute. This way, the function can access the OSS file system in the same way a function accesses an on-premises file system.
Limits
You can configure a maximum of five Apsara File Storage NAS (NAS) mount targets and five OSS mount targets for a function in Function Compute in a region.
For the same function, the local directories in the function runtime of a NAS mount target cannot be the same as those of the OSS mount target.
For more information about how to configure a mount target of a NAS file system, see Configure a NAS file system.
Before you start
Object Storage Service (OSS)
Function Compute
Grant required permissions to the role that is assumed by the function. When you enable the OSS mounting feature, you need to configure a role that has permissions to access OSS for your function in Function Compute. For more information, see Grant Function Compute permissions to access other Alibaba Cloud services.
Procedure
Step 1: Configure OSS mounting
Log on to the Function Compute console. In the left-side navigation pane, click Functions.
In the top navigation bar, select a region. On the Functions page, click the function that you want to manage.
On the function details page, click the Configuration tab. In the left-side navigation tree, click the Storage tab. In the OSS section, click Modify. In the OSS panel, configure the following parameters and click OK.
Parameter
Description
Example
Mount OSS
Specify whether to enable OSS mounting. Valid values:
Enable
Disable
Enable
OSS Mount Target: Configure OSS mount targets.
Bucket
Select an existing bucket. To create an OSS bucket, click Create OSS Bucket in the lower part of the page to go to the OSS console. For more information about the billing of OSS, see Billing overview.
example-bucket
Bucket Subdirectory
Specify an absolute path as the subdirectory in the bucket. If you leave this parameter empty or set this parameter to /, the root directory of the bucket is mounted.
/files
OSS Endpoint
Specify an endpoint. By default, the endpoint of the bucket is used. You can select Custom Endpoint to specify a custom endpoint. For more information about OSS endpoints in different regions, see Regions and endpoints.
NoteIf you select a bucket in the same region as the Function Compute function, we recommend that you use an internal endpoint of OSS.
If you select a bucket in a different region, you must use a public endpoint. In this case, you are charged for outbound traffic over the Internet.
Default Endpoint
Local Function Directory
Specify a local directory for the function runtime. The directory must be a subdirectory of /home, /mnt, or /data.
NoteYou do not need to manually create the local directory of the function. You can directly use an existing directory.
/mnt/oss
Permissions on Local Function Directory
Select the permissions on the directory that are granted after the bucket is mounted to the local directory in the function runtime. You can select Read-only or Read and Write.
Read and Write
NoteThe OSS mounting feature depends on the network configurations of the service. If you set Access to VPC to Yes and Access to Internet to No, you must use a public OSS endpoint so that the function can access the Internet through the specified VPC. For more information, see Assign a static public IP address.
Step 2: Access files in the mounted directory
After you configure OSS mounting, you can perform the following steps to access files in the mounted directory to check whether the mounting takes effect.
On the function details page, click the Code tab, write code in the code editor, and then click Deploy.
The following sample code provides an example of function code in Python:
import os def handler(event, context): # The mounted directory. mount_path = '/mnt/oss' # List files in the mounted directory. files = os.listdir(mount_path) print("Files in OSS mount:", files) # Read a file in the mounted directory. file_path = os.path.join(mount_path, 'example.txt') if os.path.exists(file_path): with open(file_path, 'r') as file: content = file.read() print("Content of example.txt:", content) else: print("example.txt does not exist.") # Write a file to the mounted directory. write_path = os.path.join(mount_path, 'output.txt') with open(write_path, 'w') as file: file.write("Hello, OSS mount!") print("Wrote to output.txt in OSS mount.") return "Function execution completed."NoteReplace
example.txtwith the name of a file that exists in the mounted directory.After the code is deployed, click Test Function on the Code tab.
After the code is executed, you can view the execution result in the lower part of the Code tab. In the log output, you can view the content of the file that is read (in this example,
example.txt) in the directory. You can also view the content of the file that is written (in this example,output.txt) in the directory.
FAQ
What do I do if OSS mounting fails and the bucket not found error is reported?
Check whether the OSS endpoint and bucket name are correct.
What do I do if OSS mounting fails and the host resolv error or deadline exceeded error is reported?
Check whether the endpoint is correctly configured.
host resolv erroris reported if the domain name in the endpoint fails to be resolved.Internal endpoints cannot be used across regions. If you use an internal endpoint in another region, a connection timeout error occurs and the
deadline exceedederror is reported.
What do I do if OSS mounting fails and the invalid credentials error is reported?
Check whether the Resource Access Management (RAM) role that you configured for the function has the permissions to access OSS. The following items describe the permissions. For more information, see Grant Function Compute permissions to access other Alibaba Cloud services.
Read-only:
oss:ListObjectsandoss:GetObject.Read and write:
oss:ListObjects,oss:GetObject,oss:PutObject,oss:DeleteObject,oss:ListParts, andoss:AbortMultipartUpload.
oss:ListObjects is a bucket-level action. If you enable access to a specific bucket, the policy must include bucket-level resource indications, such as acs:oss:*:*:bucketName. For more information, see Resource element in RAM policies for OSS.
What do I do if the Input/output error error is reported when I read a file in the mounted directory?
Check the storage class of the OSS bucket that you configured. If the storage class is Archive or Cold Archive, all objects stored in the bucket are frozen. These objects can be accessed only after they are unfrozen. We recommend that you set the storage class of the OSS bucket to Standard.
How do I view files in the local directory of my function?
On the details page of the function, click the Instances tab to view instances in the Running state and click Connect to Instance in the Actions column of an instance.
After you connect to the instance, you can run commands to view files in the local directory of the function. The following figure shows an example:
What do I do if the Transport endpoint is not connected error is reported when I access a mount target in a function instance?
This error may be reported if the OSS mounting feature becomes unavailable due to insufficient memory, which may be caused by low memory specifications or large memory usage. We recommend that you increase the memory specification of your function based on your business requirements. Set the memory capacity to a value greater than or equal to 512 MB if you use OSS mount targets.
Is data written to the local directory of the function permanently stored?
No. When a function instance is destroyed, the data written by the instance in the directory is also deleted. If you want data to be permanently stored, we recommend that you mount a file system, such as a NAS file system or an OSS file system. For more information, see Configure a NAS file system and Configure an OSS file system.
How do I use a permission policy to allow only read-only access to a specified bucket?
How do I use a permission policy to allow read and write access to a specified bucket?
How do I use a permission policy to allow only read-only access to the subdirectories of a specified bucket?
How do I use a permission policy to allow read and write access to the subdirectories of a specified bucket?
What do I do if I cannot see data I write from an OSS mount target on the OSS side?
When you write a file from an OSS mount target, the system uploads the content to OSS only when you call the Flush operation or close the file.
What do I do if operations, such as compression, decompression, and file transmission, in an OSS mount target are slow?
OSS does not support file system APIs. After you mount an OSS bucket as a directory, Function Compute encapsulates OSS API to implement file system API. For example, OSS does not support random writes. If you need to use the file system API to change an existing file on an OSS mount target, Function Compute downloads the source file from OSS, rewrites the file, and then uploads it to OSS again.
When the features of the file system API correspond to those of OSS API, such as the sequential file read and write feature, the performance of general operations is usually better. However, for operations that require the OSS API to be combined and encapsulated, such as random read and write operations on files during compression and decompression, multiple interactions with OSS may be required. Therefore, the performance is slightly lower than that of an on-premises file system.
Are operations synchronized among function instances on the same OSS target?
No. Function instances are independent of each other. The content of OSS mount targets accessed by different instances may be different. For example, when Instance A creates the file F in the OSS mount target, Instance B may not be able to access the file right away.