This topic describes basic terms used in Object Storage Service (OSS).


A bucket is a container for objects that are stored in OSS. Every object in OSS is contained in a bucket. You can configure a variety of attributes for a bucket, including its region, permissions, and storage class. Storage classes are useful when you need to store data that have different access patterns.

  • You can use an Alibaba Cloud account to create up to 100 buckets in the same region.
  • A bucket name must be globally unique within OSS. For more information about the naming conventions of buckets, see Bucket naming conventions.
  • After a bucket is created, its name, region, storage class, and redundancy type cannot be modified.
  • OSS does not impose limits on the capacity of a bucket.

The name of a bucket must comply to the following conventions:

  • The name of a bucket must be unique in OSS in an Alibaba Cloud account.
  • The name can contain only lowercase letters, digits, and hyphens (-).
  • The name must start and end with a lowercase letter or a digit.
  • The name must be 3 to 63 characters in length.


Objects are the smallest manipulatable data unit in OSS. Files uploaded to OSS are called objects. Unlike typical file systems, objects in OSS are stored in a flat structure instead of a hierarchical structure. An object is composed of a key, metadata, and the data stored in it. Each object in a bucket is uniquely identified by its key. Object metadata is a group of key-value pairs that define the properties of an object, such as the size of the object and the time when the object is last modified. You can also specify custom user metadata to objects in OSS.

The lifecycle of an object starts when the object is uploaded, and ends when the object is deleted. Aside from appendable objects, you cannot edit object data at any stage of the objects' lifecycle. To modify the content of an object, you must upload a new object to replace the existing object. The uploaded object must have the same name as the object you want to replace.

The name of an object must comply with the following conventions:

  • The name can contain only UTF-8 characters.
  • The name must be 1 to 1,023 bytes in length.
  • The name cannot start with a forward slash (/) or a backslash (\).
Note Object names are case-sensitive. Unless otherwise stated, the OSS documentation refers to all objects or file as objects.


In SDKs for different programming languages, ObjectKey, Key, and ObjectName indicate the full path of the object. You must specify the full path of an object when you perform operations on the object. For example, when you upload an object to a bucket, ObjectKey indicates the full path that includes the extension of the object. For example, you can set ObjectKey to abc/efg/123.jpg.


A region indicates the physical location from which OSS provides services. When you create a bucket, you can select a region based on the cost or location from which the bucket is most frequently accessed. In most cases, when a user accesses OSS from a geographically closer location, the faster the access speed. For more information, see Regions and endpoints.

The region of a bucket must be specified when the bucket is created. After the bucket is created, its region cannot be changed. All objects in this bucket are stored in the corresponding region. Regions are configured for buckets instead of objects.


OSS provides region-specific endpoints through which you can use to access your data. You can manage your data through regions by using the OSS API. A region has different endpoints for access over the internal network and for access over the Internet. For example, the public endpoint used to access OSS data in the China (Hangzhou) region is, and the internal endpoint is For more information, see Regions and endpoints.

AccessKey pair

The credential that is used by OSS to authenticate a requester. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. OSS authenticates requests by verifying the symmetric AccessKey pairs contained in the requests. The AccessKey ID is used to identify a user. The AccessKey secret is used to encrypt and verify signature strings. To ensure the security of your data, we recommend that you do not share your AccessKey secret with anyone else.

OSS supports the following types of AccessKey pairs:

  • AccessKey pairs applied for by the bucket owner.
  • AccessKey pairs granted by the bucket owner through Resource Access Management (RAM).
  • AccessKey pairs granted by the bucket owner through Security Token Service (STS).

For more information, see Obtain an AccessKey pair

Strong consistency

OSS guarantees atomic updates to all objects. Operations performed in OSS can either succeed or fail. When an object is updated and you attempt to retrieve the object, you will get either the data before or after the update, but never partial or corrupt data.

OSS provides strong read-after-write consistency for operations on all objects. For example, when a user receives the response for an upload (PUT) request, the uploaded object can be read immediately, and the replicas of the object have been committed to the storage of multiple devices for redundancy. Therefore, if a user performs a read-after-write operation on an object, the object can certainly be read. Similarly, when a user successfully deletes an object, the object and its replicas no longer exist.