Object Storage Service (OSS) is a secure, cost-effective, cloud-based storage solution that provides highly durable storage for large amounts of data. This topic describes the common usage scenarios of OSS and the suitable features that you can use for each scenario. In actual scenarios, you can select features based on your business requirements.
The following table describes the features provided by OSS.
| Category | Scenario | Description | References |
|---|---|---|---|
| Bucket management | Create buckets | Buckets are containers for objects. Before you upload an object to OSS, you must first create a bucket to store the object. You can configure various attributes for a bucket, including the region, permissions, and storage class. You can create buckets of different storage classes to store your data. | Create buckets |
| Bucket tagging | You can classify and manage your buckets by using tags. For example, you can add tags to buckets to identify their purposes and specify the access control list (ACL) of buckets that have specific tags. | Configure bucket tagging | |
| Use custom domain names to access OSS resources | You can map custom domain names to buckets and use the custom domain names to access data in the buckets. If you want to use custom domain names to access OSS buckets over HTTPS, you can host your Secure Sockets Layer (SSL) certificate in OSS. | ||
| Transfer acceleration | OSS supports the transfer acceleration feature. The feature selects the optimal route and uses tuned protocol stacks to deliver content across geographical regions. This improves access speed and reliability. | Enable transfer acceleration | |
| Resource groups | Resource groups can be used to manage your resources. You can group your buckets based on business requirements and configure different permissions for each resource group. This way, you can manage access to your buckets by group. | Create and configure a resource group | |
| Pay-by-requester | You can enable pay-by-requester for buckets. If pay-by-requester is enabled for a bucket, the requester is charged the cost of the request and traffic fees when the requester access objects in the bucket. The bucket owner is charged only the storage fees of the objects. You can enable pay-by-requester to share your data in OSS without additional fees. | Pay-by-requester | |
| Delete buckets | You can delete a bucket that you no longer use to save costs. | Delete a bucket | |
| Object management | Upload objects | Alibaba Cloud provides various methods to upload objects to OSS buckets. | |
| Download objects | Alibaba Cloud provides various methods to download objects stored in OSS buckets. You can download objects to the default download path of your browser, or specify a directory to store the downloaded objects. | ||
| List objects | By default, when you list objects in a bucket, the objects are returned in alphabetical order. You can list all objects, objects whose names contain a specified prefix, or a specified number of objects in a bucket. | List objects | |
| Copy objects | You can copy an object from a source bucket to a destination bucket within the same region without modifying the content of the object. | Copy objects | |
| Rename objects | You cannot rename objects by simply changing their keys. To rename an object, call the CopyObject operation to copy the original object to a new object with a new name. Then, call the DeleteObject operation to delete the original object. | Rename objects | |
| Share objects | You can share the URL of an object with third parties. This way, the third parties can download or preview the object. | Share objects | |
| Search for objects | You can search for objects and directories that you want to access in a bucket. | Search for objects | |
| Restore objects | You must restore an Archive object or a Cold Archive object before you can read the object. | Restore objects | |
| Object tagging | You can classify and manage your buckets by using tags. For example, you can configure lifecycle rules and ACLs for objects that have specific tags. | Object tagging | |
| Symbolic links | You can use symbolic links to access objects that are frequently accessed. A symbolic link points to an object and allows you to quickly access the object. Symbolic links are similar to shortcuts in Windows. | Configure symbolic links | |
| Manage object metadata | Object metadata is a group of key-value pairs that define the properties of an object and is composed of standard HTTP headers and user metadata. You can configure the HTTP headers of an object to define policies for HTTP requests sent to access the object, such as how to cache the object during upload and download or whether to download the object as an attachment. You can also configure the user metadata of an object to identify the purposes or properties of the object. | Manage object metadata | |
| Single-connection bandwidth throttling | When objects are accessed by clients over unthrottled connections, a large amount of bandwidth is consumed. This may cause issues for other applications when they try to access resources in OSS at the same time. To prevent this issue, you can use the single-connection bandwidth throttling feature to throttle the bandwidth for operations such as object upload and download. This way, sufficient bandwidth can be reserved for other applications that access OSS. | Single-connection bandwidth throttling | |
| Manage directories | Compared with typical file systems, data in OSS are stored as objects in a flat structure instead of a hierarchical structure. All objects in OSS are stored in buckets You can create simulated directories in OSS to help you categorize objects and manage access to your objects in a simplified manner. You can delete directories that you no longer need. | ||
| Data indexing | You can use the data indexing feature to index the metadata of objects. You can specify the metadata of objects as index conditions to query objects. This way, you can efficiently manage data structures, query data, collect statistics, and manage objects. | Data indexing | |
| Delete objects | You can delete one or more objects and parts at a time. You can also configure lifecycle rules to periodically delete expired objects to reduce storage costs. | ||
| Access control | Bucket ACL | You can configure the ACL of a bucket when you create the bucket or modify the ACL of the bucket after you create the bucket. Only the owner of a bucket can configure or modify the ACL of the bucket. You can set the ACL of a bucket to one of the following values: public read/write, public read, and private. | Bucket ACL |
| Object ACL | You can also configure ACLs for objects. You can configure the ACL of an object when you upload the object or modify the ACL of an uploaded object. You can set the ACL of an object to one of the following values: Inherited from bucket, public read/write, public read, and private. | Object ACL | |
| Bucket policies | A bucket policy is a resource-based authorization policy. Compared with RAM policies, bucket policies can be easily configured on the GUI of the console. In addition, the owner of a bucket can configure bucket policies for the bucket without RAM permissions. You can configure bucket policies to grant permissions to the RAM users of other Alibaba Cloud accounts or anonymous users who access OSS by using the specified IP addresses. | Overview | |
| RAM policies | Resource Access Management (RAM) is a service provided by Alibaba Cloud to manage access permissions on resources. RAM policies are user-based authorization policies. You can configure RAM policies to manage your users, such as employees, systems, or applications, and manage user permissions on your resources. For example, you can configure a RAM policy to grant users only the read permissions on a specific bucket. | Overview | |
| Data security | Recover the data that is accidentally deleted | You can configure versioning for a bucket to protect objects stored in the bucket against unintended operations. If versioning is enabled for a bucket, existing objects in the bucket are stored as previous versions when they are overwritten or deleted. If you accidentally delete or overwrite an object, you can recover the object to a previous version. | Versioning |
| Restrict access | You can configure a Referer whitelist to prevent unauthorized users from accessing your OSS resources. | Hotlink protection | |
| CORS | OSS supports cross-origin resource sharing (CORS) defined in HTML5. CORS allows web application clients that are loaded in one domain name to interact with resources in another domain. | CORS | |
| Retention policy | You can configure retention policies based on the Write Once Read Many (WORM) strategy to prevent objects from being deleted or overwritten within a specified period of time. | Retention policies | |
| Data encryption | OSS supports client-side and server-side encryption. You can select a method based on your requirements to encrypt the data that you store in OSS. | ||
| OSS sandbox | When OSS suspects that your bucket is under attack or detects that your bucket is used to distribute illegal content, the bucket is automatically moved to the sandbox. Buckets that are in the sandbox can still respond to requests, but experience service degradation that may affect your business. | OSS sandbox | |
| OSS DDoS protection | OSS DDoS protection is a proxy-based attack mitigation service that integrates OSS with Anti-DDoS Pro and Anti-DDoS Premium. When a bucket for which OSS DDoS protection is enabled experiences DDoS attacks, OSS DDoS protection diverts incoming traffic to an Anti-DDoS Pro or Anti-DDoS Premium instance for scrubbing and then redirects normal traffic to the bucket. This ensures the continuity of your business in the event of DDoS attacks. | OSS DDoS protection | |
| Zone-disaster recovery | Standard ZRS uses the multi-zone mechanism to distribute user data across three zones in the same region. If one zone becomes unavailable, you can continue to access the data that is stored in the other two zones. This feature is designed to provide 99.9999999999% (twelve 9's) of data durability and 99.995% of service availability. | ZRS | |
| Data management | CRR | You can use the cross-region replication (CRR) feature to synchronize operations performed on the source bucket (such as creating, overwriting, and deleting objects) to the destination bucket in a different region for geo-disaster recovery. | CRR |
| RTC | The Replication Time Control (RTC) feature provided by OSS can meet your compliance requirements or business requirements for CRR. After the RTC feature is enabled, OSS replicates most of the objects that you uploaded to OSS within a few seconds and replicates 99.99% of objects within 10 minutes. In addition, the RTC feature provides near real-time monitoring of data replication. After you enable the RTC feature, you can view various metrics of replication tasks. | RTC | |
| SRR | You can use the same-region replication (SRR) feature to synchronize operations performed on the source bucket (such as creating, overwriting, and deleting objects) to the destination bucket in the same region automatically and asynchronously (near real-time). | SRR | |
| Scheduled backup | You can use the scheduled backup feature to periodically back up objects in a bucket to Hybrid Backup Recovery (HBR). In cases of accidental object loss, you can restore lost objects from HBR. | Configure scheduled backup | |
| Automatic storage class conversion and object deletion | You can configure lifecycle rules to periodically convert the storage class of cold data to Infrequent Access (IA), Archive, or Cold Archive. You can also configure lifecycle rules to delete expired data. | Overview | |
| Obtain object information in batch | You can configure inventories for buckets to export the metadata of specified objects, including the object sizes and encryption status. | Bucket inventory | |
| Static website hosting | You can host a static website on your bucket and access the static website by using the domain name of the bucket. | Overview | |
| Mirroring-based back-to-origin | You can configure mirroring-based back-to-origin rules for a bucket. If the object that you want to access does not exist in a bucket, OSS obtains the object from the origin specified by the back-to-origin rules. OSS returns the object obtained from the origin to the requester and stores the object in the bucket. | Mirroring-based back-to-origin | |
| Log management | Logging | You can configure logging for a bucket to collect access statistics, audit access to the bucket, track exceptions, and troubleshoot issues. | Logging |
| Data processing | IMG | You can perform various operations on images stored in OSS, such as format conversion, cropping, scaling, rotating, watermarking, and style encapsulation. | Introduction |
| ZIP package decompression | You can configure rules for a bucket to automatically decompress ZIP packages uploaded to the bucket. After you configure decompression rules for a bucket, all ZIP packages uploaded to the path specified in the rules are automatically decompressed. | ZIP package decompression | |
| Event notifications | You can configure event notification rules to monitor events related to specific objects and operations. This way, you are immediately notified of the specified events. | Overview | |
| Data lake management | Integrate with data lake | OSS-HDFS (JindoFS) is a cloud-native data lake storage service. OSS-HDFS provides unified metadata management capabilities and is fully compatible with Hadoop Distributed File System (HDFS) API. OSS-HDFS also supports Portable Operating System Interface (POSIX). You can use OSS-HDFS to manage data in data lake-based computing scenarios in the big data and AI fields. | Overview of the OSS-HDFS service |
| Automatic storage tiering of the OSS-HDFS service | The automatic storage tiering feature of the OSS-HDFS service is available. Some data stored in the OSS-HDFS service does not need to be frequently accessed. However, due to data compliance or archiving requirements, the data still needs to be retained. To meet business requirements, the OSS-HDFS service provides the automatic storage tiering feature. Data that is frequently accessed is stored as Standard objects, whereas data that is infrequently accessed is stored as Archive objects. This helps reduce the total storage cost. | Enable the automatic storage tiering feature for the OSS-HDFS service |