Alibaba Cloud Object Storage Service (OSS) is a secure and cost-effective object storage service that offers 99.9999999999% (twelve 9's) of data durability and 99.995% of data availability. OSS provides multiple storage classes to help you manage and reduce storage costs.

OSS provides platform-independent API operations, which allows you to upload and access your data from any application at any time and anywhere.

Aside from the API operations, OSS provides SDKs and migration tools that can help you transfer large amounts of data to and from OSS. OSS offers a selection of storage classes that are designed to meet the requirements for a variety of use cases. For example, you can store images, audio, and videos used in your apps and websites as Standard objects for frequent access, and save costs by storing infrequently accessed data that you want to retain for long periods of time as Infrequent Access (IA), Archive, or Cold Archive objects.

Get started with OSS

  • Video introduction

    The following video provides a quick introduction to OSS and its features.

  • FAQ

    Browse the FAQ to obtain answers to frequently asked questions about OSS.

  • Learning path

    OSS Learning Path is a simple, easy-to-follow general guideline for you to start your journey with OSS. Learn how to perform basic OSS operations and develop apps based on OSS by using a variety of API operations, OSS SDKs, and tools.


OSS stores data as objects within buckets. To store data in OSS, you must first create a bucket within a region and specify the access control list (ACL) and storage class for the bucket. When you upload an object to OSS, you must specify a name for the object (also referred to as an object key or a key). This name is used as the unique identifier of the object within a bucket.

OSS provides region-specific endpoints through which you can access your data. Endpoints allow you to use OSS operations to manage your data. OSS authenticates a request by verifying the symmetric AccessKey pair (AccessKey ID and AccessKey secret) contained in the request.

OSS ensures atomic updates to all objects and provides strong read-after-write consistency for operations on all objects.

  • Bucket

    A bucket is a container for objects that are stored in OSS. Every object in OSS is contained in a bucket. You can configure a variety of attributes for a bucket, including its region, permissions, and storage class. Storage classes are useful when you need to store data that have different access patterns.

  • Object

    Objects are the smallest manipulatable data unit in OSS. Files uploaded to OSS are called objects. Unlike typical file systems, objects in OSS are stored in a flat structure instead of a hierarchical structure. An object is composed of a key, metadata, and the data stored in it. Each object in a bucket is uniquely identified by its key. Object metadata is a group of key-value pairs that define the properties of an object, such as the size of the object and the time when the object is last modified. You can also specify custom user metadata to objects in OSS.

  • Object key

    In SDKs for different programming languages, ObjectKey, Key, and ObjectName indicate the full path of the object. You must specify the full path of an object when you perform operations on the object. For example, when you upload an object to a bucket, ObjectKey indicates the full path that includes the extension of the object. For example, you can set ObjectKey to abc/efg/123.jpg.

  • Region

    A region indicates the physical location from which OSS provides services. When you create a bucket, you can select a region based on the cost or location from which the bucket is most frequently accessed. In most cases, when a user accesses OSS from a geographically closer location, the faster the access speed. For more information, see Regions and endpoints.

  • Endpoint

    OSS provides region-specific endpoints through which you can use to access your data. You can manage your data through regions by using the OSS API. A region has different endpoints for access over the internal network and for access over the Internet. For example, the public endpoint used to access OSS data in the China (Hangzhou) region is, and the internal endpoint is For more information, see Regions and endpoints.

  • AccessKey pair

    The credential that is used by OSS to authenticate a requester. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. OSS authenticates requests by verifying the symmetric AccessKey pairs contained in the requests. The AccessKey ID is used to identify a user. The AccessKey secret is used to encrypt and verify signature strings. To ensure the security of your data, we recommend that you do not share your AccessKey secret with anyone else.

  • Strong consistency

    OSS guarantees atomic updates to all objects. Operations performed in OSS can either succeed or fail. When an object is updated and you attempt to retrieve the object, you will get either the data before or after the update, but never partial or corrupt data.

    OSS provides strong read-after-write consistency for operations on all objects. For example, when a user receives the response for an upload (PUT) request, the uploaded object can be read immediately, and the replicas of the object have been committed to the storage of multiple devices for redundancy. Therefore, if a user performs a read-after-write operation on an object, the object can certainly be read. Similarly, when a user successfully deletes an object, the object and its replicas no longer exist.

For more information about the basic concepts in OSS, see Terms.


  • Versioning

    You can configure versioning for a bucket to protect objects stored in the bucket against unintended operations. When versioning is enabled for a bucket, existing objects in the bucket are stored as previous versions when they are overwritten or deleted. Previous versions provide an insurance against accidental deletions or overwrites. You can recover objects to a previous version at any time. For more information about versioning, see Overview.

  • Bucket Policy

    OSS provides bucket-level access control in the form of bucket policies, which can be used to implement flexible and fine-grained permission management. The owner of a bucket can configure bucket policies to grant users access to the bucket and assign permissions to users on objects in the bucket. For example, you can configure bucket policies to authorize other Alibaba Cloud accounts or anonymous users to access or manage all or part of resources in your bucket. You can also configure bucket policies to grant read-only, read/write, or full permissions to different RAM users of the same Alibaba Cloud account. For more information about how to configure bucket policies, see Configure bucket policies to authorize other users to access OSS resources.

  • Cross-region replication

    Cross-region replication (CRR) enables you to automatically and asynchronously (near real-time) replicate objects across buckets in different OSS regions. Operations performed on the source bucket (such as creating, overwriting, and deleting objects) are performed asynchronously on the destination bucket. CRR is ideal for meeting compliance requirements for cross-region disaster recovery and data replication. For more information about CRR, see CRR.

  • Encryption

    Server-side encryption: Objects uploaded to a bucket that have server-side encryption enabled are encrypted before they are committed to storage. When you attempt to download objects from the bucket, OSS decrypts the object before returning the object. A header is added in the response to indicate that the object is encrypted on OSS servers. For more information about server-side encryption, see Server-side encryption.

    Client-side encryption: Objects are encrypted on the local client before they are uploaded to OSS. For more information about client-side encryption, see Client-side encryption.

  • Data durability

    By default, OSS permanently stores objects uploaded to your buckets except in the following circumstances:

    • Objects are manually deleted by using the OSS console, OSS SDKs, ossutil, ossbrowser, or API operations. For more information, see Delete objects.
    • Objects are automatically deleted within a specified time period based on a lifecycle rule. For more information, see Lifecycle rules based on the last modified time.
    • Overdue fees are not paid within 15 days after service suspension. For more information, see Service suspension.

For more information about OSS features, see Functions and features.


You can use a variety of methods to upload, download, and manage objects in OSS.

  • Manage OSS by using the OSS console

    OSS provides a web-based console. You can log on to the OSS console to manage your OSS resources. For more information, see Overview of the OSS console.

  • Manage OSS by using API operations or SDKs

    OSS provides RESTful API operations and SDKs for multiple programming languages to facilitate secondary development. For more information, see List of operations by function and Overview.

  • Manage OSS by using tools

    OSS provides multiple management tools, such as ossbrowser, ossutil, and ossftp. For more information, see OSS tools.

  • Manage OSS by using CSG

    OSS uses a flat structure instead of a hierarchical structure to store objects. All elements are stored as objects in buckets. To use OSS in the same manner in which local file systems are used, you can configure Cloud Storage Gateway (CSG). For more information, go to the CSG product page.


Traditional storage service providers require you to purchase storage capacity and bandwidth before you can use the services. In the event that you exceed the capacity of the purchased plans, your service may be deactivated or you may be charged for the overage. However, if you do not fully utilize the purchased capacity, you are still charged the full amount.

OSS charges you only for the storage capacity and traffic that you actually consume. You do not need to commit to a fixed plan before you can start to use OSS resources. These advantages provide a high level of flexibility in terms of cost and infrastructure, helping you better grow your business.

For pricing information on OSS, go to the Pricing tab of the OSS product page. For more information about OSS billing methods, see Overview.

Related services

After you upload your data to OSS, you can use other Alibaba Cloud features and services to manage your data.

The following features and services are frequently used with OSS:

  • Image Processing (IMG) is a service that allows you to perform a variety of image manipulation operations such as format conversion, resizing, cropping, rotating, and adding watermarks to images stored in OSS. For more information, see IMG implementation modes.
  • Elastic Compute Service (ECS) is a cloud computing service that offers elastic and efficient computing capability. For more information, go to the ECS product page.
  • Alibaba Cloud CDN is a distributed network that caches resources from an origin server to edge nodes in different regions to accelerate content delivery. For more information, go to the CDN product page.
  • E-MapReduce (EMR) is a big data processing solution built on ECS. EMR is developed based on open source Apache Hadoop and Apache Spark to facilitate data analysis and processing. For more information, go to the E-MapReduce product page.
  • ApsaraVideo Media Processing is a service that converts audio or video objects stored in OSS into files that are suitable for playback on PCs, TVs, and mobile devices. ApsaraVideo Media Processing leverages deep learning technologies to perform multimodal analysis on the audio, text, and images in video files and the content of audio files. ApsaraVideo for Media Processing uses the analysis results to intelligently audit, comprehend, and edit the content of the audio or video files. For more information, go to the ApsaraVideo Media Processing product page.
  • Data Online Migration is a service that allows you to migrate data from a third-party storage service such as Amazon Web Services (AWS) and Google Cloud to OSS with ease. For more information, go to the Data Online Migration documentation.
  • Data Transport is a service that helps you migrate large amounts of data to OSS under limited network conditions. For example, you can use Data Transport to migrate petabyte-scale data to OSS when upload speed is slow and hardware expansion costs are high. For more information, see What is Data Transport?

Alibaba Cloud storage services

In addition to OSS, Alibaba Cloud also provides a variety of storage services such as file storage and block storage that you can use to meet the varied demands of your unique business scenarios. For more information about Alibaba Cloud storage services, see Overview.

For more information about use cases and solutions of Alibaba Cloud storage services, visit Alibaba Cloud Storage.