Alibaba Cloud Object Storage Service (OSS) is a secure, cost-effective, and highly reliable cloud storage service that allows you to store large amounts of data. OSS is designed to provide 99.9999999999% (twelve 9's) data durability and 99.995% data availability. OSS provides multiple storage classes to help you manage and reduce storage costs.
OSS provides platform-independent API operations, which allow you to upload and access your data from any application, anytime and anywhere.
Aside from the API operations, OSS provides SDKs and migration tools that you can use to easily transfer large amounts of data to and from OSS. OSS provides storage classes that are intended for different storage scenarios. For example, you can store images, audio files, and video files used in your apps and websites as Standard objects for frequent access and store infrequently accessed data as Infrequent Access (IA), Archive, Cold Archive, or Deep Cold Archive objects to reduce the total costs of storage over time.
Get started with OSS
Watch the following video for a quick introduction to OSS.
Browse the FAQ to obtain answers to frequently asked questions about OSS.
OSS stores data as objects within buckets. To store data in OSS, you must first create a bucket within a region and specify the access control list (ACL) and storage class for the bucket. When you upload an object to OSS, you must specify a name for the object (also referred to as an object key or a key). This name is the unique identifier of the object within a bucket.
OSS provides region-specific endpoints through which you can access your data. Endpoints allow you to use OSS operations to manage your data. OSS authenticates a request by verifying the symmetric AccessKey pair (AccessKey ID and AccessKey secret) included in the request.
OSS ensures atomic updates to all objects and provides strong consistency for operations on all objects.
A bucket is a container for objects that are stored in OSS. Every object in OSS is contained in a bucket. You can configure various properties for a bucket, including the region, access control list (ACL), and storage class. Storage classes are useful when you need to store data that have different access patterns.
Objects are the smallest data unit in OSS. Files uploaded to OSS are called objects. Unlike typical file systems, objects in OSS are stored in a flat structure instead of a hierarchical structure. An object is composed of a key, metadata, and the data stored in the object. Each object in a bucket is uniquely identified by the key. Object metadata is a group of key-value pairs that define the properties of an object, such as the size of the object and the time when the object is last modified. You can also specify custom user metadata for objects in OSS.
In OSS SDKs for different programming languages, ObjectKey, Key, and ObjectName indicate the full path of the object. You must specify the full path of an object when you perform operations on the object. For example, when you upload an object to a bucket, ObjectKey indicates the full path that includes the extension of the object, such as abc/efg/123.jpg.
A region is a physical location from which OSS provides services. When you create a bucket, you can select a region based on the cost or location from which the bucket is most frequently accessed. In most cases, when you access OSS from a geographically closer location, the access speed is faster. For more information, see Regions and endpoints.
An endpoint is a domain name used to access OSS. OSS provides region-specific endpoints that you can use to access your data. You can manage your data in different regions by using OSS API operations. A region has different endpoints for access over the internal network and for access over the Internet. For example, the public endpoint used to access OSS data in the China (Hangzhou) region is oss-cn-hangzhou.aliyuncs.com, and the internal endpoint is oss-cn-hangzhou-internal.aliyuncs.com. For more information, see Regions and endpoints.
An AccessKey pair is used to authenticate a requester. An AccessKey pair consists of an AccessKey ID and an AccessKey secret. OSS uses an AccessKey pair to implement symmetric encryption and verify the identity of a requester. The AccessKey ID is used to identify a user. The AccessKey secret is used to encrypt and verify the signature string. The AccessKey secret must be kept confidential. OSS supports AccessKey pairs obtained by using the following methods:
AccessKey pairs applied for by the bucket owner.
AccessKey pairs granted by the bucket owner by using Resource Access Management (RAM).
AccessKey pairs granted by the bucket owner by using Security Token Service (STS).
For more information, see Obtain an AccessKey pair.
Atomicity and strong consistency
Object operations in OSS are atomic. Operations are either successful or failed without intermediate states. When an object is uploaded, you can get either the data before or after the upload. You cannot obtain partial or corrupted data.
Object operations in OSS are highly consistent. For example, when you receive an upload (PUT) success response, you can immediately read the uploaded object, and replicas of the object are created for redundancy. Therefore, there are no scenarios in which data is not obtained when you perform the read-after-write operation. Similarly, after you delete an object, the object and its replicas no longer exist.
For more information about the basic concepts in OSS, see Terms.
You can configure versioning for a bucket to protect objects stored in the bucket against unintended operations. After versioning is enabled for a bucket, existing objects in the bucket are stored as previous versions when they are overwritten or deleted. Versioning allows you to recover accidentally overwritten or deleted objects to any previous versions. For more information, see Overview.
A bucket policy is an access policy that provides flexible and fine-grained permission management. The owner of a bucket can configure bucket policies to grant users access permissions on the bucket and the objects in the bucket. For example, you can configure bucket policies to authorize other Alibaba Cloud accounts or anonymous users to access or manage all or a part of resources in your bucket. You can also configure bucket policies to grant read-only, read/write, or full permissions to different RAM users of the same Alibaba Cloud account. For more information about how to configure bucket policies, see Configure bucket policies to authorize other users to access OSS resources.
Cross-region replication (CRR) enables you to automatically and asynchronously (near real-time) replicate objects across buckets in different OSS regions. Operations performed on the source bucket (such as creating, overwriting, and deleting objects) are performed asynchronously on the destination bucket. CRR can help you meet compliance requirements for cross-region disaster recovery and data replication. For more information, see Overview.
Server-side encryption: Objects uploaded to a bucket that has server-side encryption enabled are encrypted before they are written to storage devices. When you download an object from the bucket, OSS decrypts and returns the object, with an additional header included in the response to indicate that the object is encrypted on OSS servers. For more information, see Server-side encryption.
Client-side encryption: Objects are encrypted on the local client before they are uploaded to OSS. For more information, see Client-side encryption.
By default, OSS permanently stores objects uploaded to a bucket except in the following circumstances:
Objects are manually deleted by using the OSS console, OSS SDKs, API operations, or OSS tools such as ossutil and ossbrowser. For more information, see Delete objects.
Objects are automatically deleted based on a lifecycle rule. For more information, see Lifecycle rules based on the last modified time.
Overdue fees are not paid within 15 days after service suspension. For more information, see Overdue payments.
For more information about OSS features, see Functions and features.
You can use the following methods to upload, download, and manage objects in OSS:
OSS API operations or SDKs
OSS provides multiple management tools, such as ossbrowser, ossutil, and ossftp. For more information, see OSS tools.
Cloud Storage Gateway
OSS uses a flat structure instead of a hierarchical structure to store objects. All elements are stored as objects in buckets. If you want to manage your resources in OSS in the same way you manage local directories and files on disks, use OSS with Cloud Storage Gateway. For more information, visit the Cloud Storage Gateway product page.
OSS supports the following billing methods:
Pay-as-you-go: By default, the pay-as-you-go billing method applies to all billable items. You are charged for the actual usage of each billable item. Fees are paid after you use resources. This billing method is ideal for scenarios in which resource usage is difficult to predict. For more information, see Pay-as-you-go.
Subscription (resource plans): OSS provides resource plans to offset fees generated for specific billable items. You can purchase resource plans that cover specific billable items at favorable prices. Resources are consumed before fees are offset by resource plans. Resource plans are ideal for scenarios in which resource usage is easy to predict. For more information, see Overview.
Storage capacity units (SCUs): You can use SCUs to offset storage fees that are generated for using OSS and other Alibaba Cloud storage services. For more information, see SCUs.
Compared with the pay-as-you-go billing method, resource plans and SCUs are more cost-effective.
Each resource plan and SCU have a quota for resource usage. If your resource usage exceeds the quota, you are charged for the excess resource usage based on the pay-as-you-go billing method. We recommend that you purchase resource plans and SCUs based on your workloads and business scale.
You can use other Alibaba Cloud services to process data uploaded to OSS.
The following services are commonly used with OSS:
Image Processing (IMG): allows you to perform a variety of operations on images in OSS, such as format conversion, resizing, cropping, rotation, and watermarking. For more information, see IMG implementation modes.
Elastic Compute Service (ECS): a cloud computing service that offers elastic and efficient computing. For more information, see the ECS product page.
Alibaba Cloud CDN: allows you to cache OSS resources to Alibaba Cloud points of presence (POPs) that are geographically closer to your users to improve their download experience. For more information, see the Alibaba Cloud CDN product page.
E-MapReduce (EMR): a big data processing solution built on ECS. EMR is developed based on open source Apache Hadoop and Apache Spark to facilitate data analysis and processing. For more information, see the EMR product page.
Data Online Migration: allows you to migrate data from a third-party storage service such as Amazon Web Services (AWS) and Google Cloud to OSS with ease. For more information, see the Data Online Migration documentation.
Data Transport: helps you migrate large amounts of data to OSS under limited network conditions. For example, you can use Data Transport to migrate petabyte-scale data to OSS when upload speed is slow and hardware expansion costs are high. For more information, see What is Data Transport?
Alibaba Cloud storage services
In addition to OSS, Alibaba Cloud provides other storage services, such as Apsara File Storage NAS and Block Storage, that you can use to meet different business scenarios. For more information, see Overview.
For more information about Alibaba Cloud storage solutions and customer success stories, see the Alibaba Cloud storage page.