If you want OSS to automatically trigger a Function Compute service and return transformed data to your application when you send a GetObject request, you must use an Object FC Access Point. An Object FC Access Point lets you seamlessly modify or filter object content, preserving object storage semantics without modifying your client application. This topic describes how to create an Object FC Access Point.
Prerequisites
-
The bucket must be in one of the following regions: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Chengdu), China (Hong Kong), US (Silicon Valley), US (Virginia), Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Germany (Frankfurt), or UK (London).
-
An access point has been created in the region where the bucket is located. For more information, see TEST3_H1 has value_Title is empty.
-
A Function Compute service has been created in the bucket's region. For more information, see Create a service.
-
Grant the
oss:WriteGetObjectResponsepermission to the default role (AliyunFCDefaultRole) for the service. The following sample code provides an example of a permission policy:{ "Statement": [ { "Action": "oss:WriteGetObjectResponse", "Effect": "Allow", "Resource": "*" } ], "Version": "1" }For more information, see Manage permissions for a RAM role.
-
You have created a function in the Function Compute service.
You can trigger Function Compute by calling the GetObject API operation with the SDK for Java, Python, or Go. When you deploy function code by using these SDKs, you must create a function that uses a supported runtime.
-
When you deploy function code by using the Java SDK, create a function with the Runtime set to Java 11.
-
When you deploy function code by using the Python SDK, create a function with the Runtime set to Python 3.10.
-
When you deploy function code by using the Go SDK, create a function with the Runtime set to Go 1.
Keep the default settings for other parameters. For more information, see Create a function.
-
-
The RAM user must have the following permissions:
oss:CreateAccessPointForObjectProcess,oss:GetAccessPointForObjectProcess,oss:DeleteAccessPointForObjectProcess,oss:ListAccessPointsForObjectProcess,oss:PutAccessPointConfigForObjectProcess,oss:GetAccessPointConfigForObjectProcess,oss:PutAccessPointPolicyForObjectProcess,oss:GetAccessPointPolicyForObjectProcess, andoss:DeleteAccessPointPolicyForObjectProcess. For more information, see Common examples of RAM policies.
Limitations
|
Item |
Description |
|
Creation method |
You can create an Object FC Access Point only by using the OSS console or calling API operations. You cannot create an Object FC Access Point by using SDKs, ossutil, or similar tools. |
|
Quantity |
|
|
Modification rules |
After you create an Object FC Access Point, you can modify only the access point policy. You cannot modify basic information such as the access point name or Object FC Access Point alias. |
|
Access method |
Anonymous access is not supported. |
OSS console
Log on to the OSS console.
-
In the navigation pane on the left, click Object FC Access Points.
-
On the Object FC Access Points page, click Create Object FC Access Point.
-
In the Create Object FC Access Point dialog box, configure the following parameters and then click OK.
Parameter
Description
Region
Select the region where the associated access point is located.
Object FC Access Point Name
Enter a name for the Object FC Access Point. The name must meet the following requirements:
-
The name can be up to 63 characters in length.
-
The name can contain only lowercase letters, digits, and hyphens (
-). It cannot start or end with a hyphen. -
The name must be unique within the current region.
Supporting Access Point
Select an existing access point.
Bucket Name
Displays the name of the bucket associated with the access point.
OSS API
Select GetObject.
Function to Invoke
Select an existing function and then select Support Range GetObject Requests.
Function Version
Select a version for the function. If you leave this parameter empty, the system uses the LATEST version.
-
-
Authorize the role.
The first time you create an Object FC Access Point, click RAM Quick Authorization and follow the on-screen instructions to authorize the
AliyunOSSObjectFcForOSSDefaultRolerole. To ensure that the OSS service account can invoke Function Compute, do not disable, modify, or delete the role or its permission policies. -
Click Finish.
-
It takes about 10 minutes to create an Object FC Access Point.
-
After the Object FC Access Point is created, the Object FC Access Points page displays the Object FC Access Point alias that OSS creates automatically.
-
You cannot modify, delete, or disable the Object FC Access Point alias.
-
Function Compute triggers only when you call the GetObject API by using an Object FC Access Point alias. For other API calls that use the alias, OSS automatically routes the request to the underlying access point, which then applies its access point policy.
REST API
If your application requires significant customization, you can call the REST API directly. To do this, you must write code to manually calculate signatures. For more information, see CreateAccessPointForObjectProcess.