All Products
Search

This Product

    Object Storage Service:Create Object FC Access Points

    Document Center

    Object Storage Service:Create Object FC Access Points

    Last Updated:Nov 15, 2023

    If you want Object Storage Service (OSS) to automatically trigger Function Compute when you initiate a GetObject request and return the transformed result of the retrieved data to the application, you must initiate the request by using an Object FC Access Point. Then, you can seamlessly modify or filter the content of objects without the need to modify the client. This topic describes how to create an Object FC Access Point.

    Prerequisites

    • An OSS access point is created in the China (Qingdao) region. For more information, see Create an access point.

    • Function Compute is activated in the China (Qingdao) region. For more information, see Create a service.

    • The oss:WriteGetObjectResponse permission is granted to the default service-linked role (AliyunFCDefaultRole). Sample permission policy:

      {
  "Statement": [
    {
      "Action": "oss:WriteGetObjectResponse",
      "Effect": "Allow",
      "Resource": "*"
    }
  ],
  "Version": "1"
}

      For more information, see Grant permissions to a RAM role.

    • A function is created in a Function Compute service.

      Function Compute can be triggered only when you call the GetObject operation by using OSS SDK for Java or OSS SDK for Python. To deploy function code by using OSS SDK for Java or OSS SDK for Python, you must create a function that meets the runtime requirements.

      • When you deploy function code by using OSS SDK for Java, you must create a function whose Runtime is Java 11.

      • When you deploy function code by using OSS SDK for Python, you must create a function whose Runtime is Python 3.10.

      Retain the default configurations for other parameters. For more information, see Create a function.

    • A RAM user is granted the following permissions: oss:CreateAccessPointForObjectProcess, oss:GetAccessPointForObjectProcess, oss:DeleteAccessPointForObjectProcess, oss:ListAccessPointsForObjectProcess, oss:PutAccessPointConfigForObjectProcess, oss:GetAccessPointConfigForObjectProcess, oss:PutAccessPointPolicyForObjectProcess, oss:GetAccessPointPolicyForObjectProcess, and oss:DeleteAccessPointPolicyForObjectProcess. For more information, see Common examples of RAM policies.

    Limits

    Item

    Description

    Creation method

    You can create an Object FC Access Point only by using the OSS console or calling API operations. You cannot create an Object FC Access Point by using OSS SDKs or ossutil.

    Quantity

    • You can create up to 1,000 Object FC Access Points for an Alibaba Cloud account.

    • You can create up to 100 Object FC Access Points for a bucket.

    Modification rule

    After you create an Object FC Access Point, you can modify only its policy. You cannot modify the basic information about the Object FC Access Point, such as its name and alias.

    Access mode

    An Object FC Access Point does not support anonymous access.

    Use the OSS console

    1. Log on to the OSS console.

    2. In the left-side navigation pane, click Object FC Access Points.

    3. On the Object FC Access Points page, click Create Object FC Access Point.

    4. In the Create Object FC Access Point panel, configure the parameters and click OK. The following table describes the parameters.

      Parameter

      Description

      Region

      Select China (Qingdao) from the drop-down list.

      Object FC Access Point Name

      Specify the name of the Object FC Access Point. Naming conventions:

      • The name can be up to 63 characters in length.

      • The name can contain only lowercase letters, digits, and hyphens (-) and cannot start or end with a hyphen (-).

      • The name must be unique in the current region.

      Supporting Access Point

      Select the created OSS access point.

      Bucket Name

      Display the name of the bucket with which the OSS access point is associated.

      OSS API

      Select GetObject.

      Function Compute Service

      Select a Function Compute service.

      Function to Invoke

      Select the function that you created and then select Support Range GetObject Requests.

      Function Version

      Select a version for the created function. If you do not specify this parameter, the LATEST version is used by default.

    5. Complete role authorization.

      The first time you create an Object FC Access Point, click RAM Quick Authorization and follow the on-screen instructions to authorize the AliyunOSSObjectFcForOSSDefaultRole role to access your OSS and Function Compute resources. To ensure that your OSS account can invoke functions of Function Compute, do not disable, modify, or delete the role and the policies attached to the role.

    6. Click OK.

      • The Object FC Access Point is created in about 10 minutes.

      • After the Object FC Access Point is created, the alias of the Object FC Access Point is automatically displayed on the Object FC Access Points page.

      • You cannot modify, delete, or disable the alias of the Object FC Access Point.

    Important

    Function Compute is triggered only when you call the GetObject operation by using the alias of an Object FC Access Point. If you use the alias of an Object FC Access Point to call the non-GetObject operation, the system automatically switches to the OSS access point and complies with the policy of the OSS access point.

    What to do next

    Compile a function that is used to process GetObject requests