Object Storage Service
Operation Guide
- Sign up Service
- OSS Overview Page
- OSS Access Domain and Region
- OSS Access Domain Use Rules
- Bucket Management
- Bucket Overview
- Create Bucket
- Delete Bucket
- Set Bucket Policy
- Cross-Origin Resource Sharing Setting
- Static Website Hosting Setting
- Callback Notification
- Cross-regionReplication Setting
- Encrypted by Default
- Customized Domain Name Setting
- Image Back-to-origin Setting
- Edge Storage
- Life Cycle Management
- Tag Management
- Transmission Acceleration
- File Management
- Permission Control
- Image Processing Guide
- Video Processing Guide
API Documentation
- Strong Consistency
- Compare OSS With File System
- S3 Compatible API Overview
- Regions And Endpoints
- Compatible Signature Verification
- Compatible Public Header
- Compatible Interface
- Compatible Interface Overview
- About Service Operation
- About Bucket Operation
- Delete Bucket
- Delete Bucket cors
- Delete Bucket encryption
- Delete Bucket policy
- Delete Bucket replication
- Delete Bucket website
- Delete Bucket lifecycle
- GET Bucket acl
- GET Bucket notification
- Get Bucket(ListObjects)
- Get Bucket cors
- Get Bucket encryption
- Get Bucket policy
- Get Bucket replication
- Get Bucket website
- Get Bucket lifecycle
- Head Bucket
- List Multipart Uploads
- PUT Bucket notification
- Put Bucket
- Put Bucket ACL
- Put Bucket cors
- Get Bucket tagging
- Get Bucket accelerate
- Put Bucket encryption
- Put Bucket policy
- Put Bucket replication
- Put Bucket website
- Put Bucket lifecycle
- Put Bucket tagging
- Put Bucket accelerate
- About Object Operation
- Error Response
- Expansion Interface
- Compatible Tool
SDK Documentation
- Overview
- Compatible S3 SDK-Python (Recommended)
- Compatible to S3 SDK-Go
- Compatible S3 SDK-PHP
- Compatible S3 Java SDK (Recommended)
- Compatible S3 SDK-Android
- Compatible S3 SDK-iOS
- Compatible with S3 SDK-Ruby
- Compatible S3 SDK-.NET
- Compatible to S3 SDK-Node.js
- Previous Version Java SDK (Not Recommended)
Best Practices
- Anti-leech
- Cross-origin Resource Sharing
- Use S3fs to Mount Bucket on Linux Instance
- Data Migration Tool
- IAM
- Use S3cmdto Manage OSS
- Generate Presigned-URL
- Use S3 Browser to Manage OSS
- Set Signature Authentication For Callback Server
- OSS Online Service Quick Verification Tools
- Mobile Application Direct Transmission OSS
- Customized domain supports HTTPS access OSS service
- Use CloudBerry to Manage OSS
- Data Migration Tool Osstransfer (Recommended)
Operation Guide
- Sign up Service
- OSS Overview Page
- OSS Access Domain and Region
- OSS Access Domain Use Rules
- Bucket Management
- Bucket Overview
- Create Bucket
- Delete Bucket
- Set Bucket Policy
- Cross-Origin Resource Sharing Setting
- Static Website Hosting Setting
- Callback Notification
- Cross-regionReplication Setting
- Encrypted by Default
- Customized Domain Name Setting
- Image Back-to-origin Setting
- Edge Storage
- Life Cycle Management
- Tag Management
- Transmission Acceleration
- File Management
- Permission Control
- Image Processing Guide
- Video Processing Guide
API Documentation
- Strong Consistency
- Compare OSS With File System
- S3 Compatible API Overview
- Regions And Endpoints
- Compatible Signature Verification
- Compatible Public Header
- Compatible Interface
- Compatible Interface Overview
- About Service Operation
- About Bucket Operation
- Delete Bucket
- Delete Bucket cors
- Delete Bucket encryption
- Delete Bucket policy
- Delete Bucket replication
- Delete Bucket website
- Delete Bucket lifecycle
- GET Bucket acl
- GET Bucket notification
- Get Bucket(ListObjects)
- Get Bucket cors
- Get Bucket encryption
- Get Bucket policy
- Get Bucket replication
- Get Bucket website
- Get Bucket lifecycle
- Head Bucket
- List Multipart Uploads
- PUT Bucket notification
- Put Bucket
- Put Bucket ACL
- Put Bucket cors
- Get Bucket tagging
- Get Bucket accelerate
- Put Bucket encryption
- Put Bucket policy
- Put Bucket replication
- Put Bucket website
- Put Bucket lifecycle
- Put Bucket tagging
- Put Bucket accelerate
- About Object Operation
- Error Response
- Expansion Interface
- Compatible Tool
SDK Documentation
- Overview
- Compatible S3 SDK-Python (Recommended)
- Compatible to S3 SDK-Go
- Compatible S3 SDK-PHP
- Compatible S3 Java SDK (Recommended)
- Compatible S3 SDK-Android
- Compatible S3 SDK-iOS
- Compatible with S3 SDK-Ruby
- Compatible S3 SDK-.NET
- Compatible to S3 SDK-Node.js
- Previous Version Java SDK (Not Recommended)
Best Practices
- Anti-leech
- Cross-origin Resource Sharing
- Use S3fs to Mount Bucket on Linux Instance
- Data Migration Tool
- IAM
- Use S3cmdto Manage OSS
- Generate Presigned-URL
- Use S3 Browser to Manage OSS
- Set Signature Authentication For Callback Server
- OSS Online Service Quick Verification Tools
- Mobile Application Direct Transmission OSS
- Customized domain supports HTTPS access OSS service
- Use CloudBerry to Manage OSS
- Data Migration Tool Osstransfer (Recommended)
- Elastic Compute
- Virtual MachinesCloud Disk ServiceNative ContainerJCS for KubernetesContainer RegistryAvailability GroupAuto ScalingFunction Service
- Networking
- Virtual Private CloudApplication Load BalancerNetwork Load BalancerDistributed Network Load BalancerElastic IPDirect ConnectionElastic Network InterfaceVPNNAT Gateway
- Database and Cache Service
- RDSJCS for MongoDBTiDB ServiceDRDSJCS for RedisJCS for MemcachedJCS for InfluxDBJCS for GreenplumData Transmission Service
- Cloud Security
- Anti-DDoS BasicAnti-DDoS Protection PackageWeb Application FirewallAnti-DDoS ProEndpoint SecuritySecurity InstructionSSL CertificateSituation AwarenessApplication Security GatewayKey Management ServiceBaseline Check ServicePenetration Test ServiceWebsite Threat InspectorIncident Response ServiceVulnerability Scan ServiceCybersecurity Classified Protection Consulting ServiceJD Cloud HSMImportant Cybersecurity Guarantees ServiceInformation Security TrainingSecurity Notification ServiceSecurity Crowdsourced Testing ServiceSecurity Attack and Defense Drill ServicePCI DSS Compliance ServiceIntelligent Edge Security
- Big Data & Analytics
- Data FactoryData IntegrationData ComputeJD MapReduceStream HubStream ComputeColumn-oriented StorageBI ReportData Visualization
- Management
- Cloud DetectionMonitoringResource OrchestrationIAMDevOpsBastionTag ServiceCloud EventsDirectory ServiceLog ServiceAudit Trail
- AIDC
- Cabinet Physical ComputingEdge Physical Computing ServiceDistributed Cloud Physical ServerCo-locationMonoline & BGP BandwidthIT Equipment InstallationCustomized InspectionIDC Local Technical SupportNetwork Architecture Design ServiceIDC Assets ManagementDistributed Access ServiceServer & Network Monitor ServiceOne-stop Hardware Solution ServiceNetwork Operation and Maintenance ServiceCloud Physical ServerCloud Cabinet Service
- Video Service
- Short Video Service SDKElivePlayer Service SDKVideo Quality DetectionLive VideoMedia Processing ServiceVideo on Demand
- Middleware
- Message QueueAPI GatewayJCS for ElasticsearchJD Distributed Service FrameworkQueue ServiceNotification Service
- AI
- Automatic Speech RecognitionText to SpeechFace CompareFace SearchFace Detect and AnalysisFace Anti-spoofingSelfie SegmentationLexical AnalysisSyntactic ParsingSentiment ClassifierShort Text SimilarityCommentary ExtractionText CategorizationIdentity Card RecognizeVehicle License RecognizeGeneral Image OCRValue-added Tax Invoice RecognizePose EstimationHuman DetectionSpecific Subject Face RecognitionSnap ShopImage Antiporn RecognizeFood Recognition
- Intelligent City AI
- Company Risk ModelAICustomer Source ModelFire Risk ModelAir Quality PredictionWater Quality PredictionVehicle Flowrate PredictionOrder Flowrate PredictionMissing Value Filling For Vehicle FlowrateMissing Value Filling For Human FlowrateMissing Value Filling For Air Quality DataMissing Value Filling For Water Quality Data
Products
-
Elastic Compute
Virtual MachinesCloud Disk ServiceNative ContainerJCS for KubernetesContainer RegistryAvailability GroupAuto ScalingFunction Service -
Networking
Virtual Private CloudApplication Load BalancerNetwork Load BalancerDistributed Network Load BalancerElastic IPDirect ConnectionElastic Network InterfaceVPNNAT Gateway -
Database and Cache Service
RDSJCS for MongoDBTiDB ServiceDRDSJCS for RedisJCS for MemcachedJCS for InfluxDBJCS for GreenplumData Transmission Service -
Storage and CDN
Object Storage ServiceStorage GatewayCloud File ServiceJD Cloud Equal EdgeService -
CDN
CDN -
Domain Name & License
Domain Name ServiceICP License ServiceJD Cloud DNSHTTPDNS -
Cloud Security
Anti-DDoS BasicAnti-DDoS Protection PackageWeb Application FirewallAnti-DDoS ProEndpoint SecuritySecurity InstructionSSL CertificateSituation AwarenessApplication Security GatewayKey Management ServiceBaseline Check ServicePenetration Test ServiceWebsite Threat InspectorIncident Response ServiceVulnerability Scan ServiceCybersecurity Classified Protection Consulting ServiceJD Cloud HSMImportant Cybersecurity Guarantees ServiceInformation Security TrainingSecurity Notification ServiceSecurity Crowdsourced Testing ServiceSecurity Attack and Defense Drill ServicePCI DSS Compliance ServiceIntelligent Edge Security -
Big Data & Analytics
Data FactoryData IntegrationData ComputeJD MapReduceStream HubStream ComputeColumn-oriented StorageBI ReportData Visualization -
Management
Cloud DetectionMonitoringResource OrchestrationIAMDevOpsBastionTag ServiceCloud EventsDirectory ServiceLog ServiceAudit Trail -
AIDC
Cabinet Physical ComputingEdge Physical Computing ServiceDistributed Cloud Physical ServerCo-locationMonoline & BGP BandwidthIT Equipment InstallationCustomized InspectionIDC Local Technical SupportNetwork Architecture Design ServiceIDC Assets ManagementDistributed Access ServiceServer & Network Monitor ServiceOne-stop Hardware Solution ServiceNetwork Operation and Maintenance ServiceCloud Physical ServerCloud Cabinet Service -
VR Cloud Services
VR Player Service SDKVR LiveVR Video On Demand -
Cloud Marketplace
Cloud Marketplace -
Video Service
Short Video Service SDKElivePlayer Service SDKVideo Quality DetectionLive VideoMedia Processing ServiceVideo on Demand -
Middleware
Message QueueAPI GatewayJCS for ElasticsearchJD Distributed Service FrameworkQueue ServiceNotification Service -
Blockchain
JD Blockchain Open PlatformBlockchain Data Service -
Developer Tools
PerftestArtifactsCodeCommitCodeBuildCodeDeployCodePipeline -
Enterprise Application
JD WorkSpaces -
Solutions
Oracle on Cloud -
Hybrid Cloud
JD Cloud DRSJDFusionJDMigration -
IoT
IoT CoreIoT Device SDKIoT HubIoT Protocol AdaptorIoT Edge -
AI
Automatic Speech RecognitionText to SpeechFace CompareFace SearchFace Detect and AnalysisFace Anti-spoofingSelfie SegmentationLexical AnalysisSyntactic ParsingSentiment ClassifierShort Text SimilarityCommentary ExtractionText CategorizationIdentity Card RecognizeVehicle License RecognizeGeneral Image OCRValue-added Tax Invoice RecognizePose EstimationHuman DetectionSpecific Subject Face RecognitionSnap ShopImage Antiporn RecognizeFood Recognition -
Proprietary Cloud
JDStack HCIJDStack AgilityJD-Cloud-Mesh -
Intelligent Design
Image MattingPhoto Filters MatchingImage Style ClassificationAutomatic Composing -
Finance
Account AssetsOnline PurchasingPaymentInvoiceBillingCouponContract Management -
User Service
Account ManagementReal-name VerificationMessage CenterSecurity Operation Protection -
Intelligent City AI
Company Risk ModelAICustomer Source ModelFire Risk ModelAir Quality PredictionWater Quality PredictionVehicle Flowrate PredictionOrder Flowrate PredictionMissing Value Filling For Vehicle FlowrateMissing Value Filling For Human FlowrateMissing Value Filling For Air Quality DataMissing Value Filling For Water Quality Data -
Service Agreements and Guarantees
Platform AgreementCopyright100 Times Fault CompensationProduct Service AgreementService ContentContact Us -
Cloud Communication
Text MessageRich Media SMSQuery Card Service
Object Storage Service
- Introduction
- Pricing
- Getting Started
- Operation Guide
- Sign up Service
- OSS Overview Page
- OSS Access Domain and Region
- OSS Access Domain Use Rules
- Bucket Management
- Bucket Overview
- Create Bucket
- Delete Bucket
- Set Bucket Policy
- Cross-Origin Resource Sharing Setting
- Static Website Hosting Setting
- Callback Notification
- Cross-regionReplication Setting
- Encrypted by Default
- Customized Domain Name Setting
- Image Back-to-origin Setting
- Edge Storage
- Life Cycle Management
- Tag Management
- Transmission Acceleration
- File Management
- Permission Control
- Image Processing Guide
- Video Processing Guide
- API Documentation
- Strong Consistency
- Compare OSS With File System
- S3 Compatible API Overview
- Regions And Endpoints
- Compatible Signature Verification
- Compatible Public Header
- Compatible Interface
- Compatible Interface Overview
- About Service Operation
- About Bucket Operation
- Delete Bucket
- Delete Bucket cors
- Delete Bucket encryption
- Delete Bucket policy
- Delete Bucket replication
- Delete Bucket website
- Delete Bucket lifecycle
- GET Bucket acl
- GET Bucket notification
- Get Bucket(ListObjects)
- Get Bucket cors
- Get Bucket encryption
- Get Bucket policy
- Get Bucket replication
- Get Bucket website
- Get Bucket lifecycle
- Head Bucket
- List Multipart Uploads
- PUT Bucket notification
- Put Bucket
- Put Bucket ACL
- Put Bucket cors
- Get Bucket tagging
- Get Bucket accelerate
- Put Bucket encryption
- Put Bucket policy
- Put Bucket replication
- Put Bucket website
- Put Bucket lifecycle
- Put Bucket tagging
- Put Bucket accelerate
- About Object Operation
- Error Response
- Expansion Interface
- Compatible Tool
- SDK Documentation
- Overview
- Compatible S3 SDK-Python (Recommended)
- Compatible to S3 SDK-Go
- Compatible S3 SDK-PHP
- Compatible S3 Java SDK (Recommended)
- Compatible S3 SDK-Android
- Compatible S3 SDK-iOS
- Compatible with S3 SDK-Ruby
- Compatible S3 SDK-.NET
- Compatible to S3 SDK-Node.js
- Previous Version Java SDK (Not Recommended)
- Best Practices
- Anti-leech
- Cross-origin Resource Sharing
- Use S3fs to Mount Bucket on Linux Instance
- Data Migration Tool
- IAM
- Use S3cmdto Manage OSS
- Generate Presigned-URL
- Use S3 Browser to Manage OSS
- Set Signature Authentication For Callback Server
- OSS Online Service Quick Verification Tools
- Mobile Application Direct Transmission OSS
- Customized domain supports HTTPS access OSS service
- Use CloudBerry to Manage OSS
- Data Migration Tool Osstransfer (Recommended)
- FAQ
- API Reference
- User Agreements
Authorize the sub-account to access OSS
Glossary
For detailed IAM introduction, please go to IAM Overview.
Relevant Terms of Identity Management
Primary Account
The primary account is also known as root account, which is the subject of the ownership and billing of JD Cloud resources. It is created by the system when the user registers and activates JD Cloud. The primary account pays for all resources under its name and has full access to all JD Cloud services and resources.
Sub-user
Sub-user, also called as sub-account, is a kind of entity identity that has a definite user name, password and AK/SK and it is usually corresponding to a certain definite entity. The user name of the sub-user is created by the primary account. The sub-user is not a unique JD Cloud account, it belongs to primary account and can be seen under the space of the primary account. It only has resource use right, but ownership of resources. The sub-user has no independent metering and billing, the using charge of resources will be recorded in the bill of the primary account uniformly. The sub-user must be granted by the primary account to login console or use Open API to operate resources granted by the primary account.
Group
It is sub-user group that is a collection of sub-users. The primary account can use group to conveniently manage multiple sub-users with same permissions and also change user permissions by adding in or remove sub-users from a group.
Sub-account Permission Configuration Process
- Step 1: Create a sub-account
A sub-account can be created at the IAM console, and configured and granted with sub-account access permissions. The specific actions are as follows:
- Log in to the IAM Console, click User Management in the left menu bar, and click Create a Sub-user:
- Fill in the user related information as required.
- Step 2: Grant permissions to the sub-account
In accordance with the policy selection provided by the system, simple policy [System Policy] can configures, for example, OSS administrator permissions, read and write permissions, etc. To configure more complicated policies, please use [Policy Management] - [Create a Customized Policy].
-
Method 1: Access the sub-user list, click Authorization to quickly grant the appropriate [System Policy] to the sub-user.
Method 2: Use a customized policy as the responsible policy, click Policy Management in the left menu bar, and click **Create a Policy
Support visual policy generator and policy editor
If policy editor is used, enter the policy name, enter json in the edit box, and specify the IAM policy.
-
After creating the customized policy succeeds, go back to the access sub-user list, click Authorization, grant the [Customized Policy], and complete the association between the sub-account and the policy.
This document also describes several typical scenarios with the following policy examples. See details in IAM Policy-based Permission Control - IAM Policy Example. You can directly replicate the customized policy to the editor.
- Step 3: Use the sub-account to access the primary account OSS resource (the current OSS console does not support the sub-account) OSS access (API or SDK) needs the following resources: AccessKeyId, and AccessKeySecret. When the sub-account is used to access OSS resources, using AccessKeyId and AccessKeySecret of the sub-account is required. You can select to create an (Access Key) for the sub-account when creating the sub-account or log in to the access management console to create the AccessKeyId(Access Key) and AccessKeySecret(Secret Key) of the sub-account.
Method 1: Select to create a sub-account (Access Key) when creating a sub-account
Method 2: Log in to the access management console to create or view the Access Key and Secret Key of the sub-account.
Then use the sub-account AccessKeyID and AccessKeySecret, and utilize OSS API or SDK to access OSS. The action is the same as that of the primary account.
Use the Bucket policy to authorize the sub-account
In addition to IAM policy, you can also use the Bucket policy authorize the sub-account. For specific authorization steps, please see Bucket policy - Access Permission Setting.
Update Time:2019-05-28 16:47:18