Object Storage Service
Operation Guide
- Sign up Service
- OSS Overview Page
- OSS Access Domain and Region
- OSS Access Domain Use Rules
- Bucket Management
- Bucket Overview
- Create Bucket
- Delete Bucket
- Set Bucket Policy
- Cross-Origin Resource Sharing Setting
- Static Website Hosting Setting
- Callback Notification
- Cross-regionReplication Setting
- Encrypted by Default
- Customized Domain Name Setting
- Image Back-to-origin Setting
- Edge Storage
- Life Cycle Management
- Tag Management
- Transmission Acceleration
- File Management
- Permission Control
- Image Processing Guide
- Video Processing Guide
API Documentation
- Strong Consistency
- Compare OSS With File System
- S3 Compatible API Overview
- Regions And Endpoints
- Compatible Signature Verification
- Compatible Public Header
- Compatible Interface
- Compatible Interface Overview
- About Service Operation
- About Bucket Operation
- Delete Bucket
- Delete Bucket cors
- Delete Bucket encryption
- Delete Bucket policy
- Delete Bucket replication
- Delete Bucket website
- Delete Bucket lifecycle
- GET Bucket acl
- GET Bucket notification
- Get Bucket(ListObjects)
- Get Bucket cors
- Get Bucket encryption
- Get Bucket policy
- Get Bucket replication
- Get Bucket website
- Get Bucket lifecycle
- Head Bucket
- List Multipart Uploads
- PUT Bucket notification
- Put Bucket
- Put Bucket ACL
- Put Bucket cors
- Get Bucket tagging
- Get Bucket accelerate
- Put Bucket encryption
- Put Bucket policy
- Put Bucket replication
- Put Bucket website
- Put Bucket lifecycle
- Put Bucket tagging
- Put Bucket accelerate
- About Object Operation
- Error Response
- Expansion Interface
- Compatible Tool
SDK Documentation
- Overview
- Compatible S3 SDK-Python (Recommended)
- Compatible to S3 SDK-Go
- Compatible S3 SDK-PHP
- Compatible S3 Java SDK (Recommended)
- Compatible S3 SDK-Android
- Compatible S3 SDK-iOS
- Compatible with S3 SDK-Ruby
- Compatible S3 SDK-.NET
- Compatible to S3 SDK-Node.js
- Previous Version Java SDK (Not Recommended)
Best Practices
- Anti-leech
- Cross-origin Resource Sharing
- Use S3fs to Mount Bucket on Linux Instance
- Data Migration Tool
- IAM
- Use S3cmdto Manage OSS
- Generate Presigned-URL
- Use S3 Browser to Manage OSS
- Set Signature Authentication For Callback Server
- OSS Online Service Quick Verification Tools
- Mobile Application Direct Transmission OSS
- Customized domain supports HTTPS access OSS service
- Use CloudBerry to Manage OSS
- Data Migration Tool Osstransfer (Recommended)
Operation Guide
- Sign up Service
- OSS Overview Page
- OSS Access Domain and Region
- OSS Access Domain Use Rules
- Bucket Management
- Bucket Overview
- Create Bucket
- Delete Bucket
- Set Bucket Policy
- Cross-Origin Resource Sharing Setting
- Static Website Hosting Setting
- Callback Notification
- Cross-regionReplication Setting
- Encrypted by Default
- Customized Domain Name Setting
- Image Back-to-origin Setting
- Edge Storage
- Life Cycle Management
- Tag Management
- Transmission Acceleration
- File Management
- Permission Control
- Image Processing Guide
- Video Processing Guide
API Documentation
- Strong Consistency
- Compare OSS With File System
- S3 Compatible API Overview
- Regions And Endpoints
- Compatible Signature Verification
- Compatible Public Header
- Compatible Interface
- Compatible Interface Overview
- About Service Operation
- About Bucket Operation
- Delete Bucket
- Delete Bucket cors
- Delete Bucket encryption
- Delete Bucket policy
- Delete Bucket replication
- Delete Bucket website
- Delete Bucket lifecycle
- GET Bucket acl
- GET Bucket notification
- Get Bucket(ListObjects)
- Get Bucket cors
- Get Bucket encryption
- Get Bucket policy
- Get Bucket replication
- Get Bucket website
- Get Bucket lifecycle
- Head Bucket
- List Multipart Uploads
- PUT Bucket notification
- Put Bucket
- Put Bucket ACL
- Put Bucket cors
- Get Bucket tagging
- Get Bucket accelerate
- Put Bucket encryption
- Put Bucket policy
- Put Bucket replication
- Put Bucket website
- Put Bucket lifecycle
- Put Bucket tagging
- Put Bucket accelerate
- About Object Operation
- Error Response
- Expansion Interface
- Compatible Tool
SDK Documentation
- Overview
- Compatible S3 SDK-Python (Recommended)
- Compatible to S3 SDK-Go
- Compatible S3 SDK-PHP
- Compatible S3 Java SDK (Recommended)
- Compatible S3 SDK-Android
- Compatible S3 SDK-iOS
- Compatible with S3 SDK-Ruby
- Compatible S3 SDK-.NET
- Compatible to S3 SDK-Node.js
- Previous Version Java SDK (Not Recommended)
Best Practices
- Anti-leech
- Cross-origin Resource Sharing
- Use S3fs to Mount Bucket on Linux Instance
- Data Migration Tool
- IAM
- Use S3cmdto Manage OSS
- Generate Presigned-URL
- Use S3 Browser to Manage OSS
- Set Signature Authentication For Callback Server
- OSS Online Service Quick Verification Tools
- Mobile Application Direct Transmission OSS
- Customized domain supports HTTPS access OSS service
- Use CloudBerry to Manage OSS
- Data Migration Tool Osstransfer (Recommended)
- Elastic Compute
- Virtual MachinesCloud Disk ServiceNative ContainerJCS for KubernetesContainer RegistryAvailability GroupAuto ScalingFunction Service
- Networking
- Virtual Private CloudApplication Load BalancerNetwork Load BalancerDistributed Network Load BalancerElastic IPDirect ConnectionElastic Network InterfaceVPNNAT Gateway
- Database and Cache Service
- RDSJCS for MongoDBTiDB ServiceDRDSJCS for RedisJCS for MemcachedJCS for InfluxDBJCS for GreenplumData Transmission Service
- Cloud Security
- Anti-DDoS BasicAnti-DDoS Protection PackageWeb Application FirewallAnti-DDoS ProEndpoint SecuritySecurity InstructionSSL CertificateSituation AwarenessApplication Security GatewayKey Management ServiceBaseline Check ServicePenetration Test ServiceWebsite Threat InspectorIncident Response ServiceVulnerability Scan ServiceCybersecurity Classified Protection Consulting ServiceJD Cloud HSMImportant Cybersecurity Guarantees ServiceInformation Security TrainingSecurity Notification ServiceSecurity Crowdsourced Testing ServiceSecurity Attack and Defense Drill ServicePCI DSS Compliance ServiceIntelligent Edge Security
- Big Data & Analytics
- Data FactoryData IntegrationData ComputeJD MapReduceStream HubStream ComputeColumn-oriented StorageBI ReportData Visualization
- Management
- Cloud DetectionMonitoringResource OrchestrationIAMDevOpsBastionTag ServiceCloud EventsDirectory ServiceLog ServiceAudit Trail
- AIDC
- Cabinet Physical ComputingEdge Physical Computing ServiceDistributed Cloud Physical ServerCo-locationMonoline & BGP BandwidthIT Equipment InstallationCustomized InspectionIDC Local Technical SupportNetwork Architecture Design ServiceIDC Assets ManagementDistributed Access ServiceServer & Network Monitor ServiceOne-stop Hardware Solution ServiceNetwork Operation and Maintenance ServiceCloud Physical ServerCloud Cabinet Service
- Video Service
- Short Video Service SDKElivePlayer Service SDKVideo Quality DetectionLive VideoMedia Processing ServiceVideo on Demand
- Middleware
- Message QueueAPI GatewayJCS for ElasticsearchJD Distributed Service FrameworkQueue ServiceNotification Service
- AI
- Automatic Speech RecognitionText to SpeechFace CompareFace SearchFace Detect and AnalysisFace Anti-spoofingSelfie SegmentationLexical AnalysisSyntactic ParsingSentiment ClassifierShort Text SimilarityCommentary ExtractionText CategorizationIdentity Card RecognizeVehicle License RecognizeGeneral Image OCRValue-added Tax Invoice RecognizePose EstimationHuman DetectionSpecific Subject Face RecognitionSnap ShopImage Antiporn RecognizeFood Recognition
- Intelligent City AI
- Company Risk ModelAICustomer Source ModelFire Risk ModelAir Quality PredictionWater Quality PredictionVehicle Flowrate PredictionOrder Flowrate PredictionMissing Value Filling For Vehicle FlowrateMissing Value Filling For Human FlowrateMissing Value Filling For Air Quality DataMissing Value Filling For Water Quality Data
Products
-
Elastic Compute
Virtual MachinesCloud Disk ServiceNative ContainerJCS for KubernetesContainer RegistryAvailability GroupAuto ScalingFunction Service -
Networking
Virtual Private CloudApplication Load BalancerNetwork Load BalancerDistributed Network Load BalancerElastic IPDirect ConnectionElastic Network InterfaceVPNNAT Gateway -
Database and Cache Service
RDSJCS for MongoDBTiDB ServiceDRDSJCS for RedisJCS for MemcachedJCS for InfluxDBJCS for GreenplumData Transmission Service -
Storage and CDN
Object Storage ServiceStorage GatewayCloud File ServiceJD Cloud Equal EdgeService -
CDN
CDN -
Domain Name & License
Domain Name ServiceICP License ServiceJD Cloud DNSHTTPDNS -
Cloud Security
Anti-DDoS BasicAnti-DDoS Protection PackageWeb Application FirewallAnti-DDoS ProEndpoint SecuritySecurity InstructionSSL CertificateSituation AwarenessApplication Security GatewayKey Management ServiceBaseline Check ServicePenetration Test ServiceWebsite Threat InspectorIncident Response ServiceVulnerability Scan ServiceCybersecurity Classified Protection Consulting ServiceJD Cloud HSMImportant Cybersecurity Guarantees ServiceInformation Security TrainingSecurity Notification ServiceSecurity Crowdsourced Testing ServiceSecurity Attack and Defense Drill ServicePCI DSS Compliance ServiceIntelligent Edge Security -
Big Data & Analytics
Data FactoryData IntegrationData ComputeJD MapReduceStream HubStream ComputeColumn-oriented StorageBI ReportData Visualization -
Management
Cloud DetectionMonitoringResource OrchestrationIAMDevOpsBastionTag ServiceCloud EventsDirectory ServiceLog ServiceAudit Trail -
AIDC
Cabinet Physical ComputingEdge Physical Computing ServiceDistributed Cloud Physical ServerCo-locationMonoline & BGP BandwidthIT Equipment InstallationCustomized InspectionIDC Local Technical SupportNetwork Architecture Design ServiceIDC Assets ManagementDistributed Access ServiceServer & Network Monitor ServiceOne-stop Hardware Solution ServiceNetwork Operation and Maintenance ServiceCloud Physical ServerCloud Cabinet Service -
VR Cloud Services
VR Player Service SDKVR LiveVR Video On Demand -
Cloud Marketplace
Cloud Marketplace -
Video Service
Short Video Service SDKElivePlayer Service SDKVideo Quality DetectionLive VideoMedia Processing ServiceVideo on Demand -
Middleware
Message QueueAPI GatewayJCS for ElasticsearchJD Distributed Service FrameworkQueue ServiceNotification Service -
Blockchain
JD Blockchain Open PlatformBlockchain Data Service -
Developer Tools
PerftestArtifactsCodeCommitCodeBuildCodeDeployCodePipeline -
Enterprise Application
JD WorkSpaces -
Solutions
Oracle on Cloud -
Hybrid Cloud
JD Cloud DRSJDFusionJDMigration -
IoT
IoT CoreIoT Device SDKIoT HubIoT Protocol AdaptorIoT Edge -
AI
Automatic Speech RecognitionText to SpeechFace CompareFace SearchFace Detect and AnalysisFace Anti-spoofingSelfie SegmentationLexical AnalysisSyntactic ParsingSentiment ClassifierShort Text SimilarityCommentary ExtractionText CategorizationIdentity Card RecognizeVehicle License RecognizeGeneral Image OCRValue-added Tax Invoice RecognizePose EstimationHuman DetectionSpecific Subject Face RecognitionSnap ShopImage Antiporn RecognizeFood Recognition -
Proprietary Cloud
JDStack HCIJDStack AgilityJD-Cloud-Mesh -
Intelligent Design
Image MattingPhoto Filters MatchingImage Style ClassificationAutomatic Composing -
Finance
Account AssetsOnline PurchasingPaymentInvoiceBillingCouponContract Management -
User Service
Account ManagementReal-name VerificationMessage CenterSecurity Operation Protection -
Intelligent City AI
Company Risk ModelAICustomer Source ModelFire Risk ModelAir Quality PredictionWater Quality PredictionVehicle Flowrate PredictionOrder Flowrate PredictionMissing Value Filling For Vehicle FlowrateMissing Value Filling For Human FlowrateMissing Value Filling For Air Quality DataMissing Value Filling For Water Quality Data -
Service Agreements and Guarantees
Platform AgreementCopyright100 Times Fault CompensationProduct Service AgreementService ContentContact Us -
Cloud Communication
Text MessageRich Media SMSQuery Card Service
Object Storage Service
- Introduction
- Pricing
- Getting Started
- Operation Guide
- Sign up Service
- OSS Overview Page
- OSS Access Domain and Region
- OSS Access Domain Use Rules
- Bucket Management
- Bucket Overview
- Create Bucket
- Delete Bucket
- Set Bucket Policy
- Cross-Origin Resource Sharing Setting
- Static Website Hosting Setting
- Callback Notification
- Cross-regionReplication Setting
- Encrypted by Default
- Customized Domain Name Setting
- Image Back-to-origin Setting
- Edge Storage
- Life Cycle Management
- Tag Management
- Transmission Acceleration
- File Management
- Permission Control
- Image Processing Guide
- Video Processing Guide
- API Documentation
- Strong Consistency
- Compare OSS With File System
- S3 Compatible API Overview
- Regions And Endpoints
- Compatible Signature Verification
- Compatible Public Header
- Compatible Interface
- Compatible Interface Overview
- About Service Operation
- About Bucket Operation
- Delete Bucket
- Delete Bucket cors
- Delete Bucket encryption
- Delete Bucket policy
- Delete Bucket replication
- Delete Bucket website
- Delete Bucket lifecycle
- GET Bucket acl
- GET Bucket notification
- Get Bucket(ListObjects)
- Get Bucket cors
- Get Bucket encryption
- Get Bucket policy
- Get Bucket replication
- Get Bucket website
- Get Bucket lifecycle
- Head Bucket
- List Multipart Uploads
- PUT Bucket notification
- Put Bucket
- Put Bucket ACL
- Put Bucket cors
- Get Bucket tagging
- Get Bucket accelerate
- Put Bucket encryption
- Put Bucket policy
- Put Bucket replication
- Put Bucket website
- Put Bucket lifecycle
- Put Bucket tagging
- Put Bucket accelerate
- About Object Operation
- Error Response
- Expansion Interface
- Compatible Tool
- SDK Documentation
- Overview
- Compatible S3 SDK-Python (Recommended)
- Compatible to S3 SDK-Go
- Compatible S3 SDK-PHP
- Compatible S3 Java SDK (Recommended)
- Compatible S3 SDK-Android
- Compatible S3 SDK-iOS
- Compatible with S3 SDK-Ruby
- Compatible S3 SDK-.NET
- Compatible to S3 SDK-Node.js
- Previous Version Java SDK (Not Recommended)
- Best Practices
- Anti-leech
- Cross-origin Resource Sharing
- Use S3fs to Mount Bucket on Linux Instance
- Data Migration Tool
- IAM
- Use S3cmdto Manage OSS
- Generate Presigned-URL
- Use S3 Browser to Manage OSS
- Set Signature Authentication For Callback Server
- OSS Online Service Quick Verification Tools
- Mobile Application Direct Transmission OSS
- Customized domain supports HTTPS access OSS service
- Use CloudBerry to Manage OSS
- Data Migration Tool Osstransfer (Recommended)
- FAQ
- API Reference
- User Agreements
Cross-account Authorization Overview
All the OSS resources are private by default. If the owner wants to share the resources with any other person, he or she can authorize the person to access OSS resources by cross-account authorization. The method of cross-account authorized access to OSS resources is provided as follows.
- Realize the cross-account access to OSS based on Bucket Policy. Bucket Policy is a resource-based authorization policy. Compared with IAM Policy, Bucket Policy is easy to operate and supports graphic configuration directly at the console. Bucket Policy supports to grant the access permission with specific IP restrictions and Referer to IAM sub-users, anonymous users, etc. of other accounts. For detailed introduction and description, please see Bucket Policy-based Permission Control.
Setting Method:
- API/SDK :
- Console Setting:
- Log in to OSS Console - Space Management - click the Bucket to be authorized - Space Setting - Permission Setting - Customized Permission
- Directly edit in the editor. Bucket policy (legal json), with the size restriction of 16KB.
Bucket policy Example
1. Authorize the cross-account the read and write permissions to the specified file
Scenario: Enterprise account A, which has one object, i.e. Object1, under the dir1 directory of the bucket named as Bucket1. Another enterprise account (accountID:123334444455) needs to have the read and write permission of the aforesaid objects.
复制成功
{
"Version": "2012-10-17",
"Id": "BucketId",
"Statement": [{
"Sid": "OtherAccountAllow",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123334444455:root"
]
},
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3:::Bucket1/dir1/Object1"
}]
}
# 2. Authorize the sub-account the read and write permissions to the specific Bucket
Scenario: Enterprise account A (accountID: 123456789012), which has a bucket named as Bucket1, and intends to authorize its sub-account named as user1 the permission to read and write any object bucket.
复制成功
{
"Version": "2012-10-17",
"Id": "BucketId",
"Statement": [{
"Sid": "SubAccountAllow",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123456789012:user/user1"
]
},
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3:::Bucket1/*"
}]
}
# 3. Authorize the sub-account of the cross-account the read and write permissions to the specified file
Enterprise account A (accountID: 123456789012), which has a bucket named as Bucket1. Another enterprise account B (accountID:123334444455) named as sub-account user2 needs to have the read and write permissions to the object under dir1 directory in enterprise account A, Bucket1.
The permission transfer is involved. First, enterprise account A needs to use Bucket Policy to grant enterprise account B the permission to read the objects under the directory. Second, sub-account user2 must be explicitly granted the permission of accessing dir1 directory in Bucket1 through IAM policy.
Step 1: Enterprise account A (accountID: 123456789012) grants enterprise account B (accountID:123334444455), through Bucket policy, the read and write permissions to read objects under dir1 directory in Bucket1.
复制成功
{
"Version": "2012-10-17",
"Id": "BucketId",
"Statement": [{
"Sid": "OtherAccountAllow",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123334444455:root"
]
},
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::Bucket1/dir1/*"
}]
}
Step 2: Enterprise account (accountID:123334444455) must explicitly grant sub-account user2 through IAM policy the permission of accessing dir1 directory in Bucket1.
复制成功
{
"Statement": [{
"Action": [
"oss:GetObject",
"oss:PutObject",
"oss:AbortMultipartUpload"
],
"Effect": "Allow",
"Resource": ["jrn:oss:*:*:Bucket1/dir/*"]
}],
"Version": "3"
}
Update Time:2019-05-28 16:47:18