All Products
Search
Document Center

Object Storage Service:Create Object FC Access Points

Last Updated:Nov 03, 2024

If you want Object Storage Service (OSS) to automatically trigger Function Compute when you initiate a GetObject request and return the transformed result of the retrieved data to the application, you must initiate the request by using an Object FC Access Point. Then, you can seamlessly modify or filter the content of objects without the need to modify the client. This topic describes how to create an Object FC Access Point.

Prerequisites

  • The bucket for which you want to create access points is located in one of the following regions: China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), China (Chengdu), China (Hong Kong), US (Silicon Valley), US (Virginia), Japan (Tokyo), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Germany (Frankfurt) and UK (London).

  • An OSS access point is created in the region where the OSS bucket is located. For more information, see Create an access point.

  • Function Compute is activated in the region where the OSS bucket is located. For more information, see Create a service.

  • The oss:WriteGetObjectResponse permission is granted to the default service-linked role (AliyunFCDefaultRole). Sample permission policy:

    {
      "Statement": [
        {
          "Action": "oss:WriteGetObjectResponse",
          "Effect": "Allow",
          "Resource": "*"
        }
      ],
      "Version": "1"
    }

    For more information, see Grant permissions to a RAM role.

  • A function is created in a Function Compute service.

    Function Compute can be triggered when you call the GetObject operation by using OSS SDK for Java, OSS SDK for Python, and OSS SDK for Go. When you use OSS SDK for these languages to deploy function code, you must create a function that meets the runtime environment requirements.

    • When you deploy function code by using OSS SDK for Java, you must create a function whose Runtime is Java 11.

    • When you deploy function code by using OSS SDK for Python, you must create a function whose Runtime is Python 3.10.

    • When you deploy function code by using OSS SDK for Go, you must create a function whose Runtime is Go 1.

    Retain the default configurations for other parameters. For more information, see Create a function.

  • A RAM user is granted the following permissions: oss:CreateAccessPointForObjectProcess, oss:GetAccessPointForObjectProcess, oss:DeleteAccessPointForObjectProcess, oss:ListAccessPointsForObjectProcess, oss:PutAccessPointConfigForObjectProcess, oss:GetAccessPointConfigForObjectProcess, oss:PutAccessPointPolicyForObjectProcess, oss:GetAccessPointPolicyForObjectProcess, and oss:DeleteAccessPointPolicyForObjectProcess. For more information, see Common examples of RAM policies.

Limits

Item

Description

Creation method

You can create an Object FC Access Point only by using the OSS console or calling API operations. You cannot create an Object FC Access Point by using OSS SDKs or ossutil.

Quantity

  • You can create up to 1,000 Object FC Access Points for an Alibaba Cloud account.

  • You can create up to 100 Object FC Access Points for a bucket.

Modification rule

After you create an Object FC Access Point, you can modify only its policy. You cannot modify the basic information about the Object FC Access Point, such as its name and alias.

Access mode

An Object FC Access Point does not support anonymous access.

Use the OSS console

  1. Log on to the OSS console.

  2. In the left-side navigation pane, click Object FC Access Points.

  3. On the Object FC Access Points page, click Create Object FC Access Point.

  4. In the Create Object FC Access Point panel, configure the parameters and click OK. The following table describes the parameters.

    Parameter

    Description

    Region

    Select the region in which the access point is located from the drop-down list.

    Object FC Access Point Name

    Specify the name of the Object FC Access Point. Naming conventions:

    • The name can be up to 63 characters in length.

    • The name can contain only lowercase letters, digits, and hyphens (-) and cannot start or end with a hyphen (-).

    • The name must be unique in the current region.

    Supporting Access Point

    Select the created OSS access point.

    Bucket Name

    Display the name of the bucket with which the OSS access point is associated.

    OSS API

    Select GetObject.

    Function Compute Service

    Select a Function Compute service.

    Function to Invoke

    Select the function that you created and then select Support Range GetObject Requests.

    Function Version

    Select a version for the created function. If you do not specify this parameter, the LATEST version is used by default.

  5. Complete role authorization.

    The first time you create an Object FC Access Point, click RAM Quick Authorization and follow the on-screen instructions to authorize the AliyunOSSObjectFcForOSSDefaultRole role to access your OSS and Function Compute resources. To ensure that your OSS account can invoke functions of Function Compute, do not disable, modify, or delete the role and the policies attached to the role.

  6. Click OK.

    • The Object FC Access Point is created in about 10 minutes.

    • After the Object FC Access Point is created, the alias of the Object FC Access Point is automatically displayed on the Object FC Access Points page.

    • You cannot modify, delete, or disable the alias of the Object FC Access Point.

Important

Function Compute is triggered only when you call the GetObject operation by using the alias of an Object FC Access Point. If you use the alias of an Object FC Access Point to call the non-GetObject operation, the system automatically switches to the OSS access point and complies with the policy of the OSS access point.

Use the OSS API

If your business requires a high level of customization, you can directly call RESTful APIs. To directly call an API, you must include the signature calculation in your code. For more information, see CreateAccessPointForObjectProcess.

What to do next

Compile a function that is used to process GetObject requests