ALIYUN::OSS::Bucket is used to create a bucket in Object Storage Service (OSS).
Syntax
{
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": String,
"RefererConfiguration": Map,
"ServerSideEncryptionConfiguration": Map,
"CORSConfiguration": Map,
"Tags": Map,
"LoggingConfiguration": Map,
"LifecycleConfiguration": Map,
"StorageClass": String,
"DeletionForce": Boolean,
"Policy": Map,
"BucketName": String,
"RedundancyType": String,
"VersioningConfiguration": Map,
"ResourceGroupId": String,
"EnableOssHdfsService": Boolean,
"WebsiteConfigurationV2": Map
}
}Properties
Property | Type | Required | Editable | Description | Constraint |
BucketName | String | Yes | No | The bucket name. | The name must be 3 to 63 characters in length, and can contain lowercase letters, digits, and hyphens (-). It must start and end with a lowercase letter or a digit. Note The name must be globally unique. You can set AssociationProperty to AutoCompleteInput to automatically generate a random string as the name. For more information, see How to control the length of a random string? |
AccessControl | String | No | Yes | The permission type. | Valid values:
|
CORSConfiguration | Map | No | No | The cross-origin resource sharing (CORS) configurations. | For more information, see CORSConfiguration properties. |
DeletionForce | Boolean | No | Yes | Specifies whether to forcefully delete objects from OSS. | Valid values:
|
EnableOssHdfsService | Boolean | No | Yes | Specifies whether to enable OSS-HDFS. | Valid values:
|
LifecycleConfiguration | Map | No | Yes | The lifecycle configurations of the objects. | For more information, see LifecycleConfiguration property. |
LoggingConfiguration | Map | No | No | The log storage configurations. | For more information, see LoggingConfiguration properties. |
Policy | Map | No | Yes | Details of the bucket policy. | For more information, see Examples. |
RedundancyType | String | No | No | The data redundancy type of the bucket. | Valid values:
|
RefererConfiguration | Map | No | Yes | The hotlink protection configurations. | For more information, see RefererConfiguration properties. |
ResourceGroupId | String | No | No | The ID of the resource group. | None. |
ServerSideEncryptionConfiguration | Map | No | Yes | The configurations of the server-side encryption rules. | For more information, see ServerSideEncryptionConfiguration properties. |
StorageClass | String | No | No | The storage class of the bucket. | Valid values:
|
Tags | Map | No | Yes | The tags of the bucket. A tag is a key-value pair. | You can add up to 20 tags. A tag key must be 1 to 64 characters in length, and cannot start with A tag value can be up to 128 characters in length, and must be encoded in UTF-8. |
VersioningConfiguration | Map | No | Yes | The container that stores the versioning status of the bucket. | For more information, see VersioningConfiguration property. |
WebsiteConfigurationV2 | Map | No | No | The website configurations. | For more information, see the "WebsiteConfigurationV2 properties" section of this topic. |
CORSConfiguration syntax
"CORSConfiguration": {
"CORSRule": List,
"ResponseVary": Boolean
}CORSConfiguration properties
Property | Type | Required | Editable | Description | Constraint |
CORSRule | List | No | No | The CORS rules. | For more information, see CORSRule properties. |
ResponseVary | Boolean | No | No | Specifies whether to return the | Valid values:
Note This property takes effect only when at least one CORS rule is configured. |
CORSRule syntax
"CORSRule": [
{
"MaxAgeSeconds": Number,
"AllowedMethod": List,
"ExposeHeader": List,
"AllowedOrigin": List,
"AllowedHeader": List
}
]CORSRule properties
Property | Type | Required | Editable | Description | Constraint |
AllowedHeader | List | No | No | The headers allowed in cross-origin requests. | Valid values:
|
AllowedMethod | List | No | No | The methods allowed in cross-domain requests. | Valid values:
|
AllowedOrigin | List | No | No | The origins allowed in cross-origin requests. | None. |
ExposeHeader | List | No | No | The response headers that you can access from your applications. | You cannot use asterisks (*). |
MaxAgeSeconds | Number | No | No | The period of time within which the browser can cache the response to an OPTIONS request for the specified resource. | None. |
LifecycleConfiguration syntax
"LifecycleConfiguration": {
"Rule": List
}LifecycleConfiguration property
Property | Type | Required | Editable | Description | Constraint |
Rule | List | Yes | No | The lifecycle rules. | For more information, see Rule properties. |
Rule syntax
"Rule": [
{
"Status": String,
"AbortMultipartUpload": Map,
"Expiration": Map,
"Prefix": String,
"ID": String,
"Filter": Map
}
]Rule properties
Property | Type | Required | Editable | Description | Constraint |
Prefix | String | Yes | No | The prefix of the names of the objects to which the rule applies. | The rule takes effect only for objects whose names have a matching prefix. |
AbortMultipartUpload | Map | No | No | The expiration properties of the multipart upload tasks that are not complete. | For more information, see AbortMultipartUpload properties. |
Expiration | Map | No | No | The expiration properties of the rule for the objects. | For more information, see Expiration properties. |
ID | String | No | No | The unique ID of the rule. | The ID can be up to 255 characters in length. If you leave this property empty, OSS automatically generates a unique ID for the rule. |
Status | String | No | Yes | Specifies whether to enable the rule. | Valid values:
|
Filter | Map | No | No | Details of the exclusion rule. The exclusion rule contains up to one Not condition. | For more information, see the "Filter property" section of this topic. |
Filter syntax
"Filter":{
"Not": Map
}Filter property
Property | Type | Required | Editable | Description | Constraint |
Not | Map | No | No | Details of the Not condition. | For more information, see the "Not properties" section of this topic. |
Not Syntax
"Not":{
"Tag": List,
"Prefix": String
}Not properties
Property | Type | Required | Editable | Description | Constraint |
Tag | List | No | No | The tag of the objects to which the exclusion rule applies. | The exclusion rule applies to up to one object tag. |
Prefix | String | No | No | The prefix of the names of the objects to which the exclusion rule applies. | The value of this property must meet the following requirements:
In other words, if you specify a prefix in the parent node when you configure an exclusion rule, you must specify a subset or a more specific value for the prefix in the Not child node. The prefix specified in the child node cannot be the same as the prefix specified in the parent node unless a tag is specified in the child node. This provides a more granular and flexible logic for filtering files and objects, especially in scenarios such as cloud storage, data backup, and content filtering. |
Expiration syntax
"Expiration":{
"Days": Number,
"CreatedBeforeDate": String,
"ExpiredObjectDeleteMarker": Boolean
}Expiration properties
Property | Type | Required | Editable | Description | Constraint |
CreatedBeforeDate | String | No | No | The date. OSS implements the rule for data that was last modified on a date earlier than the specified date. | Specify the date in the ISO 8601 standard. The time must be at 00:00:00 UTC. Example: |
Days | Number | No | No | The number of days that elapse for the rule to take effect since the objects were last modified. | When the number of days that elapse since the objects were last modified exceeds the value of this property, the rule is implemented to delete the objects. If you set Days to 30, the objects that were last modified on January 1, 2016 are deleted by the backend application on January 31, 2016. |
ExpiredObjectDeleteMarker | Boolean | No | No | Specifies whether to automatically remove expired delete markers. | Valid values:
|
AbortMultipartUpload syntax
"AbortMultipartUpload": {
"CreatedBeforeDate": String,
"Days": Number
}AbortMultipartUpload properties
Property | Type | Required | Editable | Description | Constraint |
CreatedBeforeDate | String | No | No | The date before which the rule takes effect. | Specify the date in the ISO 8601 standard. The time must be at 00:00:00 UTC. Example: |
Days | Number | No | No | The number of days that elapse for the rule to take effect since the objects were last modified. | When the number of days that elapse since the objects were last modified exceeds the value of this property, the rule is implemented to delete the objects. If you set Days to 30, the objects that were last modified on January 1, 2016 are deleted by the backend application on January 31, 2016. |
LoggingConfiguration syntax
"LoggingConfiguration": {
"TargetBucket": String,
"TargetPrefix": String
}LoggingConfiguration properties
Property | Type | Required | Editable | Description | Constraint |
TargetBucket | String | No | No | The bucket that you want to use to store access logs. | None. |
TargetPrefix | String | No | No | The prefix of the name of the saved access log object. | None. |
WebsiteConfigurationV2 syntax
"WebsiteConfiguration":{
"RoutingRules": List,
"IndexDocument": Map,
"ErrorDocument": Map
}WebsiteConfigurationV2 properties
Property | Type | Required | Editable | Description | Constraint |
ErrorDocument | Map | No | No | The error page of the hosted static website. | None. |
IndexDocument | Map | No | No | The homepage of the hosted static website. | None. |
RoutingRules | List | No | No | The routing rules. | You can specify up to 20 routing rules. |
IndexDocument syntax
"IndexDocument":{
"Suffix": String,
"Type": String,
"SupportSubDir": String
}IndexDocument properties
Property | Type | Required | Editable | Description | Constraint |
Suffix | String | Yes | No | The default homepage. | After the default homepage is specified, OSS returns the default homepage if you access an object whose name ends with a forward slash (/). |
Type | String | No | No | The type of operations for the system to perform when the default homepage is specified, the name of the accessed object does not end with a forward slash (/), and the object does not exist. | This property takes effect only when SupportSubDir is set to true and applies after RoutingRule and before ErrorFile. For example, the default homepage is index.html, the path of the abc object that you want to access is bucket.oss-cn-hangzhou.aliyuncs.com/abc, and the abc object does not exist. Valid values:
|
SupportSubDir | String | No | No | Specifies whether to redirect the access to the default homepage in the subdirectory when the subdirectory is accessed. | Valid values:
|
RoutingRules syntax
"RoutingRules":[{
"Redirect": Map,
"Condition": Map,
"RuleNumber": Integer
}]RoutingRules properties
Property | Type | Required | Editable | Description | Constraint |
Redirect | Map | No | No | The operations for the system to perform when the rule is matched. | For more information, see the "Redirect properties" section of this topic. |
Condition | Map | No | No | The matching conditions. | The rule is executed only when all specified conditions are met. A rule is matched only when the rule meets all the conditions that are specified by nodes in the Condition container. For more information, see the "Condition properties" section of this topic. |
RuleNumber | Integer | No | No | The sequence number of the redirection rule. OSS matches and executes the redirection rule based on the specified sequence number. | If the rule is matched, OSS executes the rule and does not execute subsequent rules. |
Condition syntax
"Condition":{
"KeyPrefixEquals": String,
"HttpErrorCodeReturnedEquals": String,
"IncludeHeaders": List,
"KeySuffixEquals": String
}Condition properties
Property | Type | Required | Editable | Description | Constraint |
KeyPrefixEquals | String | No | No | The prefix of the object names that you want to match. | None. |
HttpErrorCodeReturnedEquals | String | No | No | The status code. The rule is matched only when the specified object is accessed and the specified status code is returned. | When RedirectType is set to Mirror, you must set HttpErrorCodeReturnedEquals to 404. |
IncludeHeaders | List | No | No | The headers that you want to include in the request. The rule is matched only when the request contains the specified headers and header values. | You can specify up to 10 headers. For more information, see the "IncludeHeaders properties" section of this topic. |
KeySuffixEquals | String | No | No | The suffix of the object names that you want to match. | None. |
IncludeHeaders syntax
"IncludeHeaders": [
{
"Equals": String,
"Key": String
}
]IncludeHeaders properties
Property | Type | Required | Editable | Description | Constraint |
Equals | String | No | No | The header value. | None. |
Key | String | Yes | No | The header key. | None. |
RefererConfiguration syntax
"RefererConfiguration":{
"AllowEmptyReferer": String,
"RefererList": List
}RefererConfiguration properties
Property | Type | Required | Editable | Description | Constraint |
AllowEmptyReferer | Boolean | No | No | Specifies whether to allow access requests that include an empty Referer field. | Valid values:
|
RefererList | List | No | No | The Referer whitelist. | None. |
Redirect syntax
"Redirect":{
"MirrorFollowRedirect": Boolean,
"MirrorURL": String,
"PassQueryString": Boolean,
"MirrorPassQueryString": Boolean,
"ReplaceKeyWith": String,
"Protocol": String,
"HttpRedirectCode": String,
"ReplaceKeyPrefixWith": String,
"RedirectType": String,
"MirrorHeaders": Map,
"MirrorCheckMd5": Boolean,
"EnableReplacePrefix": Boolean,
"HostName": String
}Redirect properties
Property | Type | Required | Editable | Description | Constraint |
MirrorFollowRedirect | Boolean | No | No | Specifies whether to redirect the access to the address specified by Location to query data if the origin returns a 3xx status code. | This property takes effect only when RedirectType is set to Mirror. For example, when a mirroring-based back-to-origin request is sent to the origin, the origin returns the 302 status code and the specified Location value. Valid values:
|
MirrorURL | String | No | No | The origin URL for mirroring-based back-to-origin. | This property takes effect only when RedirectType is set to Mirror. The origin URL must start with http:// or https:// and end with a forward slash (/). OSS appends an object name to the end of the origin URL to generate a back-to-origin URL. For example, the name of the object that you want to access is myobject. If MirrorURL is set to http://example.com/, the back-to-origin URL is http://example.com/myobject. If MirrorURL is set to http://example.com/dir1/, the back-to-origin URL is http://example.com/dir1/myobject. |
PassQueryString | Boolean | No | No | Specifies whether to include parameters of the original request in the redirection request when the system performs redirection or mirroring-based back-to-origin. | For example, you send a request in which the a=b&c=d parameter settings are included to access OSS and set PassQueryString to true. If the redirection code specified in the rule is 302, the parameter settings are added to the Location header value for redirection. In this case, the Location header value is changed to example.com?a=b&c=d. If the redirection type is mirroring-based back-to-origin, the parameter settings are also included when you initiate a back-to-origin request. Default value: false. Valid values: true and false. |
MirrorPassQueryString | Boolean | No | No | This property has the same effect as PassQueryString and takes precedence over PassQueryString. This property takes effect only when RedirectType is set to Mirror. | Default value: false. |
ReplaceKeyWith | String | No | No | The string that is used to replace the object name in the request when the Redirect rule is applied. You can specify a variable for this property. | The {key} variable that specifies the object name in the request is supported. For example, the name of the object that you want to access is test. If you set ReplaceKeyWith to prefix/{key}.suffix when you access the test object, the address specified by Location is http://example.com/prefix/test.suffix. That is, if the client accesses an object whose original name is test when the Redirect rule is applied, the server redirects the access to a new address based on the rule. The path of the new address is dynamically generated by the pattern specified by ReplaceKeyWith. In this example, test is appended to the end of prefix/ to form the new address http://example.com/prefix/test.suffix. ".suffix" is a literal value that specifies the object name suffix. The {key} variable is replaced with test. |
Protocol | String | No | No | The protocol that you want to use for redirection. | This property takes effect only when RedirectType is set to External or AliCDN. For example, if the name of the object that you want to access is test, HostName is set to example.com, and Protocol is set to https, the Location header value in the HTTP response is https://example.com/test. Valid values: http and https. |
HttpRedirectCode | String | No | No | The redirection code in the response. | This property takes effect only when RedirectType is set to External or AliCDN. Default value: 302. Valid values: 301, 302, and 307. |
ReplaceKeyPrefixWith | String | No | No | The string that is used to replace the prefix of the object name during redirection. If the prefix of the object name is empty, the string is added before the object name. | Note You can specify ReplaceKeyWith or ReplaceKeyPrefixWith. For example, the name of the object that you want to access is ABC/test.TXT. If you set KeyPrefixEquals to ABC/ and ReplaceKeyPrefixWith to def/, the Location header value is http://example.com/def/test.txt. |
RedirectType | String | Yes | No | The redirection type. | Valid values:
|
MirrorHeaders | Map | No | No | The headers that are returned to the origin when you use mirroring-based back-to-origin. | This property takes effect only when RedirectType is set to Mirror. For more information, see the "MirrorHeaders properties" section of this topic. |
MirrorCheckMd5 | Boolean | No | No | Specifies whether to check the MD5 hash of the body of the response returned by the origin. | This property takes effect only when RedirectType is set to Mirror. When MirrorCheckMd5 is set to true and the response returned by the origin includes the Content-Md5 header, OSS checks whether the MD5 hash of the obtained data matches the header value. If the MD5 hash of the obtained data does not match the header value, OSS does not store the data. Default value: false. |
EnableReplacePrefix | Boolean | No | No | Specifies whether to replace the prefix of the object name with the value of ReplaceKeyPrefixWith. If you set EnableReplacePrefix to true, the prefix of the object name is replaced with the value of ReplaceKeyPrefixWith. If you leave EnableReplacePrefix empty or set EnableReplacePrefix to null, the prefix of the object name is truncated. | You cannot set EnableReplacePrefix to true when ReplaceKeyWith is not left empty. Default value: false. |
HostName | String | No | No | The domain name that you want to use for redirection. | The domain name must comply with the domain name conventions. For example, if the name of the object that you want to access is test, Protocol is set to https, and HostName is set to example.com, the Location header value is https://example.com/test. |
MirrorHeaders syntax
"MirrorHeaders":{
"Remove": List,
"PassAll": Boolean,
"Sets": List,
"Pass": List
}MirrorHeaders properties
Property | Type | Required | Editable | Description | Constraint |
Remove | List | No | No | The headers that you do not want to pass through to the origin. | This property takes effect only when RedirectType is set to Mirror. Each header can be up to 1,024 bytes in length, and can contain digits, letters, and en dashes (‒). You can specify up to 10 headers for this property. |
PassAll | Boolean | No | No | Specifies whether to pass through headers except for the excluded headers to the origin. | This property takes effect only when RedirectType is set to Mirror. The following headers are excluded: content-length, authorization2, authorization, range, date, and headers that start with oss-, x-oss-, or x-drs-. Default value: false. A value of false specifies that the excluded headers are passed through to the origin. You can change the value from false to true to pass through headers except for the excluded headers. |
Sets | List | No | No | The headers that are sent to the origin. The headers are configured in the data returned by the origin regardless of whether the headers are included in the request. | This property takes effect only when RedirectType is set to Mirror. You can specify up to 10 headers for this property. For more information, see the "Sets properties" section of this topic. |
Pass | List | No | No | The headers that you want to pass through to the origin. | This property takes effect only when RedirectType is set to Mirror. Each header can be up to 1,024 bytes in length, and can contain only digits, letters, and en dashes (‒). You can specify up to 10 headers for this property. |
Sets syntax
"Sets": [
{
"Value": String,
"Key": String
}
]Sets properties
Property | Type | Required | Editable | Description | Constraint |
Value | String | Yes | No | The header value. The header value can be up to 1,024 bytes in length, and cannot contain \r\n. | This property takes effect only when RedirectType is set to Mirror. |
Key | String | Yes | No | The header key. The header key can be up to 1024 bytes in length. The character set of this property is the same as the character set of Pass. | This property takes effect only when RedirectType is set to Mirror. |
ErrorDocument syntax
"ErrorDocument":{
"Key": String,
"HttpStatus": String
}ErrorDocument properties
Property | Type | Required | Editable | Description | Constraint |
Key | String | Yes | No | The default error page. | After an error page is specified, the error page is returned if the object that you access does not exist. |
HttpStatus | String | No | No | The HTTP status code returned with the error page. | Default value: 404. Valid values: 200 and 404. |
ServerSideEncryptionConfiguration syntax
"ServerSideEncryptionConfiguration":{
"KMSMasterKeyID": String,
"SSEAlgorithm": String
}ServerSideEncryptionConfiguration properties
Property | Type | Required | Editable | Description | Constraint |
SSEAlgorithm | String | Yes | No | The default server-side encryption method. | Valid values:
|
KMSMasterKeyID | String | No | No | The key ID. | You must specify this property only when SSEAlgorithm is set to KMS and a key is used for encryption. |
VersioningConfiguration syntax
"VersioningConfiguration":{
"Status": String
}VersioningConfiguration property
Property | Type | Required | Editable | Description | Constraint |
Status | String | Yes | No | The versioning status. | Valid values:
|
Return values
Fn::GetAtt
Name: the bucket name, which is globally unique.
DomainName: the public domain name of the bucket.
InternalDomainName: the internal domain name of the bucket.
Examples
YAML format
ROSTemplateFormatVersion: '2015-09-01'
Description: Creates a simple oss bucket
Parameters:
BucketName:
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 5
Prefix: simple-oss-bucket
CharacterClasses:
- Class: lowercase
min: 1
Type: String
Label:
en: Bucket Name
Outputs:
BucketDomainName:
Value:
Fn::GetAtt:
- MyBucket
- DomainName
Resources:
MyBucket:
Type: ALIYUN::OSS::Bucket
Properties:
AccessControl: private
BucketName:
Ref: BucketName
Metadata: {}
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Creates a simple oss bucket",
"Parameters": {
"BucketName": {
"Type": "String",
"Label": {
"en": "Bucket Name"
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 5 ,
"Prefix": "simple-oss-bucket",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
]
}
}
},
"Metadata": {
},
"Resources": {
"MyBucket": {
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": "private",
"BucketName": {
"Ref": "BucketName"
}
}
}
},
"Outputs": {
"BucketDomainName": {
"Value": {
"Fn::GetAtt": [
"MyBucket",
"DomainName"
]
}
}
}
}