- Release Notes and Announcements
- Announcements
- Notification on Service Suspension Policy Change in Case of Overdue Payment for COS Pay-As-You-Go (Postpaid)
- Implementation Notice for Security Management of COS Bucket Domain (Effective January 2024)
- Notification of Price Reduction for COS Retrieval and Storage Capacity Charges
- Daily Billing for COS Storage Usage, Request, and Data Retrieval
- COS Will Stop Supporting New Default CDN Acceleration Domains
- Release Notes
- Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Bucket
- Deleting Buckets
- Querying Bucket
- Clearing Bucket
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Resource Sharing (CORS)
- Setting Versioning
- Setting Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting Log Analysis
- Setting INTELLIGENT TIERING
- Setting Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Log Retrieval
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Setting Object Lock
- Object Management
- Uploading an Object
- Downloading Objects
- Copying Object
- Previewing or Editing Object
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload to ARCHIVE
- Modifying Storage Class
- Deleting Incomplete Multipart Uploads
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting Objects
- Restoring Archived Objects
- Folder Management
- Data Extraction
- Setting Object Tag
- Exporting Object URLs
- Restoring Historical Object Version
- Batch Operation
- Monitoring Reports
- Data Processing
- Content Moderation
- Smart Toolbox User Guide
- Data Processing Workflow
- Application Integration
- User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCLI Overview
- Download and Installation Configuration
- Common Options
- Common Commands
- Generating and Modifying Configuration Files - config
- Creating Buckets - mb
- Deleting Buckets - rb
- Tagging Bucket - bucket-tagging
- Querying Bucket/Object List - ls
- Obtaining Statistics on Different Types of Objects - du
- Uploading/Downloading/Copying Objects - cp
- Syncing Upload/Download/Copy - sync
- Deleting Objects - rm
- Getting File Hash Value - hash
- Listing Incomplete Multipart Uploads - lsparts
- Clearing Incomplete Multipart Uploads - abort
- Retrieving Archived Files - restore
- Getting Pre-signed URL - signurl
- FAQs
- COSCMD
- COS Migration
- FTP Server
- Hadoop
- COSDistCp
- Hadoop-cos-DistChecker
- HDFS TO COS
- Online Auxiliary Tools
- Diagnostic Tool
- Best Practices
- Overview
- Access Control and Permission Management
- ACL Practices
- CAM Practices
- Granting Sub-Accounts Access to COS
- Authorization Cases
- Working with COS API Authorization Policies
- Security Guidelines for Using Temporary Credentials for Direct Upload from Frontend to COS
- Generating and Using Temporary Keys
- Authorizing Sub-Account to Get Buckets by Tag
- Descriptions and Use Cases of Condition Keys
- Granting Bucket Permissions to a Sub-Account that is Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS with AWS S3 SDK
- Data Disaster Recovery and Backup
- Domain Name Management Practice
- Image Processing
- Audio/Video Practices
- Workflow
- Direct Data Upload
- Content Moderation
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Use the general configuration of COS in third-party applications compatible with S3
- Storing Remote WordPress Attachments to COS
- Storing Ghost Attachment to COS
- Backing up Files from PC to COS
- Using Nextcloud and COS to Build Personal Online File Storage Service
- Mounting COS to Windows Server as Local Drive
- Setting up Image Hosting Service with PicGo, Typora, and COS
- Managing COS Resource with CloudBerry Explorer
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management
- Batch Operation
- Global Acceleration
- Data Workflow
- Monitoring and Alarms
- Data Lake Storage
- Cloud Native Datalake Storage
- Metadata Accelerator
- Metadata Acceleration Overview
- Migrating HDFS Data to Metadata Acceleration-Enabled Bucket
- Using HDFS to Access Metadata Acceleration-Enabled Bucket
- Mounting a COS Bucket in a Computing Cluster
- Accessing COS over HDFS in CDH Cluster
- Using Hadoop FileSystem API Code to Access COS Metadata Acceleration Bucket
- Using DataX to Sync Data Between Buckets with Metadata Acceleration Enabled
- Big Data Security
- GooseFS
- Data Processing
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Action List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Object Lock (ObjectLock)
- Origin-Pull (Origin)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotation
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Grayscale Image
- Image Watermark
- Text Watermark
- Obtaining Basic Image Information
- Getting Image EXIF
- Obtaining Image’s Average Hue
- Metadata Removal
- Quick Thumbnail Template
- Limiting Output Image Size
- Pipeline Operators
- Image Advanced Compression
- Persistent Image Processing
- Image Compression
- Blind Watermark
- Basic Image Processing
- AI-Based Content Recognition
- Media Processing
- File Processing
- File Processing
- Image Processing
- Job and Workflow
- Common Request Headers
- Common Response Headers
- Error Codes
- Workflow APIs
- Workflow Instance
- Job APIs
- Media Processing
- Canceling Media Processing Job
- Querying Media Processing Job
- Media Processing Job Callback
- Video-to-Animated Image Conversion
- Audio/Video Splicing
- Adding Digital Watermark
- Extracting Digital Watermark
- Getting Media Information
- Noise Cancellation
- Video Quality Scoring
- SDRtoHDR
- Remuxing (Audio/Video Segmentation)
- Intelligent Thumbnail
- Frame Capturing
- Stream Separation
- Super Resolution
- Audio/Video Transcoding
- Text to Speech
- Video Montage
- Video Enhancement
- Video Tagging
- Voice/Sound Separation
- Image Processing
- Multi-Job Processing
- AI-Based Content Recognition
- Sync Media Processing
- Media Processing
- Template APIs
- Media Processing
- Creating Media Processing Template
- Creating Animated Image Template
- Creating Splicing Template
- Creating Top Speed Codec Transcoding Template
- Creating Screenshot Template
- Creating Super Resolution Template
- Creating Audio/Video Transcoding Template
- Creating Professional Transcoding Template
- Creating Text-to-Speech Template
- Creating Video Montage Template
- Creating Video Enhancement Template
- Creating Voice/Sound Separation Template
- Creating Watermark Template
- Creating Intelligent Thumbnail Template
- Deleting Media Processing Template
- Querying Media Processing Template
- Updating Media Processing Template
- Updating Animated Image Template
- Updating Splicing Template
- Updating Top Speed Codec Transcoding Template
- Updating Screenshot Template
- Updating Super Resolution Template
- Updating Audio/Video Transcoding Template
- Updating Professional Transcoding Template
- Updating Text-to-Speech Template
- Updating Video Montage Template
- Updating Video Enhancement Template
- Updating Voice/Sound Separation Template
- Updating Watermark Template
- Updating Intelligent Thumbnail Template
- Creating Media Processing Template
- AI-Based Content Recognition
- Media Processing
- Batch Job APIs
- Callback Content
- Appendix
- Content Moderation APIs
- Submitting Virus Detection Job
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Getting Started
- Android SDK FAQs
- Quick Experience
- Bucket Operations
- Object Operations
- Uploading an Object
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Data Verification
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- .NET (C#) SDK
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Restoring Archived Objects
- Querying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Content Moderation
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Backward Compatibility
- SDK for Flutter
- Go SDK
- iOS SDK
- Getting Started
- iOS SDK
- Quick Experience
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Listing Objects
- Copying and Moving Objects
- Extracting Object Content
- Checking Whether an Object Exists
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Server-Side Encryption
- Object Access URL
- Generating Pre-Signed URL
- Configuring CORS Preflight Requests
- Cross-region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Content Recognition
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Java SDK
- Getting Started
- FAQs
- Bucket Operations
- Object Operations
- Uploading Object
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Querying Object Metadata
- Modifying Object Metadata
- Object Access URL
- Generating Pre-Signed URLs
- Restoring Archived Objects
- Server-Side Encryption
- Client-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Uploading/Downloading Object at Custom Domain Name
- Data Management
- Cross-Region Disaster Recovery
- Cloud Access Management
- Image Processing
- Content Moderation
- File Processing
- Media Processing
- AI-Based Content Recognition
- Troubleshooting
- Setting Access Domain Names (CDN/Global Acceleration)
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Getting Started
- Python SDK FAQs
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Querying Object Metadata
- Modifying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Restoring Archived Objects
- Extracting Object Content
- Server-Side Encryption
- Client-Side Encryption
- Single-URL Speed Limits
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Content Recognition
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Image Processing
- React Native SDK
- Mini Program SDK
- Getting Started
- FAQs
- Bucket Operations
- Object Operations
- Uploading an Object
- Downloading Objects
- Listing Objects
- Deleting Objects
- Copying and Moving Objects
- Restoring Archived Objects
- Querying Object Metadata
- Checking Whether an Object Exists
- Object Access URL
- Generating Pre-Signed URL
- Configuring CORS Preflight Requests
- Single-URL Speed Limits
- Server-Side Encryption
- Remote disaster-tolerant
- Data Management
- Cloud Access Management
- Data Verification
- Content Moderation
- Setting Access Domain Names (CDN/Global Acceleration)
- Image Processing
- Troubleshooting
- Error Codes
- FAQs
- Service Level Agreement
- Appendices
- Glossary
- Release Notes and Announcements
- Announcements
- Notification on Service Suspension Policy Change in Case of Overdue Payment for COS Pay-As-You-Go (Postpaid)
- Implementation Notice for Security Management of COS Bucket Domain (Effective January 2024)
- Notification of Price Reduction for COS Retrieval and Storage Capacity Charges
- Daily Billing for COS Storage Usage, Request, and Data Retrieval
- COS Will Stop Supporting New Default CDN Acceleration Domains
- Release Notes
- Announcements
- Product Introduction
- Purchase Guide
- Getting Started
- Console Guide
- Console Overview
- Bucket Management
- Bucket Overview
- Creating Bucket
- Deleting Buckets
- Querying Bucket
- Clearing Bucket
- Setting Access Permission
- Setting Bucket Encryption
- Setting Hotlink Protection
- Setting Origin-Pull
- Setting Cross-Origin Resource Sharing (CORS)
- Setting Versioning
- Setting Static Website
- Setting Lifecycle
- Setting Logging
- Accessing Bucket List Using Sub-Account
- Adding Bucket Policies
- Setting Log Analysis
- Setting INTELLIGENT TIERING
- Setting Inventory
- Domain Name Management
- Setting Bucket Tags
- Setting Log Retrieval
- Setting Cross-Bucket Replication
- Enabling Global Acceleration
- Setting Object Lock
- Object Management
- Uploading an Object
- Downloading Objects
- Copying Object
- Previewing or Editing Object
- Viewing Object Information
- Searching for Objects
- Sorting and Filtering Objects
- Direct Upload to ARCHIVE
- Modifying Storage Class
- Deleting Incomplete Multipart Uploads
- Setting Object Access Permission
- Setting Object Encryption
- Custom Headers
- Deleting Objects
- Restoring Archived Objects
- Folder Management
- Data Extraction
- Setting Object Tag
- Exporting Object URLs
- Restoring Historical Object Version
- Batch Operation
- Monitoring Reports
- Data Processing
- Content Moderation
- Smart Toolbox User Guide
- Data Processing Workflow
- Application Integration
- User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCLI Overview
- Download and Installation Configuration
- Common Options
- Common Commands
- Generating and Modifying Configuration Files - config
- Creating Buckets - mb
- Deleting Buckets - rb
- Tagging Bucket - bucket-tagging
- Querying Bucket/Object List - ls
- Obtaining Statistics on Different Types of Objects - du
- Uploading/Downloading/Copying Objects - cp
- Syncing Upload/Download/Copy - sync
- Deleting Objects - rm
- Getting File Hash Value - hash
- Listing Incomplete Multipart Uploads - lsparts
- Clearing Incomplete Multipart Uploads - abort
- Retrieving Archived Files - restore
- Getting Pre-signed URL - signurl
- FAQs
- COSCMD
- COS Migration
- FTP Server
- Hadoop
- COSDistCp
- Hadoop-cos-DistChecker
- HDFS TO COS
- Online Auxiliary Tools
- Diagnostic Tool
- Best Practices
- Overview
- Access Control and Permission Management
- ACL Practices
- CAM Practices
- Granting Sub-Accounts Access to COS
- Authorization Cases
- Working with COS API Authorization Policies
- Security Guidelines for Using Temporary Credentials for Direct Upload from Frontend to COS
- Generating and Using Temporary Keys
- Authorizing Sub-Account to Get Buckets by Tag
- Descriptions and Use Cases of Condition Keys
- Granting Bucket Permissions to a Sub-Account that is Under Another Root Account
- Performance Optimization
- Data Migration
- Accessing COS with AWS S3 SDK
- Data Disaster Recovery and Backup
- Domain Name Management Practice
- Image Processing
- Audio/Video Practices
- Workflow
- Direct Data Upload
- Content Moderation
- Data Security
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Use the general configuration of COS in third-party applications compatible with S3
- Storing Remote WordPress Attachments to COS
- Storing Ghost Attachment to COS
- Backing up Files from PC to COS
- Using Nextcloud and COS to Build Personal Online File Storage Service
- Mounting COS to Windows Server as Local Drive
- Setting up Image Hosting Service with PicGo, Typora, and COS
- Managing COS Resource with CloudBerry Explorer
- Developer Guide
- Creating Request
- Bucket
- Object
- Data Management
- Data Disaster Recovery
- Data Security
- Cloud Access Management
- Batch Operation
- Global Acceleration
- Data Workflow
- Monitoring and Alarms
- Data Lake Storage
- Cloud Native Datalake Storage
- Metadata Accelerator
- Metadata Acceleration Overview
- Migrating HDFS Data to Metadata Acceleration-Enabled Bucket
- Using HDFS to Access Metadata Acceleration-Enabled Bucket
- Mounting a COS Bucket in a Computing Cluster
- Accessing COS over HDFS in CDH Cluster
- Using Hadoop FileSystem API Code to Access COS Metadata Acceleration Bucket
- Using DataX to Sync Data Between Buckets with Metadata Acceleration Enabled
- Big Data Security
- GooseFS
- Data Processing
- Troubleshooting
- API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Action List
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Lifecycle
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Tag (tagging)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Versioning
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Object Lock (ObjectLock)
- Origin-Pull (Origin)
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- Scaling
- Cropping
- Rotation
- Converting Format
- Quality Change
- Gaussian Blurring
- Adjusting Brightness
- Adjusting Contrast
- Sharpening
- Grayscale Image
- Image Watermark
- Text Watermark
- Obtaining Basic Image Information
- Getting Image EXIF
- Obtaining Image’s Average Hue
- Metadata Removal
- Quick Thumbnail Template
- Limiting Output Image Size
- Pipeline Operators
- Image Advanced Compression
- Persistent Image Processing
- Image Compression
- Blind Watermark
- Basic Image Processing
- AI-Based Content Recognition
- Media Processing
- File Processing
- File Processing
- Image Processing
- Job and Workflow
- Common Request Headers
- Common Response Headers
- Error Codes
- Workflow APIs
- Workflow Instance
- Job APIs
- Media Processing
- Canceling Media Processing Job
- Querying Media Processing Job
- Media Processing Job Callback
- Video-to-Animated Image Conversion
- Audio/Video Splicing
- Adding Digital Watermark
- Extracting Digital Watermark
- Getting Media Information
- Noise Cancellation
- Video Quality Scoring
- SDRtoHDR
- Remuxing (Audio/Video Segmentation)
- Intelligent Thumbnail
- Frame Capturing
- Stream Separation
- Super Resolution
- Audio/Video Transcoding
- Text to Speech
- Video Montage
- Video Enhancement
- Video Tagging
- Voice/Sound Separation
- Image Processing
- Multi-Job Processing
- AI-Based Content Recognition
- Sync Media Processing
- Media Processing
- Template APIs
- Media Processing
- Creating Media Processing Template
- Creating Animated Image Template
- Creating Splicing Template
- Creating Top Speed Codec Transcoding Template
- Creating Screenshot Template
- Creating Super Resolution Template
- Creating Audio/Video Transcoding Template
- Creating Professional Transcoding Template
- Creating Text-to-Speech Template
- Creating Video Montage Template
- Creating Video Enhancement Template
- Creating Voice/Sound Separation Template
- Creating Watermark Template
- Creating Intelligent Thumbnail Template
- Deleting Media Processing Template
- Querying Media Processing Template
- Updating Media Processing Template
- Updating Animated Image Template
- Updating Splicing Template
- Updating Top Speed Codec Transcoding Template
- Updating Screenshot Template
- Updating Super Resolution Template
- Updating Audio/Video Transcoding Template
- Updating Professional Transcoding Template
- Updating Text-to-Speech Template
- Updating Video Montage Template
- Updating Video Enhancement Template
- Updating Voice/Sound Separation Template
- Updating Watermark Template
- Updating Intelligent Thumbnail Template
- Creating Media Processing Template
- AI-Based Content Recognition
- Media Processing
- Batch Job APIs
- Callback Content
- Appendix
- Content Moderation APIs
- Submitting Virus Detection Job
- SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- Getting Started
- Android SDK FAQs
- Quick Experience
- Bucket Operations
- Object Operations
- Uploading an Object
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Generating Pre-Signed URLs
- Configuring Preflight Requests for Cross-origin Access
- Server-Side Encryption
- Single-Connection Bandwidth Limit
- Extracting Object Content
- Remote Disaster Recovery
- Data Management
- Cloud Access Management
- Data Verification
- Image Processing
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- C SDK
- C++ SDK
- .NET(C#) SDK
- Getting Started
- .NET (C#) SDK
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Restoring Archived Objects
- Querying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Configuring Preflight Requests for Cross-Origin Access
- Server-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Content Moderation
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Backward Compatibility
- SDK for Flutter
- Go SDK
- iOS SDK
- Getting Started
- iOS SDK
- Quick Experience
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Listing Objects
- Copying and Moving Objects
- Extracting Object Content
- Checking Whether an Object Exists
- Deleting Objects
- Restoring Archived Objects
- Querying Object Metadata
- Server-Side Encryption
- Object Access URL
- Generating Pre-Signed URL
- Configuring CORS Preflight Requests
- Cross-region Disaster Recovery
- Data Management
- Cloud Access Management
- Image Processing
- Content Recognition
- Setting Custom Headers
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Java SDK
- Getting Started
- FAQs
- Bucket Operations
- Object Operations
- Uploading Object
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Querying Object Metadata
- Modifying Object Metadata
- Object Access URL
- Generating Pre-Signed URLs
- Restoring Archived Objects
- Server-Side Encryption
- Client-Side Encryption
- Single-URL Speed Limits
- Extracting Object Content
- Uploading/Downloading Object at Custom Domain Name
- Data Management
- Cross-Region Disaster Recovery
- Cloud Access Management
- Image Processing
- Content Moderation
- File Processing
- Media Processing
- AI-Based Content Recognition
- Troubleshooting
- Setting Access Domain Names (CDN/Global Acceleration)
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- Getting Started
- Python SDK FAQs
- Bucket Operations
- Object Operations
- Uploading Objects
- Downloading Objects
- Copying and Moving Objects
- Listing Objects
- Deleting Objects
- Checking Whether Objects Exist
- Querying Object Metadata
- Modifying Object Metadata
- Object Access URL
- Getting Pre-Signed URLs
- Restoring Archived Objects
- Extracting Object Content
- Server-Side Encryption
- Client-Side Encryption
- Single-URL Speed Limits
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Content Recognition
- Setting Access Domain Names (CDN/Global Acceleration)
- Troubleshooting
- Image Processing
- React Native SDK
- Mini Program SDK
- Getting Started
- FAQs
- Bucket Operations
- Object Operations
- Uploading an Object
- Downloading Objects
- Listing Objects
- Deleting Objects
- Copying and Moving Objects
- Restoring Archived Objects
- Querying Object Metadata
- Checking Whether an Object Exists
- Object Access URL
- Generating Pre-Signed URL
- Configuring CORS Preflight Requests
- Single-URL Speed Limits
- Server-Side Encryption
- Remote disaster-tolerant
- Data Management
- Cloud Access Management
- Data Verification
- Content Moderation
- Setting Access Domain Names (CDN/Global Acceleration)
- Image Processing
- Troubleshooting
- Error Codes
- FAQs
- Service Level Agreement
- Appendices
- Glossary
Working with COS API Authorization Policies
Terakhir diperbarui:2024-03-25 15:11:17
Note:
When granting API access permissions to a sub-user or collaborator, be sure to follow the principle of least privilege and grant the minimum set of permissions necessary to satisfy business needs. There may be data security risks if you grant excessive access to all of your resources
(resource:*) or all operations (action:*).Overview
When using a temporary key to access COS, the operation permissions required vary by API or series of APIs that you specify.
A COS API authorization policy is a JSON string. For example, below is a policy that grants the permission to perform uploads (including simple upload, upload through an HTML form, and multipart upload) for objects prefixed with
doc and downloads for objects prefixed with doc2 for the bucket examplebucket-1250000000 in the region "ap-beijing" under the APPID 1250000000:{"version": "2.0","statement": [{"action": [// Upload an object by using simple upload"name/cos:PutObject",// Upload an object by using an HTML form"name/cos:PostObject",// Initialize a multipart upload"name/cos:InitiateMultipartUpload",// List all ongoing multipart uploads"name/cos:ListMultipartUploads",// List uploaded parts"name/cos:ListParts",// Upload parts"name/cos:UploadPart",// Complete a multipart upload"name/cos:CompleteMultipartUpload",// Abort a multipart upload"name/cos:AbortMultipartUpload"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]},{"action": [// Download"name/cos:GetObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc2/*"]}]}
Authorization Policy Elements
Name | Description |
version | Policy syntax version, which is 2.0 by default. |
effect | Allow or deny. |
resource | Specific data of the authorized operation, which can be any resources, resources with a specified path prefix, resource in a specified absolute path, or their combination. |
action | COS API. You can specify one, several, or all ( *) COS APIs as needed, such as name/cos:GetService. Note that this value is case-sensitive. |
condition |
Examples of authorization policy settings for each COS API are as listed below.
Service APIs
Querying bucket list
To grant access to the
GET Service API, the action field in the policy should be set to name/cos:GetService, and the resource field to *.Sample
The following policy grants the permission to query the bucket list:
{"version": "2.0","statement": [{"action": ["name/cos:GetService"],"effect": "allow","resource": ["*"]}]}
Bucket APIs
The
resource field for bucket API policies is outlined in further detail below:To allow access to buckets in all regions
The
resource field should be set to *. Use this option with caution as it may present data security risks due to excessive permissions.To allow access only to buckets in a specified region
For example, to grant access to
examplebucket-1250000000 under the APPID 1250000000 in the region ap-beijing, the resource field should be set to qcs::cos:ap-beijing:uid/1250000000:*.To allow access only to a bucket with a specified name in a specified region
For example, to grant access to the bucket named
examplebucket-1250000000 under the APPID 1250000000 in the region ap-beijing, the resource field should be set to qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/*.The
action field in bucket API policies varies by operation. The following lists several bucket API policies for your reference.Creating bucket
To grant access to the
PUT Bucket API, the action field in the policy should be set to name/cos:PutBucket.Sample
The following policy grants the user with the APPID
1250000000 permission to create a bucket named examplebucket-1250000000 in Beijing region:{"version": "2.0","statement": [{"action": ["name/cos:PutBucket"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Note:
Extracting bucket and its permissions
To grant the access to the
HEAD Bucket API, the action field in the policy should be set to name/cos:HeadBucket.Sample
The following policy grants the permission to extract only the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:HeadBucket"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Querying object list
To grant access to the
GET Bucket API, the action field in the policy should be set to name/cos:GetBucket.Sample
The following policy grants the permission to query only the list of objects in the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:GetBucket"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Deleting bucket
To grant access to the
Delete Bucket API, the action field in the policy should be set to name/cos:DeleteBucket.Sample
The following policy grants the permission to delete only the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:DeleteBucket"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Setting bucket ACL
To grant access to the
Put Bucket ACL API, the action field in the policy should be set to name/cos:PutBucketACL.Sample
The following policy grants the permission to set an ACL only for the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:PutBucketACL"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Querying bucket ACL
To grant access to the
GET Bucket acl API, the action field in the policy should be set to name/cos:GetBucketACL.Sample
The following policy grants the permission to get the ACL only of the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:GetBucketACL"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Setting CORS configuration
To grant access to the
PUT Bucket cors API, the action field in the policy should be set to name/cos:PutBucketCORS.Sample
The following policy grants the permission to set a CORS configuration only for the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:PutBucketCORS"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Querying CORS configuration
To grant access to the
GET Bucket cors API, the action field in the policy should be set to name/cos:GetBucketCORS.Sample
The following policy grants the permission to query the CORS configuration only of the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:GetBucketCORS"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Deleting CORS configuration
To grant access to the
DELETE Bucket cors API, the action field in the policy should be set to name/cos:DeleteBucketCORS.Sample
The following policy grants the permission to delete the CORS configuration only of the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:DeleteBucketCORS"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Setting lifecycle configuration
To grant access to the
PUT Bucket lifecycle API, the action field in the policy should be set to name/cos:PutBucketLifecycle.Sample
The following policy grants the permission to set a lifecycle configuration only for the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:PutBucketLifecycle"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Querying lifecycle configuration
To grant access to the
GET Bucket lifecycle API, the action field in the policy should be set to name/cos:GetBucketLifecycle.Sample
The following policy grants the permission to query the lifecycle configuration only of the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:GetBucketLifecycle"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Deleting lifecycle configuration
To grant access to the
DELETE Bucket lifecycle API, the action field in the policy should be set to name/cos:DeleteBucketLifecycle.Sample
The following policy grants the permission to delete the lifecycle configuration only of the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:DeleteBucketLifecycle"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Object APIs
The
resource field for object API policies is outlined in further detail below:To grant access to all objects, the
resource field should be set to *.To grant access only to objects in a specified bucket, such as objects in the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000, the resource field should be set to qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/*.To grant access only to objects with a specified path prefix in a specified bucket, such as objects with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000, the resource field should be set to qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*.To grant access only to an object in a specified absolute path, such as the object in the absolute path
doc/audio.mp3 in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000, the resource field should be set to qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/audio.mp3.The
action field in object API policies varies by operation. All object API policies are as listed below.Uploading object by using simple upload
To grant access to the
PUT Object API, the action field in the policy should be set to name/cos:PutObject.Sample
The following policy grants the permission to use simple upload to upload only objects with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:PutObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Multipart upload
Multipart upload APIs include
Initiate Multipart Upload, List Multipart Uploads, List Parts, Upload Part, Complete Multipart Upload, and Abort Multipart Upload. To grant access to these APIs, the action field in the policy should be a collection of "name/cos:InitiateMultipartUpload","name/cos:ListMultipartUploads","name/cos:ListParts","name/cos:UploadPart","name/cos:CompleteMultipartUpload","name/cos:AbortMultipartUpload".Sample
The following policy grants the permission to use multipart upload to upload only objects with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:InitiateMultipartUpload","name/cos:ListMultipartUploads","name/cos:ListParts","name/cos:UploadPart","name/cos:CompleteMultipartUpload","name/cos:AbortMultipartUpload"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Querying multipart upload
To grant access to this API, the
action field in the policy should be set to name/cos:ListMultipartUploads.Sample
The following policy grants the permission to query ongoing multipart uploads only in the bucket
examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:ListMultipartUploads"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/"]}]}
Uploading object by using HTML form
To grant access to the
POST Object API, the action field in the policy should be set to name/cos:PostObject.Sample
The following policy grants the permission to use the
POST method to upload only objects with the path prefix doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:PostObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Appending parts
To grant access to the
Append Object API, the action field in the policy should be set to name/cos:AppendObject.Sample
The following policy grants permission to append parts to objects with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:AppendObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Querying object metadata
To grant access to the
HEAD Object API, the action field in the policy should be set to name/cos:HeadObject.Sample
The following policy grants the permission to query objects only with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:HeadObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Downloading object
To grant access to the
GET Object API, the action field in the policy should be set to name/cos:GetObject.Sample
The following policy grants the permission to download only objects with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:GetObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Copying object
To grant access to the
Put Object Copy API, the action field for the destination object should be set to name/cos:PutObject, and the action field for the source object should be set to name/cos:GetObject.Sample
The following policy grants the permission to use multipart copy to copy objects from the path prefixed with
doc to the path prefixed with doc2 in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:PutObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]},{"action": ["name/cos:GetObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc2/*"]}]}
Here,
"qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc2/*" is the source object.Copying part
To grant access to the
Upload Part - Copy API, the action field for the destination object should be a collection of "name/cos:InitiateMultipartUpload","name/cos:ListMultipartUploads","name/cos:ListParts","name/cos:PutObject","name/cos:CompleteMultipartUpload","name/cos:AbortMultipartUpload", and the action field for the source object should be set to name/cos:GetObject.Sample
The following policy grants the permission to use multipart copy to copy objects from the path prefixed with
doc to the path prefixed with doc2 in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:InitiateMultipartUpload","name/cos:ListMultipartUploads","name/cos:ListParts","name/cos:PutObject","name/cos:CompleteMultipartUpload","name/cos:AbortMultipartUpload"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]},{"action": ["name/cos:GetObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc2/*"]}]}
Here,
"qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc2/*" is the source object.Setting object ACL
To grant access to the
Put Object ACL API, the action field in the policy should be set to name/cos:PutObjectACL.Sample
The following policy grants the permission to set an ACL only for objects with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:PutObjectACL"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Querying object ACL
To grant access to the
Get Object ACL API, the action field in the policy should be set to name/cos:GetObjectACL.Sample
The following policy grants the permission to query the ACL only of objects with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:GetObjectACL"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Checking CORS configuration
To grant access to the
OPTIONS Object API, the action field in the policy should be set to name/cos:OptionsObject.Sample
The following policy grants the permission to send an
OPTIONS request only for objects with the path prefix doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:OptionsObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Restoring archived object
To grant access to the
Post Object Restore API, the action field in the policy should be set to name/cos:PostObjectRestore.Sample
The following policy grants the permission to restore archived objects only with the path prefix
doc in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:PostObjectRestore"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Deleting object
To grant access to the
DELETE Object API, the action field in the policy should be set to name/cos:DeleteObject.Sample
The following policy grants the permission to delete only the object
audio.mp3 in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:DeleteObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/audio.mp3"]}]}
Deleting multiple objects
To grant access to the
DELETE Multiple Objects API, the action field in the policy should be set to name/cos:DeleteObject.Sample
The following policy grants the permission to batch delete only the objects
audio.mp3 and video.mp4 in the bucket examplebucket-1250000000 in the region ap-beijing under the APPID 1250000000:{"version": "2.0","statement": [{"action": ["name/cos:DeleteObject"],"effect": "allow","resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/audio.mp3","qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/video.mp4"]}]}
Authorization Policies for Common Scenarios
Granting full access to all resources
The following policy grants full access to all resources:
{"version": "2.0","statement": [{"action": ["*"],"effect": "allow","resource": ["*"]}]}
Granting read-only access to all resources
The following policy grants read-only access to all resources:
{"version": "2.0","statement": [{"action": ["name/cos:HeadObject","name/cos:GetObject","name/cos:GetBucket","name/cos:OptionsObject"],"effect": "allow","resource": ["*"]}]}
Granting read-write access to resources with specified path prefix
The following policy grants the permission to access only files with the path prefix
doc in the bucket examplebucket-1250000000 and does not allow any operations on files in other paths:{"version": "2.0","statement": [{"action": ["*"],"effect": "allow","resource": ["qcs::cos:ap-shanghai:uid/1250000000:examplebucket-1250000000/doc/*"]}]}
Ya
Tidak
Apakah halaman ini membantu?