The second half of a bucket name is the APPID. You can check it by logging in to the COS Console. To view SecretId and SecretKey, log in to the CAM Console and go to API Key Management.
By default, a temporary key is valid for 30 min (1,800 s). The maximum duration is 2 h (7,200 s) for a root account, and 36 h (129,600 s) for a sub-account. Any requests that include expired temporary keys will be rejected. For more information on temporary keys, please see Generating and Using Temporary Keys.
You can delete the leaked key and create a new one. For more information, please see Access Key.
For more information, see Generating and Using Temporary Keys. You can set the validity period for your key.
Troubleshoot the problem by following the steps below:
You can set the Get Bucket permission to deny anyone for the bucket by following the steps below:
Log in to the COS Console and click the bucket in the bucket list to enter its permission management page.
Locate Bucket Policy, click Policy Syntax > Edit, and enter the following expression:
{
""Statement"": [
{
""Action"": [
""name/cos:GetBucket"",
""name/cos:GetBucketObjectVersions""
],
""Effect"": ""Deny"",
""Principal"": {
""qcs"": [
""qcs::cam::anyone:anyone""
]
},
""Resource"": [
""qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/*""
]
}
],
""version"": ""2.0""
}
Replace the information in ""qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/*"" as follows:
- Replace ""ap-beijing"" with the region where your bucket resides.
- Replace ""1250000000"" with your APPID.
- Replace ""examplebucket-1250000000"" with your bucket name.
The second half of the bucket name is the APPID. You can view it by logging in to the COS Console.
The ACL limit is imposed at the account level. It is not recommended to specify ACL permission when you upload files, because this may make the number of your bucket ACLs exceed the upper limit of 1,000, and thus cause an error.
A collaborator account is a special sub-account. For more information, see Access Policy Language Overview.
Log in to the CAM Console and enter the user management page where you can enable sub-accounts for different businesses and grant them corresponding permission.
For more information, see Granting Sub-accounts Access to COS.
To grant a sub-account access to a specific bucket, you can add access paths for the sub-account. For more information, see Accessing Bucket List Using a Sub-account.
For more information, see ACL Practices and Cloud Access Management Practices.
If you use a CDN-accelerated domain name to access resources, factors such as cache in CDN may affect the stability of hotlink protection in COS. You are recommended to log in to the CDN Console to configure hotlink protection. For more information, see Hotlink Protection Configuration.
When setting hotlink protection, you can choose to allow empty referer, so that access will be allowed when a resource link is opened in a browser even if an allowlist is configured.
a.com
, but the web player at a.com
cannot play video files in the bucket. What should I do?When you open a video link and use Windows Media Player, Flash Player, or other players to play the video on the webpage, referer in the request will be empty, leading to a miss in the allowlist. It is recommended to allow empty referer when setting the allowlist.
COS supports file encryption on the server side. For more information, see Server-side Encryption Overview.
COS data is stored at the underlying storage layer in multi-replica or erasure code mode. The distributed storage engines are distributed across multiple AZs in a region, thus ensuring a data reliability of 99.999999999%. The multi-replica and erasure code storage is based on underlying logic and imperceptible to users.
No, but a high request frequency will. For more information, see Request Rate and Performance Optimization.
Was this page helpful?