Use Alibaba Cloud CDN to configure a cross-account OSS domain name -

This topic describes how to configure an Object Storage Service (OSS) bucket that belongs to another Alibaba Cloud account as the origin server when you add a domain name to Alibaba Cloud CDN.

Issue

I want to use CDN to accelerate the retrieval of resources from an OSS bucket. Can I use an OSS bucket that belongs to another Alibaba Cloud account as the origin server when I add a domain name to CDN? How do I configure the OSS bucket?

Solution

Step 1: Add a domain name to CDN

When you add a domain name to CDN, you can use an OSS bucket that belongs to another Alibaba Cloud account as the origin server. Set Origin Info to OSS Domain, and select Custom OSS Origin from the Domain Name drop-down list. Then, enter the domain name of the OSS bucket that you want to use, as shown in the following figure.

OSS域名

Step 2: Configure a private OSS bucket as your origin server

Note

If the access control list (ACL) of an OSS bucket is set to public-read or public-read-write, you can use the OSS bucket without configuring it as the origin.
If the ACL of an OSS bucket is private, you must configure the OSS bucket as your origin server. Otherwise, you cannot access OSS resources.

You can perform the following operations in the OSS console to check the ACL of an OSS bucket: Navigate to the Buckets page. Click the name of OSS bucket. On the OSS bucket details page, click Overview in the left-side navigation pane. On the page that appears, check the value of ACL in the Basic Information section.

Create an AccessKey ID and AccessKey Secret of the Alibaba Cloud account to which the private OSS bucket belongs. For more information, see Create an AccessKey pair. To ensure account security, we recommend that you create an AccessKey pair for a Resource Access Management (RAM) user and grant the minimum permissions to the RAM user.
Note
If you use the AccessKey pair of a RAM user, make sure that the RAM user has the AliyunOSSReadOnlyAccess permission (read-only access to OSS) or the AliyunOSSFullAccess permission (full access to OSS). For more information, see Grant permissions to a RAM user.
In the CDN console, select the specified domain name. On the Configurations tab of the Origin Fetch page of the domain name, turn on Alibaba Cloud OSS Private Bucket Access. In the dialog box that appears, set Type to Bucket Across Accounts or in the Same Account. Enter the AccessKey ID and AccessKey Secret that you created in Step 1. Click OK.
Optional. Refresh the CDN resources. On the Purge/Prefetch tab o the Purge and Prefetch page of the CDN console, set Operation to Purge and Operation Method to Directory. Enter the directory of the accelerated domain name in the URL section. Click Submit.