You can use OBS Console, SDKs, OBS Browser+, obsutil, or APIs to create a bucket. A bucket is a container that stores objects in OBS. Before you can store data in OBS, you must create a bucket.
Prerequisites
You have created an account, have sufficient account balance, and have obtained access keys (AK and SK) and endpoints. For details, see Getting Started.
Constraints
- Once a bucket is created, its name and region cannot be changed. Make sure that the bucket name and region you set are appropriate.
- An account (including all of the IAM users under the account) can create a maximum of 100 buckets. You are advised to use the fine-grained access control of OBS to properly plan and use buckets. For example, you can create folders in a bucket based on object prefixes and use fine-grained access control to isolate data between departments. There is effectively no limit to the total number or size of objects in a bucket, so data scalability is not a concern.
Bucket Naming Rules
A bucket name is part of the access domain name and needs to be resolved. Therefore, a bucket name must conform to the
DNS domain naming rules. When receiving a bucket creation request, OBS strictly checks the bucket name. A bucket name:
- Must be unique across all accounts and regions. You must wait at least 30 minutes before you can reuse the name of a deleted bucket or parallel file system.
- Must be 3 to 63 characters long. Only lowercase letters, digits, hyphens (-), and periods (.) are allowed.
- Cannot start or end with a period (.) or hyphen (-), and it cannot contain two consecutive periods (..) or contain a period (.) and a hyphen (-) adjacent to each other.
- Cannot be formatted as an IP address.
Bucket Naming Best Practices
- Avoid using periods (.) in bucket names. If a bucket has periods (.) in its name, accessing the bucket domain name (bucketname.obs.regionID.myhuaweicloud.com) over HTTPS will fail or trigger a certificate verification warning, for example, a red security alert is displayed in the browser. This is because a wildcard SSL certificate only works for buckets without periods (.) in their names.
- Avoid using sensitive information in bucket names. A bucket name will be part of the URL of an object in the bucket.
- Choose a naming rule that can avoid conflicts. Ensure that your program will select another bucket name when the bucket name has been used.
Ways to Create a Bucket
You can use OBS Console, APIs, SDKs, OBS Browser+, or obsutil to create a bucket.
Using OBS Console
- In the navigation pane of OBS Console, choose Object Storage.
- In the upper right corner of the page, click Create Bucket.
- Configure parameters under General Configuration.

Table 1 Parameters under General Configuration
Parameter |
Description |
Replicate Settings from Existing Bucket |
Optional
If you want to reuse the settings of an existing bucket, do as follows to replicate the bucket's settings:
Click Select Bucket. In the bucket list, select a source bucket. Then, on the Create Bucket page, you will see that the source bucket's settings have been replicated to the bucket you are creating. The settings that can be replicated include Region, Data Redundancy Policy, Storage Class, Block Public Access, Bucket Policy, Enterprise Project, Direct Reading, Server-Side Encryption, WORM, and Tag.
You can change some or all of the replicated settings later if necessary. |
Region |
The region where the bucket is created
- Once the bucket is created, its region cannot be changed.
- For lower latency and faster access, select the region nearest to where the data will be accessed.
- Most OBS features are available in all regions, but some are region-specific. Consider the feature availability in each region when you select a region for the bucket. For details, see Function Overview.
- If your ECS needs to access an OBS bucket over an intranet, ensure that the bucket and the ECS are in the same region. For details, see Accessing OBS from an ECS over an Intranet.
|
- Configure parameters under Bucket Settings.


Table 2 Parameters under Bucket Settings
Parameter |
Description |
Bucket Name |
When creating a bucket, you need to set a proper bucket name.
Once a bucket is created, its name cannot be changed.
In accordance with the globally applied DNS naming rules, an OBS bucket name:
- Must be unique. It cannot be the same as the name of any existing bucket or parallel file system (including those created by others). You must wait at least 30 minutes before you can reuse the name of a deleted bucket or parallel file system.
- Must be 3 to 63 characters long.
- Can contain only lowercase letters, digits, hyphens (-), and periods (.). It cannot start or end with a hyphen (-) or period (.).
- Cannot contain two consecutive periods (..) or contain a period (.) and a hyphen (-) adjacent to each other.
- Cannot be formatted as an IP address.
NOTE:
When you use virtual-hosted-style URLs to access OBS over HTTPS, if the bucket name contains periods (.), the certificate verification will fail. To work around this issue, we recommend that you avoid using periods (.) in bucket names.
|
Data Redundancy Policy |
You can choose to store data in a single AZ or multiple AZs within a region.
- Multi-AZ storage: Data in the bucket is stored in multiple AZs within a region. If an AZ is ever unavailable, the data can still be accessed in the other AZs.
- Single-AZ storage: Data in the bucket is stored in a single AZ. This option costs less than the multi-AZ storage.
For details about their performance comparison, see Comparison of Storage Classes.
Multi-AZ storage is selected by default.
Once a bucket is created, its data redundancy policy cannot be changed.
If Multi-AZ storage is used, the Archive or Deep Archive storage class will become unavailable. |
Storage Class |
The storage class of the bucket
You can choose a storage class that meets your needs for storage performance and costs.
- The Standard storage class is for storing a large number of hot files or small files that are frequently accessed (multiple times per month on average) and require fast access.
- The Infrequent Access storage class is for storing data that is less frequently accessed (less than 12 times per year on average), but when needed, the access has to be fast.
- The Archive storage class is for archiving data that is rarely accessed (once a year on average) and does not require fast access.
For more information, see Storage Class.
NOTE:
The object you upload to the bucket later will inherit the bucket's storage class by default. You can also specify a different storage class for the object.
|
Block Public Access |
Used to centrally set certain levels of public access to buckets. You can use this option to ignore the existing public access permissions or prevent new public access permissions from being created.
Enabling all settings prevents the creation of new ACLs or bucket policies that contain public access, and invalidates existing ones. Only the bucket owner can access the bucket and objects within.
The following four settings are supported:
- Prevent the creation of ACLs that allow public access.
- Prevent the creation of bucket policies that allow public access.
- Ignore ACLs that allow public access.
- Ignore bucket policies that allow public access.
To block public access, your account must have the PutBucketPublicAccessBlock permission.
Before enabling any settings, ensure that your applications will work properly without public access.
Enabling Block Public Access will make the public read and public read/write bucket policies unavailable.
For the feature availability and more information, see Function Overview and Block Public Access. |
Bucket Policy |
Controls read and write permissions for the bucket.
- Private: Only users granted permissions by the bucket ACL can access the bucket.
- Public Read: Anyone can read objects in the bucket.
- Public Read/Write: Anyone can read, write, or delete objects in the bucket.
If your account does not have permission to create a bucket policy, a private bucket will be created even if you select Public Read or Public Read/Write. To create a public bucket, your account must have the obs:bucket:PutBucketPolicy permission. |
Enterprise Project |
You can add the bucket to an enterprise project for unified management. To realize this, do as follows:
On the enterprise project management page, create an enterprise object. Then, create a user group, add users to the user group, and add the user group to the created enterprise project. By doing so, the users obtain the operation permissions for the buckets and objects in the enterprise project.
If you do not have any specific needs for enterprise project division and management, choose the default enterprise project.
- Only an enterprise account can configure enterprise projects.
- The OBS user group must have the OBS Buckets Viewer and OBS OperateAccess permissions for the enterprise project.
- Creating the first bucket in a new enterprise project will take about 10 minutes.
|
- Configure parameters under Properties.


Table 3 Parameters under Properties
Parameter |
Description |
Direct Reading |
After direct reading is enabled, you can access Archive objects (such as download or share an object or change an object's storage class) without having to restore them first.
Direct reading will incur retrieval costs according to the objects' size. For details, see Data Retrievals.
For more information, see Direct Reading. |
Server-Side Encryption |
After server-side encryption is enabled, new objects uploaded to the bucket will be encrypted.
With the encryption enabled, you can choose a required encryption method:
- SSE-KMS: The encryption key managed in DEW is used to encrypt objects in your bucket.
After choosing SSE-KMS, you need to specify an encryption key type:
- Default: The default key in the current region will be used to encrypt the objects uploaded to the bucket. If no default key is available, OBS will create one the first time you upload an object.
- Custom: Your custom key will be used to encrypt the objects uploaded to the bucket. If you do not have a custom key, click View KMS Keys to go to the Data Encryption Workshop (DEW) page and create one. Then, choose the created KMS key from the custom key drop-down list.
- Shared: A shared key will be used to encrypt the objects uploaded to the bucket. You need to enter the ID of the shared key. To obtain a shared key ID, see Viewing Key Details.
NOTE:
A shared key from a project or a subproject can be configured here. However, if a shared key from a subproject is specified, the owner of the shared key cannot access objects encrypted with that key, but the bucket owner can.
Data Encryption Workshop (DEW) APIs have traffic control limits (see DEW API Overview). After SSE-KMS is used, your service access may be affected by traffic control.
If SSE-KMS is used, you will be billed for what you use beyond the free quota given by KMS. For details, see DEW Billing Items.
- SSE-OBS: The key created and managed by OBS will be used to encrypt the objects uploaded to the bucket.
After you enable server-side encryption for the bucket, any object you upload to it will inherit the encryption settings from the bucket by default. You can also separately configure encryption for the object.
For more information, see Server-Side Encryption Overview. |
WORM |
You can enable write-once-read-many (WORM) to help prevent object versions from being deleted or overwritten within a specified period.
- WORM cannot be disabled once enabled. However, you can choose whether to configure a retention policy to control whether objects can be written or deleted.
- Enabling WORM automatically enables versioning, and versioning cannot be disabled later.
- A bucket with WORM enabled does not support cross-region replication, and any existing cross-region replication rules applied to the bucket will become invalid.
For more information, see Configuring WORM to Protect Objects from Being Overwritten or Deleted. |
Tag |
Optional. You can add tags to organize and manage buckets.
You can customize a tag or choose one predefined on TMS.
A tag is a key-value pair.
- Tags associated with a bucket must have unique tag keys. A tag key:
- Must contain 1 to 36 characters and be case sensitive.
- Cannot start or end with a space or contain the following characters: =*<>\,|/
- Tag values can be duplicate and can be left blank. A tag value:
- Can contain 0 to 43 characters and must be case sensitive.
- Cannot contain the following characters: =*<>\,|/
A bucket can have up to 10 tags. Each tag has only one key and one value.
For more information, see Adding Tags to a Bucket. |
- Click Create Now.
Using the GUI Tool - OBS Browser+
- Log in to OBS Browser+.
- In the upper part of the page, click Create Bucket.
- In the displayed dialog box, configure bucket parameters, as shown in Figure 1.
Figure 1 Creating a bucket
Table 4 Bucket creation parameters
Parameter |
Description |
Region |
Enter the region where you want to create a bucket.
- Once the bucket is created, its region cannot be changed.
- For lower latency and faster access, create a bucket in the region nearest to you.
- Most OBS features are available in all regions, but some are only available for certain regions. If you want to use some features in your bucket, you are advised to create the bucket in a region where these features are available. For details, see Function Overview.
- If you want your bucket to be accessed from an ECS over the intranet, ensure that the bucket and the ECS are in the same region. For details, see Accessing OBS from an ECS over the Intranet.
|
Storage Class |
Storage class of the bucket.
Different storage classes meet customers' needs for storage performance and costs.
- Standard: applicable to scenarios where a large number of hot files or small files need to be accessed frequently (multiple times per month on average) and require fast access response.
- Infrequent Access: ideal for storing data that is not frequently accessed (less than 12 times per year on average) but requires fast access response.
- Archive: suitable for archiving data that is rarely accessed (averagely once a year) and has no requirements for quick response.
NOTE:
During the object upload, an object inherits its bucket's storage class by default, and you can also specify a different storage class for the object.
For more information, see Storage Class. |
Bucket ACL |
Controls read and write permissions on buckets.
- Private: Only users granted permissions by the ACL can access the bucket.
- Public Read: Anyone can read objects in the bucket.
- Public Read and Write: Anyone can read, write, or delete objects in the bucket.
|
Multi-AZ Mode |
If multi-AZ storage is enabled, data in your bucket is stored in multiple AZs within a region.
After a bucket is created, its data redundancy policy cannot be changed. |
Bucket Name |
Name of the bucket you want to create, which must be globally unique.
A bucket name:
- Must be 3 to 63 characters long and start with a digit or letter. Only lowercase letters, digits, hyphens (-), and periods (.) are allowed.
- Cannot be formatted as an IP address.
- Cannot start or end with a hyphen (-) or period (.).
- Cannot contain two consecutive periods (..), for example, my..bucket.
- Cannot contain a period (.) and a hyphen (-) adjacent to each other, for example, my-.bucket or my.-bucket.
After a bucket is created, its name cannot be changed.
A user can create a maximum of 100 buckets in OBS.
NOTE:
- You can click
next to the Bucket Name text box to view the bucket naming rules.
- When a URL is used to access a bucket, the bucket name will become part of the URL. According to the DNS rule, URLs do not support uppercase letters and cannot recognize buckets whose name contains uppercase letters. Therefore, a bucket name can contain only lowercase letters, digits, hyphens (-), and periods (.). For example, if you attempt to access bucket MyBucket using a URL, the URL will parse MyBucket as mybucket. This results in an access error.
- DNS naming rules can standardize bucket names globally, facilitating the resolution during bucket access. With the DNS naming rules used, you can benefit from new functions and optimized features, and configure static website hosting for buckets.
|
- Click OK. If the bucket is successfully created, it is displayed in the bucket list. If the creation fails, an error message will be displayed.
Using the CLI Tool - obsutil
Command Line Structure
- In Windows
obsutil mb obs://bucket [-fs] [-az=xxx] [-acl=xxx] [-sc=xxx] [-location=xxx] [-config=xxx] [-e=xxx] [-i=xxx] [-k=xxx] [-t=xxx]
- In Linux or macOS
./obsutil mb obs://bucket [-fs] [-az=xxx] [-acl=xxx] [-sc=xxx] [-location=xxx] [-config=xxx] [-e=xxx] [-i=xxx] [-k=xxx] [-t=xxx]
Examples
- Take the Windows OS as an example. Run the obsutil mb obs://bucket001 command to create a bucket with the same name as the bucket of another account. The creation fails.
obsutil mb obs://bucket001
Start at 2024-09-30 07:03:50.1378331 +0000 UTC
Create bucket [bucket001] failed, status [409], error code [BucketAlreadyExists], error message [The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.], request id [0000019241BE18DB4019EDD66E135C56]
Parameter Description
Parameter |
Optional or Mandatory |
Description |
bucket |
Mandatory |
The bucket name
A bucket name must comply with the following rules:
- Contains 3 to 63 characters, including lowercase letters, digits, hyphens (-), and periods (.), and starts with a digit or letter.
- Cannot be an IP address.
- Cannot start or end with a hyphen (-) or period (.).
- Cannot contain two consecutive periods (.), for example, my..bucket.
- Cannot contain periods (.) and hyphens (-) adjacent to each other, for example, my-.bucket or my.-bucket.
|
fs |
Optional (additional parameter) |
Creates a parallel file system. |
az |
Optional (additional parameter) |
The data redundancy policy that can be specified for a bucket to store data in a single AZ or multiple AZs in the same region
The value is multi-az.
If multi-az is used, a bucket with multi-AZ storage will be created. If this parameter is not included, a bucket with single-AZ storage will be created. |
acl |
Optional (additional parameter) |
The access control policy that can be specified when creating a bucket
Possible values are:
- private: Only users granted permissions by the bucket ACL can access the bucket.
- public-read: Anyone can read objects in the bucket.
- public-read-write: Anyone can read, write, or delete objects in the bucket.
|
sc |
Optional (additional parameter) |
The storage class of the bucket
Different storage classes meet customers' needs for storage performance and costs.
Possible values are:
- standard: Standard storage class. It features low access latency and high throughput, and is applicable to storing frequently accessed data (multiple accesses per month) or data that is smaller than 1 MB.
- warm: Infrequent Access storage class. It is ideal for storing infrequently accessed (less than 12 times a year) data, but when needed, the access has to be fast.
- cold: Archive storage class. It provides secure, durable, and inexpensive storage for rarely-accessed (once a year) data.
- deep-archive: Deep Archive storage class (under limited beta testing). It is suitable for storing data that is barely (once every few years) accessed. This storage class costs less than the Archive storage class, but takes longer time (usually several hours) to restore data.
|
location |
Mandatory unless the requested OBS region is the default one (additional parameter) |
The region where the bucket resides
To view the currently valid regions, see Regions and Endpoints.
- Once the bucket is created, its region cannot be changed.
- For lower latency and faster access, select the region nearest to where the data will be accessed.
- Most OBS features are available in all regions, but some are only available for certain regions. If you want to use some features in your bucket, you are advised to create the bucket in a region where these features are available. For details, see Function Overview.
- If you want your bucket to be accessed from an ECS over the intranet, ensure that the bucket and the ECS are in the same region. For details, see Accessing OBS from an ECS over the Intranet.
NOTE:
This parameter indicates the region where a bucket will be created. It is mandatory only when the endpoint belongs to any other regions than the default one CN North-Beijing1 (cn-north-1).
|
config |
Optional (additional parameter) |
The user-defined configuration file for executing the current command
To learn the parameters that can be configured in this file, see Configuration Parameters. |
e |
Optional (additional parameter) |
The endpoint |
i |
Optional (additional parameter) |
The user's AK |
k |
Optional (additional parameter) |
The user's SK |
t |
Optional (additional parameter) |
The user's security token |
References
Changing the Bucket Storage Class
After the bucket is created, you can change its storage class by performing the following steps: For details, see Configuring a Storage Class and Changing the Storage Class of a Bucket or Object.
- In the navigation pane of OBS Console, choose Object Storage.
- In the bucket list, locate the bucket you want and click Change Storage Class on the right.
- Select the desired storage class and click OK.
- Changing the storage class of a bucket does not change the storage class of existing objects in the bucket.
- If you do not specify a storage class for an object when uploading it, it inherits the bucket's storage class by default. After the bucket's storage class is changed, newly uploaded objects will inherit the new storage class of the bucket by default.
Accessing a Bucket
After a bucket is created, you can use the domain name to access the bucket. You can assemble the bucket domain name by putting the bucket name and endpoint together, or you can obtain it by viewing the basic bucket information on OBS Console or OBS Browser+.
An access domain name is structured as follows:
[Structure] BucketName.Endpoint
[Example] bucketname.obs.ap-southeast-1.myhuaweicloud.com
Causes of Bucket Creation Failures and Solutions
More FAQs
The following lists questions frequently asked about buckets: