Traffic fees

更新时间:
复制 MD 格式

OSS charges traffic fees based on data transferred. Traffic types include inbound, outbound, origin, and cross-region replication traffic.

Pricing

Unit prices are available on the OSS Pricing page.

Billable items

Requests that return 4xx or 5xx status codes do not incur traffic fees.

Inbound traffic

Billable item

Billable item code

Billing rule

Billable

Inbound traffic over Internet

Not applicable

Traffic generated when uploading data through an Internet endpoint (e.g., oss-cn-hangzhou.aliyuncs.com) or transfer acceleration endpoint (e.g., oss-accelerate.aliyuncs.com).

Note

When you use a transfer acceleration Endpoint to upload data to a bucket, transfer acceleration fees are also incurred.

No

Inbound traffic over internal network

Not applicable

Traffic generated when uploading data through an internal endpoint (e.g., oss-cn-hangzhou-internal.aliyuncs.com).

No

Outbound traffic

Billable item

Billable item code

Billing rule

Billable

Outbound traffic over Internet

NetworkOut

Traffic generated when accessing, downloading, or previewing objects, or performing image processing through an Internet endpoint (e.g., oss-cn-hangzhou.aliyuncs.com) or transfer acceleration endpoint (e.g., oss-accelerate.aliyuncs.com).

Note

When you request OSS resources using a transfer acceleration Endpoint, transfer acceleration fees are also incurred.

Outbound traffic over Internet fees = Outbound traffic over Internet (GB) × Price per GB

Yes

Outbound traffic over internal network

Not applicable

Traffic generated when accessing, downloading, or previewing objects, or performing image processing through an internal endpoint (e.g., oss-cn-hangzhou-internal.aliyuncs.com).

No

Origin traffic

Billable item

Billable item code

Billing rule

Billable

Origin traffic

CdnOut

Outbound traffic generated when OSS transfers requested resources to CDN cache nodes.

Origin traffic fees = Origin traffic (GB) × Price per GB

Yes

Cross-region replication traffic

Billable item

Billable item code

Billing rule

Billable

Cross-region replication traffic

ReplicationDatasize

Outbound traffic generated when you use the cross-region replication feature to synchronously replicate data from a source bucket to a destination bucket.

Cross-region replication traffic fees = Cross-region replication traffic (GB) × Price per GB

Yes

Payment methods

Selection guide

Compare payment methods to choose one that reduces your traffic costs.

Billing method

Description

Features

Scenarios

Pay-as-you-go

Default billing method. You pay for actual usage after consumption.

Traffic fluctuates significantly and is hard to predict.

A startup developing a mobile app expects significant traffic growth during promotions but cannot predict the exact scale.

Outbound data transfer plan

A prepaid resource plan for outbound traffic over Internet. Usage is first deducted from this plan during billing settlement.

Outbound traffic is stable and predictable.

A large e-commerce site with high, stable daily download traffic.

Origin traffic plan

A prepaid resource plan for traffic from OSS to CDN edge nodes. Usage is first deducted from this plan during billing settlement.

Origin traffic (OSS to CDN) is stable and predictable.

Stable, predictable origin traffic — e.g., a large website or video platform syncing static resources to CDN daily for global acceleration.

Support

Supported billing methods per billable item:

Billable item

Pay-as-you-go

Resource plan

Outbound traffic over Internet

Outbound data transfer plan

Origin traffic

Origin traffic plan

Cross-region replication traffic

×

Resource plans cannot be used to deduct fees for outbound traffic that has no region attribute.

Billing examples

FAQ

How do I handle an unexpected increase in outbound traffic over the Internet?

If your bucket shows a sudden spike in outbound Internet traffic, use these steps to troubleshoot.

  1. Identify the traffic abnormality.

    If real-time log query is enabled for the bucket

    1. Log on to the OSS console.

    2. In the left-side navigation pane, click Buckets. On the Buckets page, find and click the desired bucket.

    3. In the navigation pane on the left, choose Logging > Real-time Log Query.

    4. On the Real-time Log Query tab, enter the following query statement to query the most frequently accessed files and their corresponding hot-spot IP addresses in examplebucket. The results are sorted by the number of access requests, and the top 5 records are returned.

      * and __topic__: oss_access_log and bucket: examplebucket
      | SELECT 
          client_ip AS ip_address, 
          request_uri AS file_path, 
          COUNT(*) AS access_count, 
          SUM(content_length_out) AS total_bytes_sent
      FROM 
          log
      WHERE 
          http_status = 200
      GROUP BY 
          request_uri, client_ip
      ORDER BY 
          access_count DESC
      LIMIT 5;

      The following figure shows the query result.

      screenshot_2025-04-18_15-12-08

    If real-time log query is not enabled for the bucket

    1. Log on to the OSS console.

    2. In the left-side navigation pane, click Buckets. On the Buckets page, find and click the desired bucket.

    3. In the navigation pane on the left, choose Data Usage > Ranking Statistics, and then click the Referer/IP Address Rankings tab to view the top 10 referers/IP addresses.

    4. In the navigation pane on the left, choose Data Usage > Object Access Statistics to view the names of frequently accessed files and the outbound traffic that they generate.

  2. Determine whether the traffic is abnormal.

    • If certain IP addresses frequently request specific objects, this may indicate malicious behavior. Proceed to Step 3 to check configurations.

    • If multiple IP addresses access different objects, the content may be widely shared (e.g., via social media). Proceed to Step 4 to configure CDN acceleration.

  3. Check the relevant configurations.

    Configuration item

    Threat description

    Solution

    The bucket ACL is set to public-read or public-read-write.

    image

    Anyone, including anonymous users, can read bucket files, generating excessive outbound traffic fees.

    Set the bucket ACL to private. All unsigned or unauthorized requests will then fail.

    image

    Bucket ACL

    The ACL of a frequently accessed file is set to public-read or public-read-write.

    screenshot_2025-04-18_15-59-46

    Anyone, including anonymous users, can read the file, generating excessive outbound traffic fees.

    Set the object ACL to private. Object ACL.

    image

    Users can then access the file only via a signed URL within its validity period.

    The bucket policy does not restrict the IP addresses that are allowed to access the bucket.

    Unknown IP addresses frequently requesting objects generate excessive outbound traffic fees.

    Use a bucket policy to block the suspicious IP addresses identified in Step 1.

    screenshot_2025-04-18_15-43-17

    Use a bucket policy to grant permissions to access OSS

    Referer hotlink protection is not configured to prevent other websites from referencing OSS files.

    Other websites can embed your OSS file URLs (images, videos), shifting traffic to your account and causing a surge in outbound traffic fees.

    Configure a Referer blacklist to restrict access from malicious referers found in Step 1, or configure a Referer whitelist to prevent unauthorized use of your OSS resources. Configure hotlink protection.

  4. Configure CDN to accelerate access to OSS.

    If the traffic surge is caused by content delivery, use CDN to distribute static resources (images, videos, documents) in OSS. This reduces outbound traffic fees and improves loading speed. Accelerate access to OSS using CDN.

Can the requester, instead of the bucket owner, pay for outbound traffic over the Internet and origin traffic?

To have the requester pay for outbound Internet traffic and origin traffic instead of the bucket owner, enable pay-by-requester mode. Pay by requester.

Important
  • Outbound data transfer plans cannot be used to deduct fees for outbound traffic over the Internet that is generated when a requester transfers data from OSS to a client after the pay-by-requester mode is enabled.

  • Origin traffic plans cannot be used to deduct fees for origin traffic that is generated when a requester transfers data from OSS to Alibaba Cloud CDN edge nodes after the pay-by-requester mode is enabled.

Why are request fees incurred along with fees for outbound traffic over the Internet?

Outbound Internet traffic is generated by calling OSS API operations (e.g., GetObject) to transfer data to clients. Since each API call incurs a request fee, request fees naturally accompany outbound traffic fees.

References