Amazon Simple Storage Service: Object Tagging

Object tagging enables to categorize object storage. A tag is a key-value pair.  Although object name prefix also enables to categorize the object storage, this is one-dimension categorization. Object tagging enables to categorize the object into multiple dimensions.

  • Tag can be configured to newly added object while uploading to bucket or any existing objects as well which already existing in the bucket
  • An object can have many Tags but not more than 10. Each tag key must be unique in nature which is associated with an object
  • Tag Key and value is case sensitive
  • Tag key' max length can be up to 128 Unicode characters and tag value length can be up to 256 Unicode characters.
  • Object tags enable fine-grained access control of permissions for an object. Access permission can be granted to specific tag and based on tag, user will have IAM access permission to an object as Read-Only or Read-Write
  • Objects tags also enable fine-grained control in object lifecycle management. In lifecycle rule, tag can be used as filter the object (tag-based Filter) in addition to key name prefix
  • This enables to customize the CloudWatch metrics and AWS CloudTrail logs to display information by using of tag specific filter
  • Although Object tag used to label the object confidentiality, however tag itself shouldn't contain any confidential information
  • Amazon S3 supports many APIs to manage object tagging
    • PUT Object tagging - To add or update object tag. if an object has no tag, this will add. if tag exist then it will replace 
    •  GET Object tagging - to get/return tags associated with object
    • DELETE Object tagging – Deletes the tag set associated with an object. To delete tags of a specific object version, add the versionId query parameter in the request
  • Tagging follows the eventual consistency model
  • Tags can be added to an object only after complete the multipart upload
  • To manage object tagging related permissions, bucket and user policies (permissions policies ) can be used


Popular posts from this blog

AWS Identity and access management (IAM)