Object Storage Service (OSS) allows you to classify and manage buckets by using bucket tags. You can use this feature to list buckets that have specific tags and configure access control lists (ACLs) for buckets that have specific tags.

The bucket tagging feature uses a key-value pair to identify a bucket. You can add tags to buckets that are used for different purposes and manage the buckets by tags.
  • Only the bucket owner or authorized Resource Access Management (RAM) users can configure tagging for the bucket. Otherwise, 403 Forbidden is returned with the error code AccessDenied.
  • You can configure up to 20 tags for a bucket.
  • Each tag must have a key. The key of a tag can be up to 64 characters in length and cannot start with http://, https://, or Aliyun. The key of a tag cannot be empty.
  • The value of a tag can be up to 128 characters in length and can be empty.
  • The key and value of a tag must be UTF-8-encoded.

Implementation methods

Implementation method Description
Console User-friendly and intuitive web application
ossutil A high-performance command-line tool
Java SDK SDK demos for various programming languages
Python SDK
Go SDK
C++ SDK
Node.js SDK
.NET SDK

Instructions

After you add tags to buckets, you can manage multiple buckets that have the same tag. For example, you can list buckets that have the same tag and authorize RAM users to manage buckets that have the same tag.
  • List buckets that have specific tags
    You can list buckets that have specific tags. For more information, see the following SDK demos:
  • Authorize RAM users to manage buckets that have specific tags
    When you have a large number of buckets, you can classify buckets based on tags and configure RAM policy to authorize specific users to manage buckets that have specific tags. For example, you can configure the following RAM policy to authorize User A to list buckets that have the tagging configuration of keytest=valuetest tag:
    {
        "Version": "1",
        "Statement": [
            {
                "Action": [
                    "oss:ListBuckets"
                ],
                "Resource": [
                    "acs:oss:*:193248792425xxxx:*"
                ],
                "Effect": "Allow",
                "Condition": {
                    "StringEquals": {
                        "oss:BucketTag/keytest": "valuetest"
                    }
                }
            }
        ]
    }