All Products
Search

This Product

    Object Storage Service:Mengelola tag bucket

    Document Center

    Object Storage Service:Mengelola tag bucket

    Last Updated:Mar 21, 2026

    Tag bucket adalah pasangan kunci-nilai yang Anda tambahkan ke bucket OSS untuk mengelompokkannya berdasarkan proyek, lingkungan, atau tim. Setelah diberi tag, Anda dapat mereferensikannya dalam kebijakan Resource Access Management (RAM) guna menerapkan kontrol akses detail halus—membatasi pengguna mana yang dapat membaca atau menulis data di bucket tertentu.

    Penggunaan umum:

    • Kontrol akses: Buat kebijakan RAM yang mengizinkan atau menolak akses berdasarkan tag bucket, sehingga mencegah akses data lintas proyek.

    • Pengelompokan resource: Identifikasi kepemilikan bucket secara sekilas tanpa perlu membuka setiap bucket.

    Prasyarat

    Sebelum memulai, pastikan Anda memiliki:

    • Izin oss:PutBucketTagging atau akses sebagai pemilik bucket.

    Pengguna tanpa izin ini akan menerima respons 403 Forbidden dengan kode kesalahan AccessDenied.

    Batasan

    BatasanDetail
    Jumlah maksimum tag per bucket20
    PengkodeanUTF-8
    Panjang kunci tagMaksimal 64 karakter; peka huruf besar/kecil; tidak boleh kosong
    Awalan kunci yang dibatasiTidak boleh diawali dengan http://, https://, atau Aliyun (tidak peka huruf besar/kecil)
    Panjang nilai tagMaksimal 128 karakter; boleh kosong
    Bucket tanpa atribut wilayahTidak didukung

    Menambahkan tag ke bucket

    Gunakan konsol OSS

    1. Masuk ke konsol OSS.

    2. Di panel navigasi sebelah kiri, klik Buckets. Pada halaman Buckets, temukan dan klik bucket target.

    3. Di pohon navigasi sebelah kiri, pilih Bucket Settings > Bucket Tagging.

    4. Pada halaman Bucket Tagging, klik Create Tag.

    5. Klik + Tag, lalu masukkan kunci dan nilai tag, atau pilih tag yang sudah ada. Untuk menambahkan beberapa tag, klik + Tag untuk setiap tag tambahan.

    6. Klik Save.

    Gunakan SDK OSS

    Semua contoh di bawah memuat kredensial dari variabel lingkungan OSS_ACCESS_KEY_ID dan OSS_ACCESS_KEY_SECRET. Ganti examplebucket dan wilayah dengan nilai aktual Anda.

    <details> <summary>Python</summary>

    import argparse
import alibabacloud_oss_v2 as oss

parser = argparse.ArgumentParser(description="Put bucket tags")
parser.add_argument('--region', help='The region where the bucket is located.', required=True)
parser.add_argument('--bucket', help='The bucket name.', required=True)
parser.add_argument('--endpoint', help='Custom endpoint (optional).')

def main():
    args = parser.parse_args()

    credentials_provider = oss.credentials.EnvironmentVariableCredentialsProvider()
    cfg = oss.config.load_default()
    cfg.credentials_provider = credentials_provider
    cfg.region = args.region

    if args.endpoint:
        cfg.endpoint = args.endpoint

    client = oss.Client(cfg)

    result = client.put_bucket_tags(
        oss.PutBucketTagsRequest(
            bucket=args.bucket,
            tagging=oss.Tagging(
                tag_set=oss.TagSet(
                    tags=[
                        oss.Tag(key='test_key', value='test_value'),
                        oss.Tag(key='test_key2', value='test_value2'),
                    ],
                ),
            ),
        )
    )

    print(f'status code: {result.status_code}, request id: {result.request_id}')


if __name__ == "__main__":
    main()

    </details>

    <details> <summary>Java</summary>

    import com.aliyun.oss.*;
import com.aliyun.oss.common.auth.*;
import com.aliyun.oss.common.comm.SignVersion;
import com.aliyun.oss.model.SetBucketTaggingRequest;

public class Demo {

    public static void main(String[] args) throws Exception {
        String endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
        EnvironmentVariableCredentialsProvider credentialsProvider =
            CredentialsProviderFactory.newEnvironmentVariableCredentialsProvider();
        String bucketName = "examplebucket";
        String region = "cn-hangzhou";

        ClientBuilderConfiguration clientBuilderConfiguration = new ClientBuilderConfiguration();
        clientBuilderConfiguration.setSignatureVersion(SignVersion.V4);
        OSS ossClient = OSSClientBuilder.create()
            .endpoint(endpoint)
            .credentialsProvider(credentialsProvider)
            .clientConfiguration(clientBuilderConfiguration)
            .region(region)
            .build();

        try {
            SetBucketTaggingRequest request = new SetBucketTaggingRequest(bucketName);
            request.setTag("owner", "John");
            request.setTag("location", "hangzhou");
            ossClient.setBucketTagging(request);
        } catch (OSSException oe) {
            System.out.println("Error code: " + oe.getErrorCode());
            System.out.println("Request ID: " + oe.getRequestId());
        } catch (ClientException ce) {
            System.out.println("Error: " + ce.getMessage());
        } finally {
            if (ossClient != null) {
                ossClient.shutdown();
            }
        }
    }
}

    </details>

    <details> <summary>Go</summary>

    package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

var (
	region     string
	bucketName string
)

func init() {
	flag.StringVar(&region, "region", "", "The region where the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The bucket name.")
}

func main() {
	flag.Parse()

	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("bucket name is required")
	}
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("region is required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg)

	request := &oss.PutBucketTagsRequest{
		Bucket: oss.Ptr(bucketName),
		Tagging: &oss.Tagging{
			&oss.TagSet{
				[]oss.Tag{
					{Key: oss.Ptr("k1"), Value: oss.Ptr("v1")},
					{Key: oss.Ptr("k2"), Value: oss.Ptr("v2")},
					{Key: oss.Ptr("k3"), Value: oss.Ptr("v3")},
				},
			},
		},
	}

	result, err := client.PutBucketTags(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to put bucket tags: %v", err)
	}
	log.Printf("put bucket tags result: %#v\n", result)
}

    </details>

    <details> <summary>PHP</summary>

    <?php

require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

$optsdesc = [
    "region" => ['help' => 'The region where the bucket is located.', 'required' => true],
    "endpoint" => ['help' => 'Custom endpoint (optional).', 'required' => false],
    "bucket" => ['help' => 'The bucket name.', 'required' => true],
];

$longopts = array_map(fn($key) => "$key:", array_keys($optsdesc));
$options = getopt("", $longopts);

foreach ($optsdesc as $key => $value) {
    if ($value['required'] && empty($options[$key])) {
        echo "Error: --$key is required. " . $value['help'];
        exit(1);
    }
}

$region = $options["region"];
$bucket = $options["bucket"];

$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();
$cfg = Oss\Config::loadDefault();
$cfg->setCredentialsProvider($credentialsProvider);
$cfg->setRegion($region);

if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

$client = new Oss\Client($cfg);

$tagging = new Oss\Models\Tagging(
    tagSet: new Oss\Models\TagSet(
        tags: [
            new Oss\Models\Tag(key: 'key1', value: 'value1'),
            new Oss\Models\Tag(key: 'key2', value: 'value2'),
        ]
    )
);

$request = new Oss\Models\PutBucketTagsRequest(bucket: $bucket, tagging: $tagging);
$result = $client->putBucketTags($request);

printf(
    'status code: %s' . PHP_EOL .
    'request id: %s' . PHP_EOL,
    $result->statusCode,
    $result->requestId
);

    </details>

    <details> <summary>Node.js</summary>

    const OSS = require('ali-oss');

const client = new OSS({
  region: 'oss-cn-hangzhou',
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  bucket: 'examplebucket',
});

async function putBucketTags(bucketName, tags) {
  try {
    const result = await client.putBucketTags(bucketName, tags);
    console.log(result);
  } catch (e) {
    console.log(e);
  }
}

const tags = { owner: 'John', location: 'hangzhou' };
putBucketTags('examplebucket', tags);

    </details>

    <details> <summary>C#</summary>

    using Aliyun.OSS;
using Aliyun.OSS.Common;

var endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
var accessKeyId = Environment.GetEnvironmentVariable("OSS_ACCESS_KEY_ID");
var accessKeySecret = Environment.GetEnvironmentVariable("OSS_ACCESS_KEY_SECRET");
var bucketName = "examplebucket";
const string region = "cn-hangzhou";

var conf = new ClientConfiguration();
conf.SignatureVersion = SignatureVersion.V4;

var client = new OssClient(endpoint, accessKeyId, accessKeySecret, conf);
client.SetRegion(region);

try
{
    var setRequest = new SetBucketTaggingRequest(bucketName);
    setRequest.AddTag(new Tag { Key = "project", Value = "projectone" });
    setRequest.AddTag(new Tag { Key = "user", Value = "jsmith" });
    client.SetBucketTagging(setRequest);
    Console.WriteLine("Bucket tags set successfully.");
}
catch (OssException ex)
{
    Console.WriteLine("Error code: {0}, Message: {1}, RequestID: {2}",
        ex.ErrorCode, ex.Message, ex.RequestId);
}
catch (Exception ex)
{
    Console.WriteLine("Error: {0}", ex.Message);
}

    </details>

    <details> <summary>C++</summary>

    #include <alibabacloud/oss/OssClient.h>
using namespace AlibabaCloud::OSS;

int main(void)
{
    std::string Endpoint = "https://oss-cn-hangzhou.aliyuncs.com";
    std::string Region = "cn-hangzhou";
    std::string BucketName = "examplebucket";

    InitializeSdk();

    ClientConfiguration conf;
    conf.signatureVersion = SignatureVersionType::V4;
    auto credentialsProvider = std::make_shared<EnvironmentVariableCredentialsProvider>();
    OssClient client(Endpoint, credentialsProvider, conf);
    client.SetRegion(Region);

    SetBucketTaggingRequest request(BucketName);
    Tag tag1("key1", "value1");
    Tag tag2("key2", "value2");
    TagSet tagset;
    tagset.push_back(tag1);
    tagset.push_back(tag2);
    Tagging tagging;
    tagging.setTags(tagset);
    request.setTagging(tagging);

    auto outcome = client.SetBucketTagging(request);
    if (outcome.isSuccess()) {
        std::cout << "SetBucketTagging succeeded." << std::endl;
    } else {
        std::cout << "SetBucketTagging failed. Code: " << outcome.error().Code()
                  << ", Message: " << outcome.error().Message()
                  << ", RequestId: " << outcome.error().RequestId() << std::endl;
        return -1;
    }

    ShutdownSdk();
    return 0;
}

    </details>

    Untuk contoh SDK dalam bahasa lainnya, lihat ikhtisar SDK OSS.

    Gunakan ossutil

    Untuk petunjuk menambahkan atau memperbarui tag bucket dengan ossutil, lihat Menambahkan tag ke bucket atau memodifikasi tag bucket.

    Gunakan API OSS

    Untuk memanggil API secara langsung, sertakan perhitungan tanda tangan dalam permintaan Anda. Untuk detailnya, lihat PutBucketTags.

    Contoh: menerapkan kontrol akses berbasis RAM berdasarkan proyek

    Di perusahaan tempat setiap proyek menggunakan bucket OSS khusus, Anda dapat memberi tag setiap bucket dengan nama proyek, lalu membuat kebijakan RAM yang membatasi akses hanya ke bucket yang sesuai dengan tag tertentu. Hal ini mencegah tim secara tidak sengaja membaca atau menulis data di bucket proyek lain. Untuk panduan langkah demi langkah, lihat Memberikan otorisasi kepada RAM user untuk membaca dan menulis data di bucket dengan tag tertentu.

    Langkah selanjutnya