Tagging Amazon S3 Glacier Resources - Amazon S3 Glacier

If you're new to archival storage in Amazon Simple Storage Service (Amazon S3), we recommend that you start by learning more about the S3 Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. For more information, see S3 Glacier storage classes and Storage classes for archiving objects in the Amazon S3 User Guide.

Tagging Amazon S3 Glacier Resources

A tag is a label that you assign to an AWS resource. Each tag consists of a key and a value, both of which you define. You can assign the tags that you define to Amazon S3 Glacier (S3 Glacier) vault resources. Using tags is a simple yet powerful way to manage AWS resources and organize data, including billing data.

Tagging Basics

You use the S3 Glacier console, AWS Command Line Interface (AWS CLI), or S3 Glacier API to complete the following tasks:

  • Adding tags to a vault

  • Listing the tags for a vault

  • Removing tags from a vault

For information about how to add, list, and remove tags, see Tagging Your S3 Glacier Vaults.

You can use tags to categorize your vaults. For example, you can categorize vaults by purpose, owner, or environment. Because you define the key and value for each tag, you can create a custom set of categories to meet your specific needs. For example, you might define a set of tags that helps you track vaults by owner and purpose for the vault. Following are a few examples of tags:

  • Owner: Name

  • Purpose: Video archives

  • Environment: Production

Tag Restrictions

Basic tag restrictions are as follows:

  • The maximum number of tags for a resource (vault) is 50.

  • Tag keys and values are case-sensitive.

Tag key restrictions are as follows:

  • Within a set of tags for a vault, each tag key must be unique. If you add a tag with a key that's already in use, your new tag overwrites the existing key-value pair.

  • Tag keys cannot start with aws: because this prefix is reserved for use by AWS. AWS can create tags that begin with this prefix on your behalf, but you can't edit or delete them.

  • Tag keys must be from 1 to 128 Unicode characters in length.

  • Tag keys must consist of the following characters: Unicode letters, digits, spaces, and the following special characters: _ . / = + - @.

Tag value restrictions are as follows:

  • Tag values must be from 0 to 255 Unicode characters in length.

  • Tag values can be blank. Otherwise, they must consist of the following characters: Unicode letters, digits, spaces, and any of the following special characters: _ . / = + - @.

Tracking Costs Using Tagging

You can use tags to categorize and track your AWS costs. When you apply tags to any AWS resources, including vaults, your AWS cost allocation report includes usage and costs aggregated by tags. You can apply tags that represent business categories (such as cost centers, application names, and owners) to organize your costs across multiple services. For more information, see Use Cost Allocation Tags for Custom Billing Reports in the AWS Billing User Guide.

Managing Access Control with Tagging

You can use tags as a condition in an access policy statement. For example, you can set up a legal hold tag and include it as a condition in a data retention policy that states that “archive deletion from everyone will be denied if the legal hold tag value is set to True.” You can deploy the data retention policy and set the legal hold tag to False under normal conditions. If your data must be put on hold to assist an investigation, you can easily turn on the legal hold by setting the tag value to True and removing the hold in a similar way later on. For more information, see Controlling Access Using Tags in the IAM User Guide.