# Vector buckets
Vector buckets are a type of Amazon S3 bucket designed specifically for storing and querying vector data. Vector buckets use dedicated APIs to manage vector data efficiently and reduce costs of upload, storing, and querying vector embeddings. Vector buckets provide the foundation for organizing your vector data into indexes, enabling you to perform similarity searches across large datasets while benefiting from the availability, durability, scalability, and cost-effectiveness of Amazon S3.
Vector buckets are optimized for long-term vector storage with sub-second search times. You can perform similarity queries on your vector data and optionally attach metadata to filter queries based on specific conditions such as dates, categories, or user preferences.
Each vector bucket has a unique Amazon Resource Name (ARN) and resource policy attached to it. The ARNs of vector buckets follow the following format:
```
arn:aws:s3vectors:Region:OwnerAccountID:bucket/bucket-name
```
Within a vector bucket, you create vector indexes to store and query your data. Each vector bucket exists within a specific Amazon Region and you can create multiple vector indexes inside a vector bucket. Vector buckets support security and access control mechanisms, including IAM identity-based policies and bucket policies. You can use bucket policies to grant or restrict access to specific indexes within your vector bucket.
Key characteristics of vector buckets:
+ Purpose-built for vector storage and similarity search operations.
+ Strongly consistent writes ensure that the vector data is immediately accessible.
+ Automatic optimization of vector data for best price-performance as datasets scale.
For more information about vector index limits per bucket and other limitations, see [Limitations and restrictions](s3-vectors-limitations.md).
**Topics**
+ [
# Vector bucket naming rules
](s3-vectors-buckets-naming.md)
+ [
# Creating a vector bucket
](s3-vectors-buckets-create.md)
+ [
# Listing vector buckets
](s3-vectors-buckets-list.md)
+ [
# Viewing vector bucket attributes
](s3-vectors-buckets-details.md)
+ [
# Deleting an empty vector bucket
](s3-vectors-buckets-delete.md)
+ [
# Managing vector bucket policies
](s3-vectors-bucket-policy.md)
+ [
# Using tags with S3 vector buckets
](s3-vectors-tags.md)
# Vector bucket naming rules
Vector bucket names must follow specific naming conventions to ensure uniqueness within an Amazon Region. Amazon S3 enforces the following bucket naming requirements, and you can't create a vector bucket if these rules aren't followed. Additionally, there are best practices that, while not enforced, help prevent conflicts when working with vector buckets programmatically or through the console.
## Vector bucket naming requirements
When creating vector buckets, you must follow these requirements:
+ Vector bucket names must be unique in the same Amazon account for each Amazon Region.
+ Vector bucket names must be between 3 and 63 characters long.
+ Vector bucket names can consist only of lowercase letters (a-z), numbers (0-9), and hyphens (-).
+ Vector bucket names must begin and end with a letter or number.
## Best practices for naming
We recommend following these best practices when naming your vector buckets:
+ Use descriptive names that reflect the purpose of your vector data (for example, product-recommendations, document-embeddings).
+ Avoid using sensitive information in bucket names as they may appear in logs and URLs.
+ Keep names concise but meaningful for easier management and identification.
These naming conventions ensure that your vector buckets can be reliably accessed through the Amazon Management Console, Amazon S3 REST API, the Amazon CLI, and Amazon SDKs.
# Creating a vector bucket
You can create a vector bucket using the S3 console or the Amazon CLI. All data stored in vector buckets are always encrypted at rest. By default, vector buckets use SSE-S3 to encrypt vector data. You can choose to configure buckets to use server-side encryption with Amazon Key Management Service (Amazon KMS) keys (SSE-KMS) instead. The bucket encryption settings can’t be changed after a vector bucket is created, so it's important to choose the appropriate encryption method based on your security requirements and compliance needs. For more information about security in vector buckets, see [Data protection and encryption in S3 Vectors](s3-vectors-data-encryption.md).
## Using the S3 console
1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at [https://console.amazonaws.cn/s3/](https://console.amazonaws.cn/s3/).
1. In the navigation pane, choose **Vector buckets**.
1. Choose **Create vector bucket**.
1. For **Vector bucket name**, enter a name for your bucket.
The bucket name must follow the naming rules:
+ Bucket name must be between 3 and 63 characters long.
+ Bucket name can only include lowercase letters, numbers, and hyphens.
+ Bucket name must be unique within your Amazon account for an Amazon Region.
For more information about vector bucket naming rules, see [Vector bucket naming rules](s3-vectors-buckets-naming.md).
**Important**
You can't change the vector bucket name after you create the bucket.
1. For **Encryption**, choose one of the following options:
+ **Don't specify encryption type** – Amazon S3 automatically applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for new vectors. Choose this option for the simplest setup with no additional configuration.
+ **Specify encryption type** – Choose a specific encryption method:
+ **Server-side encryption with Amazon S3 managed keys (SSE-S3)** – Explicitly choose to use SSE-S3. Amazon S3 encrypts your vector data as it writes it to storage and decrypts it when you access it. Amazon manages all encryption keys automatically.
+ **Server-side encryption with Amazon Key Management Service keys (SSE-KMS)** – Uses customer managed keys (CMKs) in Amazon KMS, giving you more control over your encryption keys, key rotation, and access policies.
If you select SSE-KMS, you have additional options:
+ **Choose from your Amazon KMS keys** – Select an existing customer managed key from your account.
+ **Enter Amazon KMS key ARN** – Specify the full ARN of a KMS key (required format).
+ **Create a KMS key** – Opens the Amazon KMS console to create a new customer managed key.
KMS key requirements:
+ The KMS key must be in the same Region as the vector bucket.
+ You must specify the full KMS key ARN (key IDs and aliases aren't supported).
+ You must grant the S3 Vectors service principal (`indexing.s3vectors.amazonaws.com`) the `kms:Decrypt` permission to use the key. For more information about an example Amazon KMS key policy, see [Data protection and encryption in S3 Vectors](s3-vectors-data-encryption.md).
For detailed information about encryption options and KMS key setup, see [Using SSE-KMS encryption](s3-vectors-data-encryption.md#s3-vectors-sse-kms-encryption).
**Important**
Encryption settings can't be changed after the vector bucket is created. Choose carefully based on your long-term security and compliance requirements.
1. Under **Tags (Optional)**, you can add tags as key-value pairs to help track and organize vector index costs using Amazon Billing and Cost Management. Enter a **Key** and a **Value**. To add another tag, choose **Add Tag**. You can enter up to 50 tags for a vector index. For more information, see [Using tags with S3 vector buckets](s3-vectors-tags.md).
1. Choose **Create vector bucket**.
After creation, you'll see a confirmation message. The new vector bucket appears in your vector buckets list and is ready for creating vector indexes within the bucket.
## Using the Amazon CLI
You can create a vector bucket with SSE-S3 encryption using the following command. To use this example, replace the *user input placeholders* with your own information.
```
aws s3vectors create-vector-bucket \
--vector-bucket-name "amzn-s3-demo-vector-bucket"
```
To create a vector bucket with SSE-KMS encryption using a customer managed KMS key:
```
aws s3vectors create-vector-bucket \
--vector-bucket-name "amzn-s3-demo-vector-bucket" \
--encryption-configuration '{"sseType": "aws:kms", "kmsKeyArn": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"}'
```
## Using the Amazon SDKs
------
#### [ SDK for Python ]
```
import boto3
# Create a S3 Vectors client in the AWS Region of your choice.
s3vectors = boto3.client("s3vectors", region_name="us-west-2")
#Create a vector bucket
s3vectors.create_vector_bucket(vectorBucketName="media-embeddings")
```
------
# Listing vector buckets
You can view all your vector buckets using the Amazon S3 console, Amazon CLI, or Amazon SDKs. The listing operations support prefix-based filtering to help you find specific buckets when you have many vector buckets in your account. For more information about `ListVectorBuckets`, prefix limits, and response limits, see [ListVectorBuckets](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_ListVectorBuckets.html) in the *Amazon S3 API Reference*.
## Prefix search capability
Prefix search allows you to list buckets that start with a specific prefix, making it easier to organize and find related vector buckets. This is particularly useful when you use naming conventions that group related buckets together:
+ **Environment-based**: `production-vectors-`, `staging-vectors-`, `dev-vectors-`
+ **Use case-based**: `ml-model-vectors-`, `document-search-`, `image-similarity-`
+ **Team-based**: `data-science-vectors-`, `ml-platform-vectors-`
## Using the S3 console
To list vector buckets
1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at [https://console.amazonaws.cn/s3/](https://console.amazonaws.cn/s3/).
1. In the navigation pane, choose **Vector buckets**.
The console displays a list of all your vector buckets with the following information:
+ **Name** – The unique name of the vector bucket
+ **Creation date** – When the bucket was created
+ **Amazon Resource Name (ARN)** – The full ARN for programmatic access
To filter the list:
+ To find a bucket based on the start of the bucket name, enter a vector bucket name or prefix in the search box above the bucket list.
+ Use prefixes to find groups of related buckets (for example, type "prod-" to find all production buckets)
The list updates in real-time as you type
## Using the Amazon CLI
```
aws s3vectors list-vector-buckets
```
## Using the Amazon SDKs
------
#### [ SDK for Python ]
```
import boto3
# Create a S3 Vectors client in the AWS Region of your choice.
s3vectors = boto3.client("s3vectors", region_name="us-west-2")
#List vector buckets
response = s3vectors.list_vector_buckets()
buckets = response["vectorBuckets"]
print(buckets)
```
------
# Viewing vector bucket attributes
You can view detailed information about a vector bucket, including its properties, encryption settings and creation details using the Amazon S3 REST API, Amazon SDKs, S3 Console, or the Amazon Command Line Interface (Amazon CLI). For more information about `GetVectorBucket`, see [GetVectorBucket](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_GetVectorBucket.html) in the *Amazon S3 API Reference*.
## Using the S3 console
1. Sign in to the console and open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the navigation pane, choose **Vector buckets**.
1. The console displays a list of all your vector buckets. Find a bucket based on the start of the bucket name, enter a vector bucket name or prefix in the search box above the bucket list. Once you locate your vector bucket, you can view detailed information about it, including its encryption settings, tags, and creation details in the **Properties** tab.
## Using the Amazon CLI
```
aws s3vectors get-vector-bucket --vector-bucket-name "amzn-s3-demo-vector-bucket"
```
# Deleting an empty vector bucket
You can delete a vector bucket when you no longer need it. To delete a vector bucket, you must first delete all the vector indexes within the bucket. When you delete a vector index, all vector data within it is deleted. Use the Amazon S3 REST API, Amazon SDKs, S3 Console, or the Amazon Command Line Interface (Amazon CLI) to delete a vector bucket.
Before you can delete a vector bucket, you must:
+ Delete all vector indexes in the bucket.
+ Ensure no operations are in progress on the bucket or its indexes.
**Important**
Bucket deletion is permanent and can't be undone.
All data and configuration associated with the bucket is permanently lost.
The bucket name becomes available for reuse after deletion.
Any applications or scripts referencing the bucket will receive errors after deletion.
## Using the S3 console
1. Sign in to the console and open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the navigation pane, choose **Vector buckets**.
1. The console displays a list of all your vector buckets. Find a bucket based on the start of the bucket name, enter a vector bucket name or prefix in the search box above the bucket list. Once you locate and choose your vector bucket, select the **Delete** option.
1. To confirm this deletion, type **delete** and then select **Delete vector bucket**.
## Using the Amazon CLI
First, check that no vector indexes exist in the bucket. For more information about how to verify the bucket is empty, see [Listing vector indexes](s3-vectors-index-list.md).
If indexes exist, you must delete all vectors from each index and then delete the indexes. For more information about how to verify the bucket is empty, see [Listing vectors](s3-vectors-list.md), [Deleting vectors from a vector index](s3-vectors-delete.md), and [Deleting a vector index](s3-vectors-index-delete.md).
To delete the empty vector bucket, use the following example command and replace the *user input placeholders* with your own information.
```
aws s3vectors delete-vector-bucket \
--vector-bucket-name "amzn-s3-demo-vector-bucket"
```
## Using the Amazon SDKs
------
#### [ SDK for Python ]
```
import boto3
# Create a S3 Vectors client in the AWS Region of your choice.
s3vectors = boto3.client("s3vectors", region_name="us-west-2")
#Delete a vector bucket
response = s3vectors.delete_vector_bucket(vectorBucketName="media-embeddings")
```
------
# Managing vector bucket policies
Vector bucket policies are resource-based policies that you attach directly to vector buckets to control access to the bucket and its contents. You can add, view, edit, delete vector bucket policies by using the Amazon S3 REST API, Amazon SDKs, S3 Console, or the Amazon Command Line Interface (Amazon CLI). Bucket policies for vector buckets can grant permissions to principals from other Amazon accounts, making them useful for cross-account access scenarios.
## Policy management operations
+ [PutVectorBucketPolicy](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_PutVectorBucketPolicy.html) – Add or update a bucket policy.
+ [GetVectorBucketPolicy](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_GetVectorBucketPolicy.html) – Retrieve the current bucket policy.
+ [DeleteVectorBucketPolicy](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_DeleteVectorBucketPolicy.html) – Remove the bucket policy.
## Adding a vector bucket policy
### Using the S3 console
1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the left navigation pane, choose **Amazon S3**.
1. Choose **Vector buckets** and select the vector bucket name that you want to add a policy to.
1. Choose the **Permissions** tab.
1. Under **Vector bucket policy**, choose **Edit**.
1. In the policy editor, enter your policy JSON.
1. (Optional) Choose **Policy examples** to see sample policies that you can adapt to your needs.
1. After entering your policy, choose **Save changes**.
### Using the Amazon CLI
To add or update a bucket policy, use the following example command and replace the *user input placeholders* with your own information.
```
aws s3vectors put-vector-bucket-policy \
--vector-bucket-name "amzn-s3-demo-vector-bucket" \
--policy '{"Version": "2012-10-17", "Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::111122223333:root"},"Action":"s3vectors:*","Resource":"arn:aws:s3vectors:aws-region:111122223333:bucket/amzn-s3-demo-vector-bucket"}]}'
```
## Viewing a vector bucket policy
### Using the S3 console
1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the left navigation pane, choose **Amazon S3**.
1. Choose **Vector buckets** and select the vector bucket name that you want to view the policy for.
1. Choose the **Permissions** tab.
### Using the Amazon CLI
To retrieve a bucket policy, use the following example command and replace the *user input placeholders* with your own information.
```
aws s3vectors get-vector-bucket-policy \
--vector-bucket-name "amzn-s3-demo-vector-bucket"
```
## Deleting a vector bucket policy
### Using the S3 console
1. Open the Amazon S3 console at [https://console.aws.amazon.com/s3/](https://console.aws.amazon.com/s3/).
1. In the left navigation pane, choose **Amazon S3**.
1. Choose **Vector buckets** and select the vector bucket name that you want to delete the policy for.
1. Choose the **Permissions** tab.
1. Under the **Vector bucket policy**, choose **Delete**.
### Using the Amazon CLI
To delete a bucket policy, use the following example command and replace the *user input placeholders* with your own information.
```
aws s3vectors delete-vector-bucket-policy \
--vector-bucket-name "amzn-s3-demo-vector-bucket"
```
For detailed information about creating and managing bucket policies, including policy examples and best practices, see [S3 Vectors resource-based policy examples](s3-vectors-resource-based-policies.md).
# Using tags with S3 vector buckets
An Amazon tag is a key-value pair that holds metadata about resources, in this case Amazon S3 vector buckets. You can tag S3 vector buckets when you create them or manage tags on existing vector buckets. For general information about tags, see [Tagging for cost allocation or attribute-based access control (ABAC)](tagging.md).
**Note**
There is no additional charge for using tags on vector buckets beyond the standard S3 API request rates. For more information, see [Amazon S3 pricing](https://www.amazonaws.cn/s3/pricing/).
## Common ways to use tags with vector buckets
Use tags on your S3 vector buckets for:
+ **Attribute-based access control (ABAC)** – Scale access permissions and grant access to S3 vector buckets based on their tags. For more information, see [Using tags for attribute-based access control (ABAC)](tagging.md#using-tags-for-abac).
### ABAC for S3 vector buckets
Amazon S3 vector buckets support attribute-based access control (ABAC) using tags. Use tag-based condition keys in your Amazon organizations, IAM, and S3 vector bucket policies. For enterprises, ABAC inAmazon S3 supports authorization across multiple Amazon accounts.
In your IAM policies, you can control access to S3 vector buckets based on the vector bucket's tags by using the following global condition keys:
`aws:ResourceTag/key-name`
Use this key to compare the tag key-value pair that you specify in the policy with the key-value pair attached to the resource. For example, you could require that access to a resource is allowed only if the resource has the attached tag key `Dept` with the value `Marketing`. For more information, see [Controlling access to Amazon resources](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_tags.html#access_tags_control-resources).
`aws:RequestTag/key-name`
Use this key to compare the tag key-value pair that was passed in the request with the tag pair that you specify in the policy. For example, you could check whether the request includes the tag key `Dept` and that it has the value `Accounting`. For more information, see [Controlling access during Amazon requests](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_tags.html#access_tags_control-requests). You can use this condition key to restrict which tag key-value pairs can be passed during the `TagResource` and `CreateVectorBucket` API operations.
`aws:TagKeys`
Use this key to compare the tag keys in a request with the keys that you specify in the policy. We recommend that when you use policies to control access using tags, use the `aws:TagKeys` condition key to define what tag keys are allowed. For example policies and more information, see [Controlling access based on tag keys](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_tags.html#access_tags_control-tag-keys). You can create an S3 vector bucket with tags. To allow tagging during the `CreateVectorBucket` API operation, you must create a policy that includes both the `s3vectors:TagResource` and `s3vectors:CreateVectorBucket` actions. You can then use the `aws:TagKeys` condition key to enforce using specific tags in the `CreateVectorBucket` request.
`s3vectors:VectorBucketTag/tag-key`
Use this condition key to grant permissions to specific data in vector buckets using tags. This condition key acts on the tags assigned to the vector bucket for all S3 Vectors actions. Even when you create a index with tags, this condition key acts on the tags applied to the vector bucket that contains that index. For example, you could require that access to a bucket is allowed only if the bucket has the attached tag key `Dept` with the value `Marketing`. When accessing indexes, this condition references tags associated with the vector bucket containing that index, while the `aws:ResourceTag/tag-key` will reference the tags of the index itself.
### Example ABAC policies for vector buckets
See the following example ABAC policies for Amazon S3 vector buckets.
#### 1.1 - IAM policy to create or modify vector buckets with specific tags
In this IAM policy, users or roles with this policy can only create S3 vector buckets if they tag the vector bucket with the tag key `project` and tag value `Trinity` in the vector bucket creation request. They can also add or modify tags on existing S3 vector buckets as long as the `TagResource` request includes the tag key-value pair `project:Trinity`. This policy does not grant read, write, or delete permissions on the vector buckets or its objects.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CreateVectorBucketWithTags",
"Effect": "Allow",
"Action": [
"s3vectors:CreateVectorBucket",
"s3vectors:TagResource"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:RequestTag/project": [
"Trinity"
]
}
}
}
]
}
```
#### 1.2 - Vector bucket policy to restrict operations on the vector bucket using tags
In this vector bucket policy, IAM principals (users and roles) can perform operations using the `PutVectorBucketPolicy` action on the vector bucket only if the value of the vector bucket's `project` tag matches the value of the principal's `project` tag.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowObjectOperations",
"Effect": "Allow",
"Principal": {
"AWS": "111122223333"
},
"Action": "s3vectors:PutVectorBucketPolicy",
"Resource": "arn:aws::s3vectors:us-west-2:111122223333:bucket/amzn-s3-demo-vector-bucket",
"Condition": {
"StringEquals": {
"aws:ResourceTag/project": "${aws:PrincipalTag/project}"
}
}
}
]
}
```
#### 1.3 - IAM policy to modify tags on existing resources maintaining tagging governance
In this IAM policy, IAM principals (users or roles) can modify tags on a vector bucket only if the value of the vector bucket's `project` tag matches the value of the principal's `project` tag. Only the four tags `project`, `environment`, `owner`, and `cost-center` specified in the `aws:TagKeys` condition keys are permitted for these vector buckets. This helps enforce tag governance, prevents unauthorized tag modifications, and keeps the tagging schema consistent across your vector buckets.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EnforceTaggingRulesOnModification",
"Effect": "Allow",
"Action": [
"s3vectors:TagResource"
],
"Resource": "arn:aws::s3vectors:us-west-2:111122223333:bucket/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/project": "${aws:PrincipalTag/project}"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"project",
"environment",
"owner",
"cost-center"
]
}
}
}
]
}
```
#### 1.4 - Using the `s3vectors:VectorBucketTag` condition key
In this IAM policy, the condition statement allows access to the vector bucket's and vector index's operations only if the vector bucket has the tag key `Environment` and tag value `Production`.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAccessToTaggedBucket",
"Effect": "Allow",
"Action": "*",
"Resource": "arn:aws::s3vectors:us-west-2:111122223333:bucket/*",
"Condition": {
"StringEquals": {
"s3vectors:VectorBucketTag/Environment": "Production"
}
}
}
]
}
```
# Managing tags for vector buckets
You can add or manage tags for S3 vector buckets using the Amazon S3 Console, the Amazon Command Line Interface (Amazon CLI), the Amazon SDKs, or using the S3 APIs: [TagResource](https://docs.amazonaws.cn/), [UntagResource](https://docs.amazonaws.cn/), and [ListTagsForResource](https://docs.amazonaws.cn/). For more information, see:
**Topics**
# Creating vector buckets with tags
You can tag Amazon S3 vector buckets when you create them. There is no additional charge for using tags on vector buckets beyond the standard S3 API request rates. For more information, see [Amazon S3 pricing](https://docs.amazonaws.cn/s3/pricing/). For more information about tagging vector buckets, see [Using tags with S3 vector buckets](s3-vectors-tags.md).
## Permissions
To create a vector bucket with tags, you must have the following permissions:
+ `s3vectors:CreateVectorBucket`
+ `s3vectors:TagResource`
## Troubleshooting errors
If you encounter an error when attempting to create a vector bucket with tags, you can do the following:
+ Verify that you have the required [Permissions](#bucket-tags-permissions) to create the vector bucket and add a tag to it.
+ Check your IAM user policy for any attribute-based access control (ABAC) conditions. You may be required to label your vector buckets only with specific tag keys and values. For more information, see [Using tags for attribute-based access control (ABAC)](tagging.md#using-tags-for-abac).
## Steps
You can create a vector bucket with tags applied by using the Amazon S3 console, the Amazon Command Line Interface (Amazon CLI), the Amazon S3 REST API, and Amazon SDKs.
### Using the S3 console
**To create a vector bucket with tags using the Amazon S3 console**
1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at [https://console.amazonaws.cn/s3/](https://console.amazonaws.cn/s3/).
1. In the left navigation pane, choose **vector buckets**.
1. Choose **create vector bucket** to create a new vector bucket.
1. Create a vector bucket as you normally would; see [Creating a vector bucket](s3-vectors-buckets-create.md).
1. On the **Create vector bucket** page, **Tags** is an option when creating a new vector bucket.
1. Enter a name for the vector bucket.
1. Choose **Add new Tag** to open the Tags editor and enter a tag key-value pair. The tag key is required, but the value is optional.
1. To add another tag, select **Add new Tag** again. You can enter up to 50 tag key-value pairs.
1. After you complete specifying the options for your new vector bucket, choose **Create vector bucket**.
### Using the REST API
For information about the Amazon S3 REST API support for creating a vector bucket with tags, see the following section in the *Amazon S3 Vectors API Reference*:
[CreateVectorBucket](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_CreateVectorBucket.html)
### Using the Amazon CLI
To install the Amazon CLI, see [Installing the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/getting-started-install.html) in the *Amazon Command Line Interface User Guide*.
The following CLI example shows you how to create a vector bucket with tags by using the Amazon CLI. To use the command replace the *user input placeholders* with your own information.
When you create a vector bucket you must provide configuration details and use the following naming convention: `example-vector-bucket`
```
aws s3vector create-vector-bucket --vector-bucket-name acc-bucket \
--tags Department=Accounting,Stage=Prod
```
# Adding a tag to a vector bucket
You can add tags to Amazon S3 vector buckets and modify these tags. There is no additional charge for using tags on vector buckets beyond the standard S3 API request rates. For more information, see [Amazon S3 pricing](https://docs.amazonaws.cn/s3/pricing/). For more information about tagging vector buckets, see [Using tags with S3 vector buckets](s3-vectors-tags.md).
## Permissions
To add a tag to a vector bucket, you must have the following permission:
+ `s3vectors:TagResource`
## Troubleshooting errors
If you encounter an error when attempting to add a tag to a vector bucket, you can do the following:
+ Verify that you have the required [Permissions](#add-bucket-tag-permissions) to add a tag to a vector bucket.
+ If you attempted to add a tag key that starts with the Amazon reserved prefix `aws:`, change the tag key and try again.
## Steps
You can add tags to vector buckets by using the Amazon S3 console, the Amazon Command Line Interface (Amazon CLI), the Amazon S3 REST API, and AmazonSDKs.
### Using the S3 console
**To add tags to a vector bucket using the Amazon S3 console**
1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at [https://console.amazonaws.cn/s3/](https://console.amazonaws.cn/s3/).
1. In the left navigation pane, choose **vector buckets**.
1. Choose the vector bucket name.
1. Choose the **Properties** tab.
1. Scroll to the **Tags** section and choose **Add new Tag**.
1. This opens the **Add Tags** page. You can enter up to 50 tag key value pairs.
1. If you add a new tag with the same key name as an existing tag, the value of the new tag overrides the value of the existing tag.
1. You can also edit the values of existing tags on this page.
1. After you have added the tag(s), choose **Save changes**.
### Using the REST API
For information about the Amazon S3 REST API support for adding tags to a vector bucket, see the following section in the *Amazon S3 Vectors API Reference*:
[TagResource](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_TagResource.html)
### Using the Amazon CLI
To install the Amazon CLI, see [Installing the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/getting-started-install.html) in the *Amazon Command Line Interface User Guide*.
The following CLI example shows you how to add tags to a vector bucket by using the Amazon CLI. To use the command replace the *user input placeholders* with your own information.
```
aws s3vectors tag-resource \
--resource-arn arn:aws:s3vectors:us-east-1:012345678900:bucket/acc-bucket \
--tags Stage=Prod,CostCenter=Marketing
```
# Viewing vector bucket tags
You can view or list tags applied to Amazon S3 vector buckets. For more information about tagging vector buckets, see [Using tags with S3 vector buckets](s3-vectors-tags.md).
## Permissions
To view tags applied to a vector bucket, you must have the following permission:
+ `s3vectors:ListTagsForResource`
## Troubleshooting errors
If you encounter an error when attempting to list or view the tags of a vector bucket, you can do the following:
+ Verify that you have the required [Permissions](#view-bucket-tag-permissions) to view or list the tags of the vector bucket.
## Steps
You can view tags applied to vector buckets by using the Amazon S3 console, the Amazon Command Line Interface (Amazon CLI), the Amazon S3 REST API, and Amazon SDKs.
### Using the S3 console
**To view tags applied to a vector bucket using the Amazon S3 console**
1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at [https://console.amazonaws.cn/s3/](https://console.amazonaws.cn/s3/).
1. In the left navigation pane, choose **vector buckets**.
1. Choose the vector bucket name.
1. Choose the **Properties** tab.
1. Scroll to the **Tags** section to view all of the tags applied to the vector bucket.
1. The **Tags** section shows the User-defined tags by default. You can select the Amazon-generated tags tab to view tags applied to your vector bucket by Amazon services.
### Using the REST API
For information about the Amazon S3 REST API support for viewing the tags applied to a vector bucket, see the following section in the Amazon Simple Vectors API Reference:
[ListTagsforResource](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_ListTagsForResource.html)
### Using the Amazon CLI
To install the Amazon CLI, see [Installing the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/getting-started-install.html) in the *Amazon Command Line Interface User Guide*.
The following CLI example shows you how to view tags applied to a vector bucket. To use the command replace the *user input placeholders* with your own information.
```
aws s3vectors list-tags-for-resource \
--resource-arn arn:aws:s3vectors:us-east-1:012345678900:bucket/acc-bucket
```
# Deleting a tag from a vector bucket
You can remove tags from S3 vector buckets. An Amazon tag is a key-value pair that holds metadata about resources, in this case Amazon S3 vector buckets. For more information about tagging vector buckets, see [Using tags with S3 vector buckets](s3-vectors-tags.md).
**Note**
If you delete a tag and later learn that it was being used to track costs or for access control, you can add the tag back to the vector bucket.
## Permissions
To delete a tag from a vector bucket, you must have the following permission:
+ `s3vectors:UntagResource`
## Troubleshooting errors
If you encounter an error when attempting to delete a tag from a vector bucket, you can do the following:
+ Verify that you have the required [Permissions](#delete-bucket-tag-permissions) to delete a tag from a vector bucket.
## Steps
You can delete tags from vector buckets by using the Amazon S3 console, the Amazon Command Line Interface (Amazon CLI), the Amazon S3 REST API, and Amazon SDKs.
### Using the S3 console
**To delete tags from a vector bucket using the Amazon S3 console**
1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at [https://console.amazonaws.cn/s3/](https://console.amazonaws.cn/s3/).
1. In the left navigation pane, choose **vector buckets**.
1. Choose the vector bucket name.
1. Choose the **Properties** tab.
1. Scroll to the **Tags** section and select the checkbox next to the tag or tags that you would like to delete.
1. Choose **Delete**.
1. The **Delete user-defined tags** pop-up appears and asks you to confirm the deletion of the tag or tags you selected.
1. Choose **Delete** to confirm.
### Using the REST API
For information about the Amazon S3 REST API support for deleting tags from a vector bucket, see the following section in the *Amazon S3 Vectors API Reference*:
[UntagResource](https://docs.amazonaws.cn/AmazonS3/latest/API/API_S3VectorBuckets_UntagResource.html)
### Using the Amazon CLI
To install the Amazon CLI, see [Installing the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/getting-started-install.html) in the *Amazon Command Line Interface User Guide*.
The following CLI example shows you how to delete tags from a vector bucket by using the Amazon CLI. To use the command replace the *user input placeholders* with your own information.
```
aws s3vectors untag-resource \
--resource-arn arn:aws:s3vectors:us-east-1:012345678900:bucket/acc-bucket \
--tag-keys CostCenter Department
```