I want to add the automatic key and value pair of TAG to be added with the object uploaded via AWS console , Example : when a IAM user uploads a file then by default the key has to be CREATEDBY and the value has to be his arn. I want this condition to be achieved because I want to restrict other users to see / download object uploaded by other IAM users in the same folder using iam user policy by checking object tag values, My requirement doesn't allow me to create multiple folder for different users as they are too many.
You can use a Lambda function that will be triggered when a new file is uploaded to your bucket. This function would in turn add the tag to the S3 object. Here's a tutorial to help you wire your S3 bucket to your Lambda function.
The event you will receive in your Lambda will be structured like this. From within your Lambda, you can retrieve the principalId field, which will give you information about the user who created the S3 object, as well as the S3 object's key. You can then use that information to tag the S3 object.