AWS S3 Glacier

 

Overview

Amazon S3 Glacier is an extremely low-cost storage service that provides secure and durable storage for long-term data backup and archiving.

 

AWS Services

There are 2 types of S3 services offered which are listed below:

• Amazon S3 Glacier as a storage class on Amazon S3
• S3 Glacier Instant Retrieval - For long-lived archive data accessed once a quarter with instant retrieval in milliseconds
• S3 Glacier Flexible Retrieval (Formerly S3 Glacier) - For long-term backups and archives with retrieval option from 1 minute to 12 hours
• S3 Glacier Deep Archive - For long-term data archiving that is accessed once or twice in a year and can be restored within 12 hours
• Direct API in the Amazon S3 Glacier service (Vault)
• S3 Glacier does provide a console. However, any archive operation, such as upload, download, or deletion, requires you to use the AWS Command Line Interface (AWS CLI) or write code. There is no console support for archive operations.

Note - Using Amazon S3 Glacier on Amazon S3 is recommended.

When to use

Use the Amazon S3 Glacier storage class on Amazon S3 when

• You are creating a new long-term storage or archival workflow or environment.
• You want the flexibility of S3 features while using the S3 Glacier and S3 Glacier Deep Archive storage classes.

 

Use the Amazon S3 Glacier service when

• You have existing vaults or workflows that rely on vaults.

 

Pricing

Prices are based on the location of your S3 bucket or vault. Refer below urls for pricing details.

Amazon S3 Service - https://aws.amazon.com/s3/pricing/

Amazon S3 Glacier Service - https://aws.amazon.com/s3/glacier/pricing/

 

Policy

Following policy can be associated with role or user requiring read only access when using Amazon S3 Glacier storage class on Amazon S3:

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": [

                "s3:GetObject",

                "s3:ListBucketVersions",

                "s3:RestoreObject",

                "s3:GetObjectAttributes",

                "s3:ListBucket",

                "s3:GetObjectVersionAttributes",

                "s3:GetObjectVersion"

            ],

            "Resource": [

                "arn:aws:s3:::s3casestudybucket",    ç Replace with bucket name

                "arn:aws:s3:::s3casestudybucket/*"   ç Replace with bucket name

            ]

        },

        {

            "Sid": "VisualEditor1",

            "Effect": "Allow",

            "Action": "s3:ListAllMyBuckets",

            "Resource": "*"

        }

    ]

}

 

Following policy can be associated with role or user requiring read only access when using Amazon S3 Glacier service:

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": [

                "glacier:InitiateJob",

                "glacier:ListJobs",

                "glacier:GetJobOutput",

                "glacier:DescribeJob"

            ],

            "Resource": "arn:aws:glacier:us-east-1:123456654321:vaults/MyArchive" ç Update

        },

        {

            "Sid": "VisualEditor1",

            "Effect": "Allow",

            "Action": "glacier:ListVaults",

            "Resource": "*"

        }

    ]

}