Glacier

  • S3 Glacier is a secure, durable, and extremely low-cost S3 storage class for data archiving and long-term backup.

  • With S3 Glacier, customers can store their data cost effectively for months, years, or even decades.

  • S3 Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS.

  • Data at rest stored in S3 Glacier is automatically server-side encrypted using AES-256 with keys maintained by AWS.

Archive

  • An archive can be any data such as a photo, video, or document and is a base unit of storage in S3 Glacier.

  • Each archive has a unique ID and an optional description.

Vault

  • In S3 Glacier, a vault is a container for storing archives.

  • When you create a vault, you specify a name and choose an AWS Region where you want to create the vault.

Job

  • S3 Glacier jobs can perform a select query on an archive, retrieve an archive, or get an inventory of a vault.

Vault Locking Overview

  • You can specify controls such as “write once read many” (WORM) in a vault lock policy and lock the policy from future edits.

  • Once locked, the policy can no longer be changed.

  • You must complete the vault locking process within 24 hours after the vault lock enters the InProgress state.

  • After the 24 hour window ends, the lock ID expires, the vault automatically exits the InProgress state, and the vault lock policy is removed from the vault.

  • After a vault lock is in the Locked state, you cannot initiate a new vault lock for the vault.

  • You can set a vault lock by calling initiate-vault-lock.

  • You can abort the vault locking process by calling AbortVaultLock.

  • You can get the state of the vault lock by calling GetVaultLock.

PreviousAWS Certificate Manager (ACM)NextDynamoDB Encryption

Last updated

Was this helpful?