CloudWiki
Resource

S3 Glacier

Amazon Web Services
Storage
Amazon S3 Glacier is a low-cost, long-term cloud storage service designed for data archiving, backup and disaster recovery, and compliance requirements. S3 Glacier provides secure and durable storage for infrequently accessed data at a lower cost compared to Amazon S3 standard storage. Data retrieval times can range from minutes to several hours, making S3 Glacier an ideal solution for storing large amounts of data that are infrequently accessed.
Terraform Name
terraform
aws_glacier_vault
S3 Glacier
attributes:

The following arguments are supported:

  • name - (Required) The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).
  • access_policy - (Optional) The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here. Use the Glacier Developer Guide for more information on Glacier Vault Policy
  • notification - (Optional) The notifications for the Vault. Fields documented below.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

notification supports the following:

  • events - (Required) You can configure a vault to publish a notification for ArchiveRetrievalCompleted and InventoryRetrievalCompleted events.
  • sns_topic - (Required) The SNS Topic ARN.

Associating resources with a
S3 Glacier
Resources do not "belong" to a
S3 Glacier
Rather, one or more Security Groups are associated to a resource.
Create
S3 Glacier
via Terraform:
The following HCL creates a Glacier Vault Resource
Syntax:

resource "aws_sns_topic" "aws_sns_topic" {
 name = "glacier-sns-topic"
}

resource "aws_glacier_vault" "my_archive" {
 name = "MyArchive"

 notification {
   sns_topic = aws_sns_topic.aws_sns_topic.arn
   events    = ["ArchiveRetrievalCompleted", "InventoryRetrievalCompleted"]
 }

 access_policy = <<EOF
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid": "add-read-only-perm",
         "Principal": "*",
         "Effect": "Allow",
         "Action": [
            "glacier:InitiateJob",
            "glacier:GetJobOutput"
         ],
         "Resource": "arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"
      }
   ]
}
EOF

 tags = {
   Test = "MyArchive"
 }
}

Create
S3 Glacier
via CLI:
Parametres:

create-vault
--account-id <value>
--vault-name <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws glacier create-vault --vault-name my-vault --account-id -

aws cost
Costs
The cost of using S3 Glacier depends on the amount of storage space used, the data retrieval speed, the number of requests, and the data transfer. The cost of data retrieval and transfer can vary based on the amount of data involved and the region in which the data is stored.
Direct Cost

$ per GB - <Region> data transfer to <Region>

$ per GB for <Region>-AWS-Out-Bytes in <Region>

Indirect Cost
No items found.
Best Practices for
S3 Glacier

Categorized by Availability, Security & Compliance and Cost

Low
Access allowed from VPN
No items found.
Low
Auto Scaling Group not in use
No items found.
Medium
Connections towards DynamoDB should be via VPC endpoints
No items found.
Medium
Container in CrashLoopBackOff state
No items found.
Low
EC2 with GPU capabilities
No items found.
Medium
EC2 with high privileged policies
No items found.
Medium
ECS cluster delete alarm
No items found.
Critical
ECS task with Admin access (*:*)
Medium
ECS task with high privileged policies
No items found.
Critical
EKS cluster delete alarm
No items found.
Medium
ElastiCache cluster delete alarm
No items found.
Medium
Ensure Container liveness probe is configured
No items found.
Medium
Ensure ECS task definition has memory limit
No items found.
Critical
Ensure EMR cluster master nodes are not publicly accessible
No items found.
More from
Amazon Web Services