CloudWiki
Resource
Detect, troubleshoot & optimize AWS environments in real-time ->

Amazon Web Service (AWS)

S3 Glacier

Storage
Amazon S3 Glacier is a low-cost, long-term cloud storage service designed for data archiving, backup and disaster recovery, and compliance requirements. S3 Glacier provides secure and durable storage for infrequently accessed data at a lower cost compared to Amazon S3 standard storage. Data retrieval times can range from minutes to several hours, making S3 Glacier an ideal solution for storing large amounts of data that are infrequently accessed.
Costs
The cost of using S3 Glacier depends on the amount of storage space used, the data retrieval speed, the number of requests, and the data transfer. The cost of data retrieval and transfer can vary based on the amount of data involved and the region in which the data is stored.
Direct Cost

$ per GB - <Region> data transfer to <Region>

$ per GB for <Region>-AWS-Out-Bytes in <Region>

Indirect Cost
No items found.
Terraform Name
aws_glacier_vault
S3 Glacier
attributes:

The following arguments are supported:

  • name - (Required) The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).
  • access_policy - (Optional) The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here. Use the Glacier Developer Guide for more information on Glacier Vault Policy
  • notification - (Optional) The notifications for the Vault. Fields documented below.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

notification supports the following:

  • events - (Required) You can configure a vault to publish a notification for ArchiveRetrievalCompleted and InventoryRetrievalCompleted events.
  • sns_topic - (Required) The SNS Topic ARN.

Associating resources with a
S3 Glacier
Resources do not "belong" to a
S3 Glacier
Rather, one or more Security Groups are associated to a resource.
Create
S3 Glacier
via Terraform:
The following HCL creates a Glacier Vault Resource
Syntax:

resource "aws_sns_topic" "aws_sns_topic" {
 name = "glacier-sns-topic"
}

resource "aws_glacier_vault" "my_archive" {
 name = "MyArchive"

 notification {
   sns_topic = aws_sns_topic.aws_sns_topic.arn
   events    = ["ArchiveRetrievalCompleted", "InventoryRetrievalCompleted"]
 }

 access_policy = <<EOF
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid": "add-read-only-perm",
         "Principal": "*",
         "Effect": "Allow",
         "Action": [
            "glacier:InitiateJob",
            "glacier:GetJobOutput"
         ],
         "Resource": "arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive"
      }
   ]
}
EOF

 tags = {
   Test = "MyArchive"
 }
}

Create
S3 Glacier
via CLI:
Parametres:

create-vault
--account-id <value>
--vault-name <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]

Example:

aws glacier create-vault --vault-name my-vault --account-id -

Best Practices for
S3 Glacier

Categorized by Availability, Security & Compliance and Cost

No items found.
Explore all the rules our platform covers
Related blog posts
We haven't write about
S3 Glacier
yet.
View all blog posts ->
All Resources
Compute
Athena
Auto Scaling Group
Availability Zone
EC2
ECS
ECS Task Definition
EKS
Lambda Function
Region
SageMaker Notebook
Database
DMS
DocumentDB
DynamoDB
EMR
ElastiCache
Glue
OpenSearch
RDS
Network
ALB
API Gateway
CloudFront
Direct Connect
Direct Connect Gateway
ELB
ENI
Elastic IP
GLB
Internet Gateway
NAT Gateway
NLB
Prefix List
Route 53
Route Table
Site-to-Site VPN Connection
Subnet
Target Group
Transit Gateway
VPC
VPC Endpoint
VPC Peering
VPN Customer Gateway
Virtual Private Gateway
Permission
IAM Account Password Policy
IAM Group
IAM Policy
IAM Role
IAM User
Instance Profile
Queue
Kinesis
MSK
SES
SNS
SQS
Security
CloudWatch
GuardDuty
Config
WAF
Network ACL
KMS
Security Group
Storage
EFS
S3 Glacier
AMI
EBS Snapshots
EBS Volume
S3 Bucket
Kubernetes
Network Policy
StatefulSet
Service
ReplicaSet
Namespace
Ingress
Endpoints
Deployment
Service Account
Pod