Amazon S3 Glacier

Abimuktheeswaran Chidambaram
5 min readJul 5, 2023

S3 — Glacier is designed to provide you with the highest performance, the most retrieval flexibility, and the lowest cost archive storage in the cloud. You can store the data in terms of months, years, or even decades. It is used for storage purposes in terms of low cost and long-term backup.

It has 3 retrieval modes. There are

Instant Retrieval data can be retrieved at milliseconds in low cost. Designed for 99.⁹⁹ durability and 99.9% of availability across multiple zones. Data size should be a minimum of 128kb.

Flexible Retrieval (S3-glacier) data can be retrieved within minutes(1–5) in lower cost. Designed for 99.9⁹% of durability and 99.99% of availability. Bulk Retrieval can be retrieved within hours (5–12).

Deep Archive Retrieval data can be retrieved from Hours to hours at the lowest cost. The default time is 12 hours. It stores the data in 3 availability zones.

Note: Data from Flexible Interval and Deep Archive is not available for real-time access. If you want to access the data from Flexible Interval and Deep Archive first you want to download. S3 supports restore requests up to 1000 transactions per second per AWS account.

⁕ Benefits of S3 Glacier:

Working of S3 glacier:

2. Console view of creating vault in S3 Glacier:

Generally, S3 Glacier provides the console to view data. But for operation purposes like upload, download, delete, and archive you want to use AWS CLI (Command Line Interface)or via code.

3. Terminologies in S3 Glacier:

Vault means a container to store the archive data like the bucket in S3. you can create 1000 vaults per account in the region. It is region-specific — specific like you can request the service where you created it. The URL format is https://region-specific-endpoint/account-id/vaults/vault-name.

Archive means data like media file, documents etc. You can store unlimited number of data. Each Archieve have unique ID. The URL format is https://region-specific-endpoint/account-id/vaults/vault-name/archives/archive-id.

Jobs means to archieve or retrieve the data,get the vault inventory ( name,created date, archieve description). The operations are asynchronous like you request a job in glacier, once the job is finished by glacier then you can download.

Note: S3 Glacier offers cold data storage retrieval that means you can download at any time from archieve

Notification Configuration means when every job completed, the Simple Notification Service sends the notification to S3 glacier about job. s3 glacier stores the notification in the form of .json document.

Multipart Uploads in S3 Glacier:

You can upload 1mb to 4Gb in a single operation (part size). The total number of part is 1000.By using Multipart Upload you can upload upto 40TB totally.

5. Working in Vaults in Amazon S3 Glacier:

Creating Vault in S3 Glacier when you create vault , the vault name should be unique in AWS account also in AWS region. you can use the same vault name in different AWS region. It supports the characters like a-z,A-Z,0–9 and special characters like _ (underscore) , -(Hyphen), .(period). Names can between 0–255 characters long.

Retrieving vault Metadata If you retrieve the vault list. It shows 1000 lists. If the vault have more than more than 1000 archieves you need to send additional request to fetch the data.

Downloading vault inventory from S3 Glacier Once you upload the archieve in the vault, the s3 glacier automatically create the vault inventory and update it once a day. After the creation of vault inventory it takes half day — full day for retrieval.

Notification in S3 glacier

Configuring vault Notification Configuration means when every job completed, the Simple Notification Service sends the notification to S3 glacier about job. s3 glacier stores the notification in the form of .json document.

Deleting vault from S3 glacier you cannot delete the vault if it contains archives (data). You can delete the empty vault in AWS console. you may delete the empty or non-empty vault via AWS CLI (or) SDK. You want to delete the archieve , then the inventory may update. So immediately you can delete the vault.

4. Vault Lock Policy

S3 glacier allows you to deploy and manage the compliance control to prevent the future edit using vault lock policy. AWS recommends first you create vault, complete vault lock policy then upload the archives so the policy applied to all. Once the vault lock policy is locked ,you cannot change or delete.

Vault Locking is two step process. start (InitiateVaultLock) and complete (CompleteVaultLock). Once the policy has started to deploy, it have 24 hours to delete (AbortVaultLock) and modify the policy. Once the modification done it have another 24 hour from the starting time. After 24 hours you can’t modify or delete the policy, then the vault becomes immutable ( fixed or can’t change or delete).

Last Updated: 22-Dec-2023