Ghi chú Amazon S3 Glacier Cheat Sheet

Amazon S3 Glacier

  • Long term data storage and very low cost storage. Using for archive and backup purposes.
  • Retrieving data options:
    • Expedited: 1-5 minutes
    • Standard: 3-5 hours
    • Bulk: 5-12 hours.
  • Durability: 11’s 9.
  • Availability: need to retrieve first, cannot access directly to object.
  • Support encryption SSL/TLS in transit, and at rest.
  • Vault lock is a feature to enforce compliance via lockable policy
  • Base unit of S3 Glacier storage is archive. An archive is a file such as photo, video, document. Archive will be stored in a Vault.
  • When you upload an archive, Amazon S3 Glacier will return an Archive ID, Archive ID is unique in a Region in which the archive is restored.
  • AWS Management console to create and delete Vaults. Other interactions requires by using code or CLI.
  • Amazon S3 Glacier supports multipart upload. You will be charged in-progress multipart upload at S3 Glacier Staging Storage until upload completed. When completed, 90 days early-delete windows starts.
  • You should compress your files into a zipped files to lower your storage cost before uploading to Amazon S3 Glacier. Common file format is ZIP, TAR. Base unit of Amazon S3 Glacier is archives. Individual archive has range of size from 1 byte to 40TB.
  • Largest single upload request is 4GB. For items larger than 100MB, you should you multipart upload.
  • Archives ar stored in Amazon S3 Glacier is immutable. i.e: archives can be upload, deleted; but cannot edit or overwrite.
  • Vaults is group of archives. You can manage access to vaults by using AWS IAM.

Vault Lock

  • Vault lock allows to easily deploy and enforce compliances to your vault via lockable policy (Vault lock policy).
  • Vault lock policy and vault access policy govern to your vault. However, Vault Lock policy can be made immutable and provide strong enforcements for your compliance controls. In conjunction, you can use the vault access policy to implement access controls that are not compliance related, temporary, and subject to frequent modification
  • Type of compliance controls with Vault Lock:
    • Deploy Vault Lock policy by using AWS IAM.
    • WORM (Write one read many)
    • Time-based records retention for regulatory archives.


  • Archive size: 1 byte to 40TB
  • Max vaults: 1,000 vaults per account per region
  • S3 Glacier has a minimum 90 days of storage. Less than 90 days incur pro-rated charge equal to the storage charge for the remaining days.
  • One vault access policy per vault.


  • There is no setup fee for using service
  • Retrieval pricing (depends on expedited, standard or bulk)
  • Retrieval requests pricing
  • Provisioned expedited retrieval (100$ per unit)
  • Upload requests pricing
  • Data transfer OUT


%d bloggers like this: