What is AWS Glacier?
AWS Glacier is a super affordable storage service meant for keeping data safe for a long time. It’s perfect when you want to save files that you don’t need to access immediately, like backups or old records. One thing to remember accessing files from Glacier takes time, usually several hours, so it’s not for stuff you need right now.
Also, you can’t directly upload or download files from the AWS Console. For that, you’ll have to use the AWS CLI (Command Line Interface) or SDKs.
Creating a Vault using AWS Console
Think of a vault as a secure container where all your archived files live.
How to create a vault using the AWS Console:
Log into your AWS Console.
Search for “Glacier” in the search bar.
Click on “Create vault.”
Give your vault a name (like
my-s3-glacier-vault).Choose your AWS region.
Click “Create” and you’re done!
Creating a Vault using AWS CLI
aws glacier create-vault --account-id - --vault-name my-s3-glacier-vault
Setting Up IAM Permissions
Before you start, your AWS user needs permission to work with Glacier.
Here’s a sample IAM policy you can use:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"glacier:UploadArchive",
"glacier:InitiateJob",
"glacier:GetJobOutput",
"glacier:ListVaults",
"glacier:DescribeVault"
],
"Resource": "arn:aws:glacier:region:account-id:vaults/my-s3-glacier-vault"
}
]
}
Make sure you replace the region and account ID with yours, then attach this policy to your user in the IAM console.
Uploading Your First Archive (Using CLI)
- First, create a sample file to upload
echo "This is my sample archive file" > sample.txt
- Upload it to your vault
aws glacier upload-archive --account-id - --vault-name my-s3-glacier-vault --body sample.txt
- Once the upload finishes, the CLI will give you an Archive ID — save this! You’ll need it whenever you want to retrieve or manage this file.
Getting a List of Archives in Your Vault
Since you can’t see files directly in Glacier, you can request an inventory of your vault. This is basically a list of all your archives.
- Start an inventory retrieval job:
aws glacier initiate-job --account-id - --vault-name my-s3-glacier-vault --job-parameters '{"Type": "inventory-retrieval"}'
The command will return a Job ID — note this down.
Wait for 3 to 5 hours (this takes time!).
After the job completes, download the inventory:
aws glacier get-job-output --account-id - --vault-name my-s3-glacier-vault --job-id inventory.json
- Open the
inventory.jsonfile to see details like Archive IDs and upload dates.
Restoring an Archive
If you want to retrieve an archive:
- Initiate a restore job using the Archive ID you saved earlier:
aws glacier get-job-output --account-id - --vault-name my-s3-glacier-vault --job-id [xxxxxxxx] inventory.json
Wait for 3-5 hours for the restore to complete.
Once done, download the restored file:
aws glacier get-job-output --account-id - --vault-name my-s3-glacier-vault --job-id restored-file.txt
How to Delete an Archive from Glacier
Deleting an archive from Glacier is a bit different than uploading or retrieving because AWS Glacier does not provide a direct way to delete an individual archive via CLI or Console. Instead, archives are deleted when you delete the entire vault.
So how do you delete archives?
If you want to delete all archives, you delete the entire vault.
To delete a vault, the vault must be empty (no archives inside).
This means you have to delete all archives first — but Glacier doesn’t have a direct “delete archive” command.
So, practically, you can’t delete individual archives directly.
How to delete a vault (and thus remove all archives)?
First , List the archives using the AWS CLI:
aws glacier initiate-job --account-id - --vault-name [vault-name] --job-parameters '{"Type": "inventory-retrieval"}'
Replace <vault-name> with your vault’s name.
- Delete the archives
aws glacier delete-archive --account-id [account-id] --vault-name [vault-name] --archive-id [archive-id]
- Now, Delete the vault
aws glacier delete-vault --account-id [account-id] --vault-name my-s3-glacier-vault
If your vault is not empty, this command will fail — vaults can only be deleted when empty.
