In the final installment of this 3-part series, we will discuss data retrieval, account permissions, integrating with S3, and transferring secure data. To recap, part 1 introduced Glacier as an extremely low-cost storage service that provides secure, durable, and flexible storage for your data backup and archival. In part 2, we discussed some functionalities of Glacier including managing archives, creating a vault, Glacier durability and archive inventory. And now, part 3.

Managing Data

As with any data storage solution, you will need to occasionally access your data. Glacier’s pricing plan allows you to retrieve up to 5% of your stored data for free each month. Alternatively, deleting data is free unless you are deleting an archive within 3 months of its creation. In this case, you will be charged a deletion fee.

In a single operation, you can upload archives from 1-4 GB in size. It is recommended, however, for Amazon Glacier customers to use Multipart Upload to upload archives greater than 100 MB.  Using the Multipart upload API, you can upload large archives of up to 40 TB (10,000 * 4 GB). The AWS Import/Export service can be used to upload large data to Amazon Glacier by shipping your drive/content storage to AWS.

[Usage Configuration and Policy Analysis - Newvem S3 analytics helps you define, configure, implement and validate your storage policies. Use Newvem to validate your S3 storage structure and policies. Learn More]

Account Permissions

An AWS account owner has full permissions to perform all actions on vaults in the account. AWS Identity and Access Management (IAM) users, alternately, do not have permissions by default and will need to be granted access manually.

You can control access to your data by setting vault-level access policies using IAM.

Integrating Glacier with S3

Amazon Glacier supports a set of operations – specifically, a set of RESTful API calls – that enable you to interact with the service. It uses HTTP and HTTPS as a transport and JavaScript Object Notation (JSON) as a message serialization format.

Recently, a new feature has been made available wherein you can copy data from S3 with automatic, policy-driven archiving to Glacier based on the age or date if your data. Additionally, S3 provides the option to restore objects from the Glacier storage type. The restored S3 object from Glacier will be stored in RRS for the duration specified during restoration. Click here to learn more about using Amazon Glacier as a storage option for S3.

If you archive AWS S3 objects using the Glacier storage option, those objects will not be listed in the AWS Glacier console nor will they be accessible through Glacier API’s. They are accessible only through the Amazon S3 API or the S3 Management Console.

Any archive stored in Glacier using the Amazon Glacier API has a system-generated identifier. If an object is archived through S3, that object will receive a user-defined name. AWS S3 maintains the mapping between a user-defined object name and the Amazon Glacier system-defined identifier to ensure the archive is charged as per Glacier rates while being listed using S3 APIs or console.

Secure Data Transfer

Amazon Glacier supports secure transfer of your data over a Secure Sockets Layer (SSL). It automatically stores data encrypted using the Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard that employs 256-bit encryption keys.

This concludes our series ‘Getting Started with Glacier’. If you have any questions that haven’t yet been answered, please feel free to contact Taral Shah.

[Reduced Redundancy Storage (RRS) and Glacier Opportunities - Newvem S3 analysis helps identify storage migration opportunities and supports migration actions. Learn More]

About the Author

Taral Shah

Cloud architect for more than 2 years with around 12 years of IT Experience. His area of focus is Amazon Cloud and I have written a couple of White papers using AWS. Responsible for designing or migrating HA, scalable application on Cloud. In his past worked as Consultant, Developer, Technical Leader, Project Leader and Account Manager with various global clients.

Contact him

Keywords: Amazon web services, Amazon AWS console, AWS S3, Amazon Cloud Services, AWS Management Console, AWS Glacier, S3 Standard Storage, IAM, Amazon Glacier, S3 Usage, Access Policy, RRS Storage, Storage Objects, Archive, Restore, Durability, Data Access, S3 Storage Cost, Archive, Durability

Content Disclaimer