Amazon S3 Glacier

  • Long-term archival solution optimized for infrequently used data, or “cold data.”
  • Glacier is a REST-based web service.
  • You can store an unlimited number of archives and an unlimited amount of data.
  • You cannot specify Glacier as the storage class at the time you create an object.
  • It is designed to provide an average annual durability of 99.999999999% for an archive. Glacier synchronously stores your data across multiple AZs before confirming a successful upload.
  • To prevent corruption of data packets over the wire, Glacier uploads the checksum of the data during data upload. It compares the received checksum with the checksum of the received data and validates data authenticity with checksums during data retrieval.
  • Glacier works together with Amazon S3 lifecycle rules to help you automate archiving of S3 data and reduce your overall storage costs. Requested archival data is copied to S3 One Zone-IA

Data Model

  • Vault
    • A container for storing archives.
    • Each vault resource has a unique address with form:
      https://region-specific endpoint/account-id/vaults/vaultname
    • You can store an unlimited number of archives in a vault.
    • Vault operations are Region specific.
  • Archive
    • Can be any data such as a photo, video, or document and is a base unit of storage in Glacier.
    • Each archive has a unique address with form:
  • Job
    • You can perform a select query on an archive, retrieve an archive, or get an inventory of a vault. Glacier Select runs the query in place and writes the output results to Amazon S3.
    • Select, archive retrieval, and vault inventory jobs are associated with a vault. A vault can have multiple jobs in progress at any point in time.
  • Notification Configuration
    • Because jobs take time to complete, Glacier supports a notification mechanism to notify you when a job is complete.

Glacier Operations

  • Retrieving an archive (asynchronous operation)
  • Retrieving a vault inventory (list of archives) (asynchronous operation)
  • Create and delete vaults
  • Get the vault description for a specific vault or for all vaults in a region
  • Set, retrieve, and delete a notification configuration on the vault
  • Upload and delete archives. You cannot update an existing archive.
  • Glacier jobs select, archive-retrieval, inventory-retrieval


  • Vault operations are region specific.
  • Vault names must be unique within an account and the region in which the vault is being created.
  • IT Certification Category (English)728x90
  • You can delete a vault only if there are no archives in the vault as of the last inventory that Glacier computed and there have been no writes to the vault since the last inventory.
  • You can retrieve vault information such as the vault creation date, number of archives in the vault, and the total size of all the archives in the vault.
  • Glacier maintains an inventory of all archives in each of your vaults for disaster recovery or occasional reconciliation. A vault inventory refers to the list of archives in a vault. Glacier updates the vault inventory approximately once a day. Downloading a vault inventory is an asynchronous operation.
  • You can assign your own metadata to Glacier vaults in the form of tags. A tag is a key-value pair that you define for a vault.
  • Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual Glacier vaults with a vault lock policy. You can specify controls such as “write once read many” (WORM) in a vault lock policy and lock the policy from future edits. Once locked, the policy can no longer be changed.


  • Glacier supports the following basic archive operations: upload, download, and delete. Downloading an archive is an asynchronous operation.
  • You can upload an archive in a single operation or upload it in parts.
  • Using the multipart upload API, you can upload large archives, up to about 10,000 x 4 GB.
  • You cannot upload archives to Glacier by using the management console. Use the AWS CLI or write code to make requests, by using either the REST API directly or by using the AWS SDKs.
  • You cannot delete an archive using the Amazon S3 Glacier (Glacier) management console. Glacier provides an API call that you can use to delete one archive at a time.
  • After you upload an archive, you cannot update its content or its description. The only way you can update the archive content or its description is by deleting the archive and uploading another archive.
  • Glacier does not support any additional metadata for the archives.

Glacier Select

  • You can perform filtering operations using simple SQL statements directly on your data in Glacier.
  • You can run queries and custom analytics on your data that is stored in Glacier, without having to restore your data to a hotter tier like S3.
  • When you perform select queries, Glacier provides three data access tiers:
    • Expedited – data accessed is typically made available within 1–5 minutes.
    • Standard – data accessed is typically made available within  3–5 hours.
    • Bulk – data accessed is typically made available within 5–12 hours.

Glacier Data Retrieval Policies

  • Set data retrieval limits and manage the data retrieval activities across your AWS account in each region.
  • Three types of policies:
    • Free Tier Only – you can keep your retrievals within your daily free tier allowance and not incur any data retrieval cost.
    • Max Retrieval Rate – ensures that the peak retrieval rate from all retrieval jobs across your account in a region does not exceed the bytes-per-hour limit you set.
    • No Retrieval Limit


  • Glacier encrypts your data at rest by default and supports secure data transit with SSL.
  • Data stored in Amazon Glacier is immutable, meaning that after an archive is created it cannot be updated.
  • Access to Glacier requires credentials that AWS can use to authenticate your requests. Those credentials must have permissions to access Glacier vaults or S3 buckets.
  • Glacier requires all requests to be signed for authentication protection. To sign a request, you calculate a digital signature using a cryptographic hash function that returns a hash value that you include in the request as your signature.
  • Glacier supports policies only at the vault level.
  • You can attach identity-based policies to IAM identities.
  • A Glacier vault is the primary resource and resource-based policies are referred to as vault policies.
  • When activity occurs in Glacier, that activity is recorded in a CloudTrail event along with other AWS service events in Event History.


  • You are charged per GB per month of storage
  • You are charged for retrieval operations such as retrieve requests and amount of data retrieved depending on the data access tier – Expedited, Standard, or Bulk
  • Upload requests are charged.
  • You are charged for data transferred out of Glacier.
  • Pricing for Glacier Select is based upon the total amount of data scanned, the amount of data returned, and the number of requests initiated.
  • There is a charge if you delete data within 90 days.


  • Under a single AWS account, you can have up to 1000 vaults.

Free Amazon Glacier Tutorials on YouTube:


Other Amazon Glacier-related Cheat Sheets:


Validate Your Knowledge

Question 1

Your manager instructed you to set up the disaster and recovery plan of your cloud architecture in AWS. The requirement is to establish durable backup and archiving strategy for the company-owned financial documents, which should be accessible immediately for 6 months. It is expected that there would be a compliance audit every 3 years so you have to ensure that the files are still available on that period.

Which service should you use to fulfill these requirements in the most cost-effective manner?

  1. Set up a Storage Gateway to store data to an S3 bucket. Configure lifecycle policies to move the data to Redshift for archiving.
  2. Set up a Direct Connect connection to upload data to an S3 bucket. For archiving purposes, use IAM policies to move the data into Amazon Glacier.
  3. Upload the data on an encrypted EBS volume. Use lifecycle policies to move EBS snapshots into an S3 bucket and later into Glacier for archiving.
  4. Tutorials Dojo Study Guide and Cheatsheet
  5. Upload data to an S3 bucket. Use lifecycle policies to move the data to Amazon Glacier for archiving.

Correct Answer: 4

You can use lifecycle policies to define actions you want Amazon S3 to take during an object’s lifetime (for example, transition objects to another storage class, archive them, or delete them after a specified period of time).

You can add rules in a lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class. For example:

  • When you know objects are infrequently accessed, you might transition them to the STANDARD_IA storage class.
  • You might want to archive objects that you don’t need to access in real time to the GLACIER storage class.


Question 2

You are working for an advertising company as their Senior Solutions Architect handling the S3 storage data. Your company has terabytes of data sitting on AWS S3 standard storage class, which accumulates significant operational costs. The management wants to cut down on the cost of their cloud infrastructure so you were instructed to switch to Glacier to lessen the cost per GB storage.

The Amazon Glacier storage service is primarily used for which use case? (Choose 2)

  1. Storing cached session data
  2. Storing infrequently accessed data
  3. Storing Data archives
  4. Used for active database storage
  5. Used as a data warehouse

Correct Answers: 2,3

Amazon Glacier is an extremely low-cost storage service that provides secure, durable, and flexible storage for data backup and archival. Amazon Glacier is designed to store data that is infrequently accessed. Amazon Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS so that they don’t have to worry about capacity planning, hardware provisioning, data replication, hardware failure detection and repair, or time-consuming hardware migrations.

Option 1 is incorrect because storing cached session data is the main use case for ElastiCache and not Amazon Glacier.

Option 4 is incorrect because you should use RDS or DynamoDB for your active database storage as S3, in general, is used for storing your data or files.

Option 5 is incorrect because storing it for data warehousing is the main use case of Amazon Redshift. It does not meet the requirement of being able to archive your infrequently accessed data. You can use S3 standard instead for frequently accessed data or Glacier for infrequently accessed data and archiving.

It is advisable to transition the standard data to infrequent access first then transition it to Amazon Glacier. You can specify in the lifecycle rule the time it will sit in standard tier and infrequent access. You can also delete the objects after a certain amount of time.

In transitioning S3 standard to Glacier you need to tell S3 which objects are to be archived to the new Glacier storage option, and under what conditions. You do this by setting up a lifecycle rule using the following elements:

  • A prefix to specify which objects in the bucket are subject to the policy.
  • A relative or absolute time specifier and a time period for transitioning objects to Glacier. The time periods are interpreted with respect to the object’s creation date. They can be relative (migrate items that are older than a certain number of days) or absolute (migrate items on a specific date)
  • An object age at which the object will be deleted from S3. This is measured from the original PUT of the object into the service, and the clock is not reset by a transition to Glacier.

You can create a lifecycle rule in the AWS Management Console.



For more AWS practice exam questions with detailed explanations, check this out:Tutorials Dojo AWS Practice Tests



Pass your AWS and Azure Certifications with the Tutorials Dojo Portal

Tutorials Dojo portal

Our Bestselling AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate Practice Exams

Enroll Now – Our AWS Practice Exams with 95% Passing Rate

AWS Practice Exams Tutorials Dojo

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Tutorials Dojo Study Guide and Cheat Sheets eBooks

Tutorials Dojo Study Guide and Cheat Sheets-2

FREE Intro to Cloud Computing for Beginners

FREE AWS Practice Test Samplers

Browse Other Courses

Generic Category (English)300x250

Recent Posts