100 Days of DevOps — Day 46-Introduction to Amazon Glacier

Prashant Lakhera
3 min readMar 29, 2019

--

Welcome to Day 46 of 100 Days of DevOps, Focus for today is Amazon Glacier

What is Amazon Glacier?

  • Data Archiving Solution
  • It’s designed for infrequently accessed data (you may require that data later for business need or legal purpose)
  • Long term storage solution for low cost
  • 99.999999999(11 9’s of durability)

Key Terms

  • Archive: Any object that you store in a Glacier or basic unit of storage in Glacier
  • Vault: Vault is the container for storing archive.
  • Access Policy: Determine who can and can’t access the data stored in the Vault. It also controls what action user can and can’t perform on the Vault. You can also create a Vault lock policy so that Vault can’t be altered.

Only a few Glacier operations supported by AWS Management Console

  • Creating and Deleting Vault
  • Creating and Managing Vault Policies

For the rest of the operation, you need to rely on the below methods

Data retrieval from Glacier

  • Expedited: 1–5 min(highest cost)
  • Standard: 3–5 hour
  • Bulk: 5–12 hour(lowest cost)

Performance across the S3 Storage Classes

  • Choose S3 Storage Class based on your requirement
  • Quick Comparision between S3 and Glacier

Security with Amazon Glacier

  • Glacier access can be control using IAM
  • Glacier encrypt your data using AES-256
  • Glacier manages key for you

Go to the Glacier tab using AWS console https://us-west-2.console.aws.amazon.com/glacier → Create Vault

  • Choose all the default options and create Vault
  • Most of the time, I see people use LifeCycle Policies to move the object from S3 to a glacier.

LifeCycle Management

Why do we need LifeCycle Management?

  • To save cost
  • In most of the cases, data which is generated by our application is relevant for us for the first 30 days and after that, we don’t access that data as frequently.

Reference:

LifeCycle object supports the following but I am going to enable just the required parameters

  • enabled — (Required) Specifies lifecycle rule status.
  • transition - (Optional) Specifies a period in the object's transitions
  • Here I am defining after 30 days move the objects to STANDARD_IA and after 60 days to GLACIER.

Looking forward from you guys to join this journey and spend a minimum an hour every day for the next 100 days on DevOps work and post your progress using any of the below medium.

Reference

--

--

Prashant Lakhera

AWS Community Builder, Ex-Redhat, Author, Blogger, YouTuber, RHCA, RHCDS, RHCE, Docker Certified,4XAWS, CCNA, MCP, Certified Jenkins, Terraform Certified, 1XGCP