Q
Get started Bring yourself up to speed with our introductory content.

What features are involved with Amazon Glacier backup storage?

We'd like to move infrequently accessed data to cold storage to save money. How does Amazon Glacier work and what are some of the main features?

Amazon Glacier provides secure storage for low-cost, long-term enterprise data retention. Amazon Glacier storage...

-- much like other AWS storage offerings -- is broken down into two fundamental concepts: the objects being stored and the containers holding data.

In Glacier, a data object is called an archive. An archive can be a document, image or another form of data, as well as a collection of data consolidated into a single compressed file, such as a .tar or .zip file. These collections are then uploaded to Glacier as a single archive entity. Archives must be placed in suitable containers, and Glacier stores its archives in "vaults." Administrators can use the AWS Management Console and AWS software development kits to create, delete, lock, inventory, filter, adjust access policies and otherwise manage vaults. A single AWS account can support up to 1,000 vaults; each vault can contain numerous archive objects.

Admins often use Amazon Glacier backup because of its security features.

Admins often use Amazon Glacier backup because of its security features. Glacier assigns each archive object a unique identifier when it is uploaded to AWS, rendering the archive immutable. Administrators can run Identity and Access Management controls to authenticate and restrict access at the user level, ensuring that only authorized users, business groups or partners can access certain vaults. Glacier vault containers can also be locked using the Amazon Glacier Vault Lock policy. For example, an admin can set a vault to read-only and prohibit alterations to the policy, leaving Glacier to enforce the policy and guard data against changes or deletion.

Combining Amazon Glacier backup storage with a tool like AWS CloudTrail creates detailed log files of the actions performed on Glacier vaults and objects. Logs can report which user accessed a certain vault or interacted with a particular archive. Logging can help maintain proper regulatory compliance and business governance for archived cloud data.

By design, developers cannot readily access Amazon Glacier backup data. Unlike online storage -- such as Amazon Simple Storage Service (S3), Amazon Glacier storage is not directly visible. Admins must restore data to accessible storage, such as S3, before accessing it. It may take several hours to retrieve archived object data stored in Glacier vault containers, and retrieving data imposes a cost. Administrators should configure the retrieval rate and mitigate retrieval costs with Amazon Glacier backup.

Next Steps

Glacier, Nearline do battle on archival front

Get to know these AWS data storage services

Slow retrieval, high costs open the door for Glacier competition

This was last published in July 2016

Dig Deeper on AWS database management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Which AWS cloud storage option is the most secure for enterprises?
Cancel

-ADS BY GOOGLE

SearchCloudApplications

TheServerSide

SearchSoftwareQuality

SearchCloudComputing

Close