Amazon Glacier provides secure storage for low-cost, long-term enterprise data retention. Amazon Glacier storage...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
-- much like other AWS storage offerings -- is broken down into two fundamental concepts: the objects being stored and the containers holding data.
In Glacier, a data object is called an archive. An archive can be a document, image or another form of data, as well as a collection of data consolidated into a single compressed file, such as a .tar or .zip file. These collections are then uploaded to Glacier as a single archive entity. Archives must be placed in suitable containers, and Glacier stores its archives in "vaults." Administrators can use the AWS Management Console and AWS software development kits to create, delete, lock, inventory, filter, adjust access policies and otherwise manage vaults. A single AWS account can support up to 1,000 vaults; each vault can contain numerous archive objects.
Admins often use Amazon Glacier backup because of its security features. Glacier assigns each archive object a unique identifier when it is uploaded to AWS, rendering the archive immutable. Administrators can run Identity and Access Management controls to authenticate and restrict access at the user level, ensuring that only authorized users, business groups or partners can access certain vaults. Glacier vault containers can also be locked using the Amazon Glacier Vault Lock policy. For example, an admin can set a vault to read-only and prohibit alterations to the policy, leaving Glacier to enforce the policy and guard data against changes or deletion.
Combining Amazon Glacier backup storage with a tool like AWS CloudTrail creates detailed log files of the actions performed on Glacier vaults and objects. Logs can report which user accessed a certain vault or interacted with a particular archive. Logging can help maintain proper regulatory compliance and business governance for archived cloud data.
By design, developers cannot readily access Amazon Glacier backup data. Unlike online storage -- such as Amazon Simple Storage Service (S3), Amazon Glacier storage is not directly visible. Admins must restore data to accessible storage, such as S3, before accessing it. It may take several hours to retrieve archived object data stored in Glacier vault containers, and retrieving data imposes a cost. Administrators should configure the retrieval rate and mitigate retrieval costs with Amazon Glacier backup.
Glacier, Nearline do battle on archival front
Get to know these AWS data storage services
Slow retrieval, high costs open the door for Glacier competition
Dig Deeper on AWS database management
Related Q&A from Stephen J. Bigelow
One size does not fit all when administrators develop a protection policy for specific applications. Learn about the configuration options in System ...continue reading
Set up and operate a VM network using proven strategies to ensure security and performance. With a little planning, virtualization admins can avoid ...continue reading
Virtual switch security is achieved through a number of features. Virtualization admins can create and enforce policies, lock down MAC addresses and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.