Andrea Danti - Fotolia
Amazon Glacier provides secure storage for low-cost, long-term enterprise data retention. Amazon Glacier storage -- much like other AWS storage offerings -- is broken down into two fundamental concepts: the objects being stored and the containers holding data.
In Glacier, a data object is called an archive. An archive can be a document, image or another form of data, as well as a collection of data consolidated into a single compressed file, such as a .tar or .zip file. These collections are then uploaded to Glacier as a single archive entity. Archives must be placed in suitable containers, and Glacier stores its archives in "vaults." Administrators can use the AWS Management Console and AWS software development kits to create, delete, lock, inventory, filter, adjust access policies and otherwise manage vaults. A single AWS account can support up to 1,000 vaults; each vault can contain numerous archive objects.
Admins often use Amazon Glacier backup because of its security features. Glacier assigns each archive object a unique identifier when it is uploaded to AWS, rendering the archive immutable. Administrators can run Identity and Access Management controls to authenticate and restrict access at the user level, ensuring that only authorized users, business groups or partners can access certain vaults. Glacier vault containers can also be locked using the Amazon Glacier Vault Lock policy. For example, an admin can set a vault to read-only and prohibit alterations to the policy, leaving Glacier to enforce the policy and guard data against changes or deletion.
Combining Amazon Glacier backup storage with a tool like AWS CloudTrail creates detailed log files of the actions performed on Glacier vaults and objects. Logs can report which user accessed a certain vault or interacted with a particular archive. Logging can help maintain proper regulatory compliance and business governance for archived cloud data.
By design, developers cannot readily access Amazon Glacier backup data. Unlike online storage -- such as Amazon Simple Storage Service (S3), Amazon Glacier storage is not directly visible. Admins must restore data to accessible storage, such as S3, before accessing it. It may take several hours to retrieve archived object data stored in Glacier vault containers, and retrieving data imposes a cost. Administrators should configure the retrieval rate and mitigate retrieval costs with Amazon Glacier backup.
Glacier, Nearline do battle on archival front
Get to know these AWS data storage services
Slow retrieval, high costs open the door for Glacier competition
Dig Deeper on AWS database management
Related Q&A from Stephen J. Bigelow
WET code leaves apps bogged down. Learn how to reduce the challenges brought on by code redundancy by programming based on the DRY principle. Continue Reading
A virtualization layer in an embedded system provides better efficiency for tasks such as network virtualization. Some examples of embedded ... Continue Reading
An embedded hypervisor offers several benefits, such as VM security, system reliability and improved hardware use, and is ideal for admins looking to... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.