1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. AWS Solutions Architect Associate Level Certification Course: Part 3 of 3

Long Term Storage: Glacier

Start course
1h 10m

AWS Solutions Architect Associate Level Certification Course - Part 3 of 3

Having completed parts one and two of our AWS certification series, you should now be familiar with basic AWS services and some of the workings of AWS networking. This final course in our three-part certification exam preparation series focuses on data management and application and services deployment.

Who should take this course?

This is an advanced course that's aimed at people who already have some experience with AWS and a familiarity with the general principles of architecting cloud solutions.

Where will you go from here?

The self-testing quizzes of the AWS Solutions Architect Associate Level prep materialis a great follow up to this series...and a pretty good indicator of your readiness to take the AWS exam. Also, since you're studying for the AWS certification, check out our AWS Certifications Study Guide on our blog.


When smart administrators design their Cloud strategies they're always trying to balance competing demands against each other. So for example you might like to have instant access to our data storage but perhaps it's just too expensive for our overall deployment model. AWS Glacier is a good example of a useful compromise.

On the one hand, Glacier has no direct upload or download links for archive data and it can be hours before retrieval request might be realized. So, easy access would hardly be a good way to describe it.

On the other hand, storing hundreds of gigabytes of archives on Glacier is a whole lot cheaper than on S3 or in any other service I've come across. Here's how it works, a Glacier vault is a container that holds archives and then archive is a file or a video or some other data object.

Vaults can if you chose be created or deleted from the Glacier dashboard but with one exception will soon explore just about everything else requires programmatic access of one sort or another. Let's create a new vault from the dashboard. First, make sure that your currently working within the right Amazon region, then click on Create Vault and give it a name, that's it. Select our new vault and the location identifying ARN will be displayed under the details tab.

By clicking on the Notifications tab we could have event notices associated with this vault sent to an SNS topic or create a new topic especially for it.

Clicking on delete vault while our vault is selected will obviously delete the vault and any contents it might have.

There's one more very important configuration that's accessible from the dashboard. If you click on the Settings button, you're presented with three data retrieval policy options. The choice you make could have a big impact on how much money Glacier will cost you. The free tier allows you to retrieve up to 5% of your average monthly storage each month without cost by selecting free tier only, quicker retrievals will be impossible. You could also choose a custom maximum retrieval rates starting at one cent per gigabyte or no maximum at all. AWS will show you a maximum cost estimate for any rate you're considering.

As far as non programmatic access goes that's nearly it. The exception we mentioned earlier was a creation of life cycle rules in S3. Since Glacier storage rates are lower than S3s it can make a lot of sense to move older datas especially backups which are most likely to be needed in the short term over to Glacier. From S3's old buckets menu select the bucket you like to edit and then expand the versioning section on the right. Click Enable Versioning, now expand the life cycle section and click Add Rule. We'll apply the rule to our whole bucket and click on the configure rule button that for some strange reason is hidden all the way at the bottom of the page. On the current version of the bucket's contents we'll select Archive and then expire.

We'll Archive meaning we'll move our bucket's contents to Glacier, say seven days after they created and expire them, meaning delete them 30 days after their original creation. Click Review then give the rule a name and in seven days the first of our bucket's objects will be automatically move to Glacier's lower cost storage. Let's briefly examine a sample archive download request using Java.

Obviously, you'll need to have the AWS Java SDK properly installed on your local system, besides making sure that you're passing valid credentials. They'll have to assign correct values to Vault Name, Archive ID and download file path. Vault Name will be the name you gave your vault, you don't need to include the entire ARN ID. Archive ID is the IDU or perhaps S3 lifecycle gave your Archive when it was move to Glacier, and download file path is a location where you'd like your Archive downloaded.

About the Author
David Clinton
Linux SysAdmin
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.