AWS Storage Services

Amazon S3 Glacier

5 min read
Updated June 22, 2025
5,713 characters

S3 Glacier Storage Classes

To accommodate different access needs, S3 Glacier offers several storage classes. The most common way to use these is by setting S3 Lifecycle policies to transition objects from standard S3 tiers.

| Feature | S3 Glacier Instant Retrieval | S3 Glacier Flexible Retrieval (Formerly S3 Glacier) | S3 Glacier Deep Archive |

| ----------------------------- | ------------------------------------------------------------------ | ---------------------------------------------------------------------- | ------------------------------------------------------------------- |

| Designed for | Archiving data that needs immediate, millisecond access. | Archiving data that does not require immediate access (minutes to hours). | Long-term data retention and digital preservation (accessed once or twice a year). |

| Typical Use Case | Medical images, news media assets, or user-generated content archives. | Backup and disaster recovery, offsite data storage. | Financial services, healthcare, and public sector regulatory archives. |

| Minimum Storage Duration | 90 days | 90 days | 180 days |

| First Byte Latency | Milliseconds | Minutes or Hours | Within 12 to 48 hours |

| Cost Profile | Higher storage cost than Flexible/Deep, but low retrieval cost. | Very low storage cost, retrieval cost varies by speed. | The lowest-cost storage in the AWS Cloud. |

Data Retrieval Options

When you need to retrieve data from the archival tiers, you have several options, which balance cost and time.

For S3 Glacier Flexible Retrieval:

| Retrieval Option | Retrieval Time | Cost | Description |

| ---------------- | -------------- | --------- | --------------------------------------------------------------------------- |

| Expedited | 1-5 minutes | Highest | Ideal for urgent requests for a subset of your archives. |

| Standard | 3-5 hours | Medium | The default option, suitable for less time-sensitive needs. |

| Bulk | 5-12 hours | Lowest/Free | The lowest-cost option, designed for retrieving large amounts of data. |

For S3 Glacier Deep Archive:

| Retrieval Option | Retrieval Time | Cost | Description |

| ---------------- | -------------- | ------ | ------------------------------------------------------------------------------- |

| Standard | Within 12 hours | Low | The default option for retrieving data from the deepest archival tier. |

| Bulk | Within 48 hours | Lowest | The most cost-effective option for retrieving large volumes of data affordably. |

Note: Data stored in S3 Glacier Instant Retrieval is accessed in milliseconds, just like any other S3 storage class, and does not have these retrieval tiers.

Core Concepts

  • Archives: The fundamental units of storage in S3 Glacier. An archive can be any data, such as a photo, video, or document. Each archive is assigned a unique ID at the time of creation.

  • Vaults: Containers for storing archives. When you create a vault, you choose an AWS Region where the vault will be created. You can control access to your vaults and the archives within them using IAM policies.

S3 Integration with Lifecycle Policies

The most common and efficient way to move data into S3 Glacier is through Amazon S3 Lifecycle policies.

  • You can configure a lifecycle policy on an S3 bucket to automatically transition objects to a Glacier storage class based on their age.

  • Example Policy: Transition objects to S3 Glacier Flexible Retrieval after 90 days, and then to S3 Glacier Deep Archive after 365 days. Finally, delete objects after 10 years.

  • This automation simplifies data management and helps optimize storage costs without any application changes.

S3 Glacier Vault Lock

Vault Lock is a feature that allows you to enforce compliance controls on individual Glacier vaults.

  • WORM Policy: You can create a Vault Lock policy with rules like "Write Once, Read Many" (WORM) to prevent future edits or deletions of archives.

  • Immutable Policy: Once a Vault Lock policy is locked, it cannot be changed or overridden, not even by the root user. This provides strong, enforceable compliance for records retention.

  • Use Cases: Essential for meeting regulatory requirements from bodies like the SEC, FINRA, and HIPAA.

Security

  • Encryption at Rest: All data stored in Amazon S3 Glacier is automatically encrypted on the server side using strong AES-256 encryption. You can manage keys using either AWS S3-Managed Keys (SSE-S3) or the AWS Key Management Service (SSE-KMS).

  • Encryption in Transit: S3 Glacier uses Secure Sockets Layer (SSL) / Transport Layer Security (TLS) to protect data in transit between your applications and AWS.

  • Access Control: Access to vaults and archives is managed through AWS Identity and Access Management (IAM), allowing you to define granular permissions.

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide
Complete preparation for AWS certification exams
AWS Cookbook
Practical recipes for AWS cloud solutions
As an Amazon Associate, we earn from qualifying purchases.
Back to All