AWS Glacier
2022-07-17
Some thoughts
I used a software (name does not important) to access/upload/download files from/to AWS Glacier. The main reason why - was my laziness. I did not want to read documentation and understand how it works. For a while I did not have any issues, however with last update I could not get results of get inventory command. This changed my way on how to access to AWS Glacier. Glacier is good for cold backups, when you don’t need to touch them often. It is a backup for force majeure only. Ok, stop with lyrics. I decided to use Amazon CLI. I read a lot of documentation and it is not consistent and sometimes not clear enough on the official website. I did not expect something like this from Amazon. The best documentation by the way is inside Amazon CLI by itself. The following info is my cheatsheet with examples how to get access/list/retrieve/download files from Glacier.
- bash/powershell and amazon cli only
- always verify that user default region is the same as where glacier vault is
- eg. my vault was on us-west-2, I could not see it at all when my user default region was us-east-1
- disable root access_key/secret_key from aws console (website)
- create from IAM a new user and give a new user permissions for Glacier
- save secret_key (if you forget it, create a new one, no recover mechanism)
- account id is available from the aws console (website), it is possible to use ‘-’ instead of account_id
General commands
#help
$aws <cmd> help
eg
$aws glacier help
$aws glacier describe-vault help
#view conf amazon cli
$aws configure list
#conf/reconf amazon cli
$aws configure
- enter access_key
- enter secret_key
- enter region
- enter output format (default json - which is fine)
#get details about the vault
$aws glacier describe-vault --vault-name <vault_name> --account-id <account_id>
eg
$aws glacier describe-vault --vault-name my_vault --account-id -
#list of vaults
$aws glacier list-vaults --account-id <account_id>
eg
$aws glacier list-vaults --account-id -
#list of jobs
$aws glacier list-jobs --vault-name <vault_name> --account-id <account_id>
eg
$aws glacier list-jobs --vault-name my_vault --account-id -
Downloading a vault inventory aka ls
#initiate job
$aws glacier initiate-job --vault-name <vault_name> --account-id <account_id> --job-parameters='{"Type": "inventory-retrieval"}'
#check status of the job
$aws glacier describe-job --vault-name <vault_name> --account-id - --job-id <job_id>
#get job output to file, in this case we had a job 'Downloading a Vault Inventory'
$aws glacier get-job-output --vault-name <vault_name> --account-id <account_id> --job-id <job_id> output.json
Retrive a file
#retrieve a file from glacier archive, where archive id you can get from output.json
$aws glacier initiate-job --vault-name <vault_name> --account-id <account_id> --job-parameters "{\"Type\":\"archive-retrieval\",\"Tier\":\"Bulk\",\"ArchiveId\":\"<archive_id>\"}"
#status of the job, job_id get from the list of the jobs
aws glacier describe-job --vault-name <vault_name> --account-id - --job-id <job_id>
#download retrieved file
aws glacier get-job-output --vault-name <vault_name> --account-id - --job-id <job_id> <output_file_name>