Cargando...
Cargando...
Massively scalable, ultra-low-cost archival storage with flexible retrieval tiers — built for data you rarely touch but must never lose.
Amazon S3 Glacier is a family of secure, durable, and extremely low-cost cloud storage classes within Amazon S3, designed for long-term data archiving and backup. It offers three distinct storage classes — S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive — each optimized for different retrieval latency and cost trade-offs. All Glacier classes provide 99.999999999% (11 nines) of data durability by redundantly storing data across a minimum of three AWS Availability Zones.
Long-term, cost-optimized archival of infrequently accessed data (compliance records, media archives, backup data, scientific datasets) where retrieval latency of minutes to hours is acceptable.
Use When
Avoid When
S3 Glacier Instant Retrieval storage class
Millisecond retrieval, 90-day minimum, higher retrieval cost than Flexible — best for quarterly access patterns
S3 Glacier Flexible Retrieval storage class
1-5 min (Expedited), 3-5 hr (Standard), 5-12 hr (Bulk) — formerly just called 'S3 Glacier' before Nov 2021 rename
S3 Glacier Deep Archive storage class
Lowest cost storage in AWS (~$0.00099/GB-month), 180-day minimum, 12-48 hour retrieval
S3 Lifecycle Policies (automatic tiering)
Transition objects from S3 Standard → Glacier classes automatically based on age or rules
Vault Lock (WORM compliance)
Immutable compliance policies via native Glacier API; S3 Object Lock is the S3-bucket equivalent
S3 Object Lock (WORM for S3-accessed Glacier)
Use when managing Glacier via S3 API/Lifecycle; supports Compliance and Governance retention modes
Multipart Upload (native Glacier API)
Recommended for archives > 100 MB; required for archives > 4 GB
Server-Side Encryption (SSE-S3 by default)
All Glacier data is encrypted at rest by default using AES-256
SSE-KMS
Customer-managed keys via AWS KMS for enhanced key control and audit trails
Cross-Region Replication (CRR)
Supports replication to Glacier classes in another region for disaster recovery
S3 Inventory
Can include Glacier storage class objects in inventory reports for auditing
S3 Batch Operations
Can initiate bulk restores of Glacier objects at scale
Provisioned Retrieval Capacity (Flexible Retrieval)
Guarantees Expedited retrieval availability; each unit = 3 retrievals/5 min, up to 150 MB/s
Range retrievals (partial archive restore)
Retrieve specific byte ranges of an archive without restoring the full object — reduces cost
S3 Select on restored Glacier objects
After restoring, S3 Select can query CSV/JSON/Parquet data — useful for analytics on archived data
Event Notifications (SNS, SQS, Lambda)
Trigger notifications when restore operations complete — critical for automated workflows
AWS Storage Gateway integration
Tape Gateway writes virtual tapes directly to Glacier or Deep Archive — replaces physical tape libraries
Direct public HTTP access (like S3 Standard)
Glacier objects must be restored to S3 Standard temporarily before they can be served publicly — no direct URL access
Real-time streaming from archive
Not designed for streaming — restore first, then stream from S3 Standard
S3 Lifecycle Policy Tiering
high freqConfigure S3 Lifecycle rules to automatically transition objects from S3 Standard → Standard-IA → Glacier Instant Retrieval → Glacier Flexible Retrieval → Deep Archive based on object age. This is the most common and exam-tested pattern — no application code changes required, fully managed cost optimization.
Virtual Tape Library (VTL) Replacement
high freqAWS Storage Gateway Tape Gateway presents a VTL interface to backup applications (Veeam, Commvault, Veritas) and writes virtual tapes to S3 Glacier Flexible Retrieval or Deep Archive. Eliminates physical tape management while maintaining familiar backup workflows — key pattern for migration questions.
Warm vs. Cold Storage Tiering Decision
high freqA common exam comparison: EFS is file storage (POSIX, NFS) for active workloads; S3/Glacier is object storage for archival. When a question asks about cost-optimizing file shares with rarely accessed data, EFS Infrequent Access or S3 Glacier are the answers depending on whether POSIX semantics are required.
Event-Driven Restore Automation
medium freqUse S3 Event Notifications to trigger Lambda when a restore-complete event fires. Lambda can then process the restored object (e.g., run analytics, move to another system) and delete the temporary S3 Standard copy to minimize costs. Common in data pipeline and ETL architectures.
Archived Data Analytics
medium freqRestore Glacier objects to S3 Standard, then use Athena to query them with SQL. For large-scale archive analytics, S3 Batch Operations can trigger bulk restores before Athena queries run. Cost-effective for periodic compliance reporting or historical data analysis.
Centralized Backup with Archive Tier
medium freqAWS Backup supports S3 Glacier as a backup vault destination for RDS, DynamoDB, EFS, and EC2 backups. Backup plans can specify transition to cold storage (Glacier) after a warm period — centralizes backup management across services with archive-class pricing.
Bulk Archive Restore at Scale
medium freqWhen millions of Glacier objects need to be restored for migration or large-scale analytics, S3 Batch Operations can initiate RestoreObject jobs at scale with a single API call. Avoids the complexity of iterating through objects manually — critical for data lake migration scenarios.
Memorize the retrieval time tiers: Glacier Instant = milliseconds | Flexible Expedited = 1-5 min | Flexible Standard = 3-5 hrs | Flexible Bulk = 5-12 hrs | Deep Archive Standard = 12 hrs | Deep Archive Bulk = 48 hrs. Exam questions will eliminate wrong answers based on retrieval SLA requirements.
Glacier Instant Retrieval is NOT always cheaper than S3 Standard-IA. Glacier Instant has lower storage cost but HIGHER retrieval fees. If data is accessed more than once per quarter, Standard-IA may be cheaper overall. Always calculate total cost = storage cost + retrieval cost + minimum duration charges.
S3 Glacier classes were renamed in November 2021: old 'Amazon S3 Glacier' = new 'S3 Glacier Flexible Retrieval'. If you see 'S3 Glacier' without a qualifier in older resources or exam questions, it refers to Flexible Retrieval. The SAA-C03 and newer exams use the new naming convention.
Vault Lock vs. S3 Object Lock: Use Vault Lock when accessing Glacier via the native Glacier API. Use S3 Object Lock (Compliance or Governance mode) when accessing Glacier via S3 Lifecycle policies and S3 API. Both enforce WORM, but they apply to different access patterns.
Provisioned Retrieval Capacity is ONLY for S3 Glacier Flexible Retrieval Expedited tier — it guarantees capacity during peak demand. Without it, Expedited retrievals may be rejected when AWS capacity is constrained. For mission-critical restores, always provision capacity.
Match retrieval SLA to storage class: ms → Instant; 1-5 min (guaranteed) → Flexible Expedited + Provisioned Capacity; 3-5 hr → Flexible Standard; 12 hr → Deep Archive Standard; 48 hr → Deep Archive Bulk. Exam questions will disqualify wrong answers based on retrieval time requirements.
Glacier Instant Retrieval is NOT always cheaper than Standard-IA — higher retrieval fees offset lower storage costs. Calculate TOTAL cost (storage × duration + retrieval × frequency) before choosing. For data accessed more than quarterly, Standard-IA often wins.
Minimum duration charges make Glacier expensive for short-lived objects: 90 days for Instant/Flexible, 180 days for Deep Archive. If objects are deleted before these thresholds, you still pay for the full minimum period — Glacier is only cost-effective for truly long-lived data.
Minimum storage duration charges are a trap in cost optimization questions: Instant Retrieval = 90 days, Flexible Retrieval = 90 days, Deep Archive = 180 days. If a question describes objects deleted after 30 days, Glacier classes will be MORE expensive, not less.
When restoring a Glacier object, you specify a restoration period (1–365 days). During this window, you're billed for BOTH the Glacier storage AND the temporary S3 Standard copy. Always specify the minimum restoration period needed to control costs.
S3 Glacier Deep Archive is the replacement for physical tape libraries. When a question describes migrating tape-based backup infrastructure to AWS cost-effectively, the answer is AWS Storage Gateway Tape Gateway writing to Glacier Deep Archive.
Glacier objects transitioned via S3 Lifecycle are NOT visible in the Glacier console — they appear as Glacier storage class objects in the S3 console. Only archives uploaded directly via the native Glacier API appear in Glacier vaults.
For compliance scenarios requiring WORM with specific retention periods (SEC Rule 17a-4, FINRA, HIPAA): Use S3 Object Lock in Compliance mode (cannot be overridden even by root) on a bucket with Glacier storage class. Governance mode allows override by privileged users.
S3 Intelligent-Tiering does NOT automatically move objects to Glacier classes — it only tiers between Frequent Access, Infrequent Access, and Archive Instant Access tiers within Intelligent-Tiering. You must opt in to the Archive Access and Deep Archive Access tiers separately.
Range retrievals allow you to restore only a specific byte range of a large archive — critical cost optimization when you only need a portion of a large archived file (e.g., reading the header of a large video file to verify integrity).
Common Mistake
S3 Glacier Instant Retrieval is always cheaper than S3 Standard-IA because it's a 'Glacier' class.
Correct
Glacier Instant Retrieval has lower storage costs (~$0.004/GB-month vs ~$0.0125/GB-month for Standard-IA) but significantly higher retrieval fees. For data accessed more frequently than once per quarter, S3 Standard-IA or even S3 Standard may have lower total cost. The 'Glacier' label does not automatically mean cheaper — it depends on access frequency.
This is one of the most tested misconceptions. Exam questions will describe an access pattern (e.g., 'accessed once per month') and ask for the most cost-effective storage class. Candidates who pick Glacier Instant Retrieval without calculating retrieval costs will choose incorrectly. Always multiply retrieval frequency × retrieval cost and add it to storage cost.
Common Mistake
You can retrieve Glacier data instantly at any time with no planning required.
Correct
Only S3 Glacier Instant Retrieval provides millisecond access. S3 Glacier Flexible Retrieval Expedited (1-5 min) requires Provisioned Retrieval Capacity to GUARANTEE availability — without it, requests can be rejected during peak demand. Flexible Standard takes 3-5 hours, and Deep Archive takes 12-48 hours. Planning retrieval is essential for operational readiness.
Candidates assume 'Expedited = fast and always available.' In reality, without provisioned capacity, Expedited retrievals are best-effort. This distinction appears in disaster recovery and SLA-matching questions. If a question specifies 'guaranteed retrieval within 5 minutes,' the answer must include Provisioned Retrieval Capacity.
Common Mistake
Amazon S3 Glacier and Amazon EFS are interchangeable for storing infrequently accessed files to save costs.
Correct
EFS is a POSIX-compliant network file system (NFS) for active workloads requiring file-level access, hierarchical directory structures, and concurrent access from multiple EC2 instances. S3 Glacier is object storage designed for archival, not active file access. EFS has an Infrequent Access tier for cost optimization, but it still provides file system semantics. Choose based on access pattern: POSIX/NFS needed → EFS; pure archival object storage → S3 Glacier.
This misconception appears when candidates optimize costs without understanding storage type boundaries. A question describing a shared file system accessed by multiple EC2 instances should never lead to S3 Glacier — even if access is infrequent. EFS IA is the correct answer for infrequent file access with POSIX requirements.
Common Mistake
Deleting a Glacier object before the minimum storage duration saves money because you stop paying for storage.
Correct
AWS charges the minimum storage duration regardless of when you delete the object. Deleting a Deep Archive object after 30 days still incurs 150 days of additional storage charges (to reach the 180-day minimum). Early deletion is billed as a prorated charge for the remaining minimum period — you do NOT save money by deleting early.
This trap appears in cost optimization scenarios where objects have short lifecycles. If objects are frequently created and deleted within days or weeks, Glacier classes will be MORE expensive than S3 Standard due to minimum duration charges. Always model the full lifecycle cost including minimum duration billing.
Common Mistake
S3 Glacier Vault Lock and S3 Object Lock are the same thing and can be used interchangeably.
Correct
Vault Lock is a feature of the native Amazon S3 Glacier API, applied to Glacier vaults. S3 Object Lock is a feature of Amazon S3 buckets and applies when objects are managed via S3 APIs and Lifecycle policies. If your architecture uses S3 Lifecycle to transition objects to Glacier storage classes, you must use S3 Object Lock (not Vault Lock) for WORM compliance. They serve the same compliance purpose but apply to different access patterns.
Compliance and governance questions may describe a scenario where objects are uploaded to S3 and transitioned to Glacier via Lifecycle — candidates who answer 'Vault Lock' are wrong because Vault Lock only applies to the native Glacier API. The correct answer is S3 Object Lock in Compliance mode.
Common Mistake
S3 Glacier is a separate service from Amazon S3 with its own console, buckets, and management.
Correct
S3 Glacier storage classes are fully integrated INTO Amazon S3 — objects in Glacier Instant Retrieval, Flexible Retrieval, and Deep Archive are S3 objects with a different storage class attribute. They appear in the S3 console, use S3 bucket policies, and are managed via S3 APIs. The native Glacier API (with vaults and archives) is a legacy interface — modern best practice is to use S3 with Lifecycle policies.
Candidates who studied older materials may think Glacier requires separate configuration, separate buckets, or a separate console. Modern exam questions assume S3-integrated Glacier. If a question asks how to archive S3 objects to Glacier, the answer is S3 Lifecycle policies — not uploading to a separate Glacier vault.
RETRIEVAL SPEED LADDER — 'I Eat Sushi Boldly Daily': Instant (ms) → Expedited (1-5 min) → Standard (3-5 hr) → Bulk (5-12 hr) → Deep Archive (12-48 hr)
MINIMUM DURATION RULE — '90-90-180': Instant=90, Flexible=90, Deep Archive=180. 'Two Glaciers share 90, the Deep one doubles it.'
VAULT LOCK vs OBJECT LOCK — 'Vault = native API, Object = S3 API.' If data goes through S3 → Object Lock. If data goes through Glacier API → Vault Lock.
COST CALCULATION MANTRA — 'Storage + Retrieval + Duration = True Cost.' Never compare Glacier classes on storage price alone — retrieval fees can flip the winner.
GLACIER CLASS SELECTOR — 'How often do you need it?' Once a quarter → Instant Retrieval. Once a year → Flexible Retrieval. Almost never (compliance/backup) → Deep Archive.
CertAI Tutor · SAA-C03, SAP-C02, DEA-C01, DOP-C02, CLF-C02, DVA-C02 · 2026-02-21
In the Same Category
Comparisons