AWS amazonglacier documentation change
Summary
Updated service branding from 'Glacier' to 'Amazon Glacier', added deprecation notice for standalone Glacier service (no new customers after 2025), and redirected users to S3 Glacier storage classes. Minor example text changes.
Security assessment
Changes primarily involve service naming consistency, deprecation announcements, and migration guidance. No evidence of addressing a security vulnerability or weakness. The authentication/signing process documentation remains functionally unchanged (still using AWS SigV4). The deprecation notice emphasizes continued security for existing data but does not indicate a security flaw.
Diff
diff --git a/amazonglacier/latest/dev/amazon-glacier-signing-requests.md b/amazonglacier/latest/dev/amazon-glacier-signing-requests.md index 95034c52d..613e42bf2 100644 --- a//amazonglacier/latest/dev/amazon-glacier-signing-requests.md +++ b//amazonglacier/latest/dev/amazon-glacier-signing-requests.md @@ -3 +3 @@ -[Documentation](/index.html)[Amazon S3 Glacier](/glacier/index.html)[Developer Guide](introduction.html) +[Documentation](/index.html)[Amazon Glacier](/glacier/index.html)[Developer Guide](introduction.html) @@ -7 +7 @@ Example Signature CalculationCalculating Signatures for the Streaming Operations -**This page is only for existing customers of the Glacier service using Vaults and the original REST API from 2012.** +**This page is only for existing customers of the Amazon Glacier service using Vaults and the original REST API from 2012.** @@ -9 +9,3 @@ Example Signature CalculationCalculating Signatures for the Streaming Operations -If you're looking for archival storage solutions we suggest using the Glacier storage classes in Amazon S3, **S3 Glacier Instant Retrieval** , **S3 Glacier Flexible Retrieval** , and **S3 Glacier Deep Archive**. To learn more about these storage options, see [Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/) and [Long-term data storage using Glacier storage classes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/glacier-storage-classes) in the _Amazon S3 User Guide_. These storage classes use the Amazon S3 API, are available in all regions, and can be managed within the Amazon S3 console. They offer features like Storage Cost Analysis, Storage Lens, advanced optional encryption features, and more. +If you're looking for archival storage solutions, we recommend using the Amazon Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. To learn more about these storage options, see [Amazon Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/). + +Amazon Glacier (original standalone vault-based service) will no longer accept new customers starting December 15, 2025, with no impact to existing customers. Amazon Glacier is a standalone service with its own APIs that stores data in vaults and is distinct from Amazon S3 and the Amazon S3 Glacier storage classes. Your existing data will remain secure and accessible in Amazon Glacier indefinitely. No migration is required. For low-cost, long-term archival storage, AWS recommends the [Amazon S3 Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/), which deliver a superior customer experience with S3 bucket-based APIs, full AWS Region availability, lower costs, and AWS service integration. If you want enhanced capabilities, consider migrating to Amazon S3 Glacier storage classes by using our [AWS Solutions Guidance for transferring data from Amazon Glacier vaults to Amazon S3 Glacier storage classes](https://aws.amazon.com/solutions/guidance/data-transfer-from-amazon-s3-glacier-vaults-to-amazon-s3/). @@ -13 +15 @@ If you're looking for archival storage solutions we suggest using the Glacier st -Glacier requires that you authenticate every request you send by signing the request. To sign a request, you calculate a digital signature using a cryptographic hash function. A cryptographic hash is a function that returns a unique hash value based on the input. The input to the hash function includes the text of your request and your secret access key. The hash function returns a hash value that you include in the request as your signature. The signature is part of the `Authorization` header of your request. +Amazon Glacier requires that you authenticate every request you send by signing the request. To sign a request, you calculate a digital signature using a cryptographic hash function. A cryptographic hash is a function that returns a unique hash value based on the input. The input to the hash function includes the text of your request and your secret access key. The hash function returns a hash value that you include in the request as your signature. The signature is part of the `Authorization` header of your request. @@ -15 +17 @@ Glacier requires that you authenticate every request you send by signing the req -After receiving your request, Glacier recalculates the signature using the same hash function and input that you used to sign the request. If the resulting signature matches the signature in the request, Glacier processes the request. Otherwise, the request is rejected. +After receiving your request, Amazon Glacier recalculates the signature using the same hash function and input that you used to sign the request. If the resulting signature matches the signature in the request, Amazon Glacier processes the request. Otherwise, the request is rejected. @@ -17 +19 @@ After receiving your request, Glacier recalculates the signature using the same -Glacier supports authentication using [AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). The process for calculating a signature can be broken into three tasks: +Amazon Glacier supports authentication using [AWS Signature Version 4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). The process for calculating a signature can be broken into three tasks: @@ -21 +23 @@ Glacier supports authentication using [AWS Signature Version 4](https://docs.aws -Rearrange your HTTP request into a canonical format. Using a canonical form is necessary because Glacier uses the same canonical form when it recalculates a signature to compare with the one you sent. +Rearrange your HTTP request into a canonical format. Using a canonical form is necessary because Amazon Glacier uses the same canonical form when it recalculates a signature to compare with the one you sent. @@ -29 +31 @@ Create a string that you will use as one of the input values to your cryptograph -Create a signature for your request by using a cryptographic hash function that accepts two input strings: your _string to sign_ and a _derived key_. The _derived key_ is calculated by starting with your secret access key and using the _credential scope_ string to create a series of hash-based message authentication codes (HMACs). Note that the hash function used in this signing step is not the tree-hash algorithm used in Glacier APIs that upload data. +Create a signature for your request by using a cryptographic hash function that accepts two input strings: your _string to sign_ and a _derived key_. The _derived key_ is calculated by starting with your secret access key and using the _credential scope_ string to create a series of hash-based message authentication codes (HMACs). Note that the hash function used in this signing step is not the tree-hash algorithm used in Amazon Glacier APIs that upload data. @@ -141 +143 @@ Similarly, in C# you can calculate the SHA256 hash of the payload data as shown -The following example walks you through the details of creating a signature for [Upload Archive (POST archive)](./api-archive-post.html), one of the two streaming APIs in Glacier. The example assumes the following: +The following example walks you through the details of creating a signature for [Upload Archive (POST archive)](./api-archive-post.html), one of the two streaming APIs in Amazon Glacier. The example assumes the following: @@ -147 +149 @@ The following example walks you through the details of creating a signature for - * The content payload is a string "Welcome to Glacier." + * The content payload is a string "Welcome to Amazon Glacier."