AWS Security ChangesHomeSearch

AWS amazonglacier documentation change

Service: amazonglacier · 2025-10-10 · Documentation low

File: amazonglacier/latest/dev/security_iam_id-based-policy-examples.md

Summary

Updated branding from 'Glacier' to 'Amazon Glacier' throughout, added deprecation notice for original standalone Glacier service (no new customers after 2025), and clarified migration guidance to S3 Glacier storage classes

Security assessment

Changes primarily involve branding updates and service deprecation announcements. No evidence of addressing specific security vulnerabilities or weaknesses. The IAM policy examples and security guidance remain functionally unchanged, with only terminology updates.

Diff

diff --git a/amazonglacier/latest/dev/security_iam_id-based-policy-examples.md b/amazonglacier/latest/dev/security_iam_id-based-policy-examples.md
index 79f262bfd..eb8a195e7 100644
--- a//amazonglacier/latest/dev/security_iam_id-based-policy-examples.md
+++ b//amazonglacier/latest/dev/security_iam_id-based-policy-examples.md
@@ -3 +3 @@
-[Documentation](/index.html)[Amazon S3 Glacier](/glacier/index.html)[Developer Guide](introduction.html)
+[Documentation](/index.html)[Amazon Glacier](/glacier/index.html)[Developer Guide](introduction.html)
@@ -7 +7 @@ Policy best practicesUsing the consoleAllow users to view their own permissionsC
-**This page is only for existing customers of the Glacier service using Vaults and the original REST API from 2012.**
+**This page is only for existing customers of the Amazon Glacier service using Vaults and the original REST API from 2012.**
@@ -9 +9,3 @@ Policy best practicesUsing the consoleAllow users to view their own permissionsC
-If you're looking for archival storage solutions we suggest using the Glacier storage classes in Amazon S3, **S3 Glacier Instant Retrieval** , **S3 Glacier Flexible Retrieval** , and **S3 Glacier Deep Archive**. To learn more about these storage options, see [Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/) and [Long-term data storage using Glacier storage classes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/glacier-storage-classes) in the _Amazon S3 User Guide_. These storage classes use the Amazon S3 API, are available in all regions, and can be managed within the Amazon S3 console. They offer features like Storage Cost Analysis, Storage Lens, advanced optional encryption features, and more.
+If you're looking for archival storage solutions, we recommend using the Amazon Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. To learn more about these storage options, see [Amazon Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/).
+
+Amazon Glacier (original standalone vault-based service) will no longer accept new customers starting December 15, 2025, with no impact to existing customers. Amazon Glacier is a standalone service with its own APIs that stores data in vaults and is distinct from Amazon S3 and the Amazon S3 Glacier storage classes. Your existing data will remain secure and accessible in Amazon Glacier indefinitely. No migration is required. For low-cost, long-term archival storage, AWS recommends the [Amazon S3 Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/), which deliver a superior customer experience with S3 bucket-based APIs, full AWS Region availability, lower costs, and AWS service integration. If you want enhanced capabilities, consider migrating to Amazon S3 Glacier storage classes by using our [AWS Solutions Guidance for transferring data from Amazon Glacier vaults to Amazon S3 Glacier storage classes](https://aws.amazon.com/solutions/guidance/data-transfer-from-amazon-s3-glacier-vaults-to-amazon-s3/).
@@ -13 +15 @@ If you're looking for archival storage solutions we suggest using the Glacier st
-By default, users and roles don't have permission to create or modify Glacier resources. They also can't perform tasks by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS API. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. The administrator can then add the IAM policies to roles, and users can assume the roles.
+By default, users and roles don't have permission to create or modify Amazon Glacier resources. They also can't perform tasks by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS API. To grant users permission to perform actions on the resources that they need, an IAM administrator can create IAM policies. The administrator can then add the IAM policies to roles, and users can assume the roles.
@@ -17 +19 @@ To learn how to create an IAM identity-based policy by using these example JSON
-For details about actions and resource types defined by Glacier, including the format of the ARNs for each of the resource types, see [Actions, resources, and condition keys for Amazon Glacier](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3glacier.html) in the _Service Authorization Reference_.
+For details about actions and resource types defined by Amazon Glacier, including the format of the ARNs for each of the resource types, see [Actions, resources, and condition keys for Amazon Glacier](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3glacier.html) in the _Service Authorization Reference_.
@@ -19 +21 @@ For details about actions and resource types defined by Glacier, including the f
-The following is an example policy that grants permissions for three Glacier vault-related actions (`glacier:CreateVault`, `glacier:DescribeVault` and `glacier:ListVaults`) on a resource, using the Amazon Resource Name (ARN) that identifies all of the vaults in the `us-west-2` AWS Region. ARNs uniquely identify AWS resources. For more information about ARNs used with Glacier, see [Policy resources for Glacier](./security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-resources).
+The following is an example policy that grants permissions for three Amazon Glacier vault-related actions (`glacier:CreateVault`, `glacier:DescribeVault` and `glacier:ListVaults`) on a resource, using the Amazon Resource Name (ARN) that identifies all of the vaults in the `us-west-2` AWS Region. ARNs uniquely identify AWS resources. For more information about ARNs used with Amazon Glacier, see [Policy resources for Amazon Glacier](./security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-resources).
@@ -54 +56 @@ When you grant permissions to create a vault using the `glacier:CreateVault` ope
-  * Using the Glacier console
+  * Using the Amazon Glacier console
@@ -65 +67 @@ When you grant permissions to create a vault using the `glacier:CreateVault` ope
-Identity-based policies determine whether someone can create, access, or delete Glacier resources in your account. These actions can incur costs for your AWS account. When you create or edit identity-based policies, follow these guidelines and recommendations:
+Identity-based policies determine whether someone can create, access, or delete Amazon Glacier resources in your account. These actions can incur costs for your AWS account. When you create or edit identity-based policies, follow these guidelines and recommendations:
@@ -82 +84 @@ For more information about best practices in IAM, see [Security best practices i
-## Using the Glacier console
+## Using the Amazon Glacier console
@@ -84 +86 @@ For more information about best practices in IAM, see [Security best practices i
-To access the Amazon Glacier console, you must have a minimum set of permissions. These permissions must allow you to list and view details about the Glacier resources in your AWS account. If you create an identity-based policy that is more restrictive than the minimum required permissions, the console won't function as intended for entities (users or roles) with that policy.
+To access the Amazon Glacier console, you must have a minimum set of permissions. These permissions must allow you to list and view details about the Amazon Glacier resources in your AWS account. If you create an identity-based policy that is more restrictive than the minimum required permissions, the console won't function as intended for entities (users or roles) with that policy.
@@ -88 +90 @@ You don't need to allow minimum console permissions for users that are making ca
-The Glacier console provides an integrated environment for you to create and manage Glacier vaults. At a minimum IAM identities that you create must be granted permissions for the `glacier:ListVaults` action to view the Glacier console as shown in the following example. 
+The Amazon Glacier console provides an integrated environment for you to create and manage Amazon Glacier vaults. At a minimum IAM identities that you create must be granted permissions for the `glacier:ListVaults` action to view the Amazon Glacier console as shown in the following example. 
@@ -113 +115 @@ AWS addresses many common use cases by providing standalone IAM policies that ar
-The following AWS managed policies, which you can attach to users in your account, are specific to Glacier:
+The following AWS managed policies, which you can attach to users in your account, are specific to Amazon Glacier:
@@ -115 +117 @@ The following AWS managed policies, which you can attach to users in your accoun
-  * **AmazonGlacierReadOnlyAccess** – Grants read only access to Glacier through the AWS Management Console.
+  * **AmazonGlacierReadOnlyAccess** – Grants read only access to Amazon Glacier through the AWS Management Console.
@@ -117 +119 @@ The following AWS managed policies, which you can attach to users in your accoun
-  * **AmazonGlacierFullAccess** – Grants full access to Glacier through the AWS Management Console. 
+  * **AmazonGlacierFullAccess** – Grants full access to Amazon Glacier through the AWS Management Console. 
@@ -122 +124 @@ The following AWS managed policies, which you can attach to users in your accoun
-You can also create your own custom IAM policies to allow permissions for Glacier API actions and resources. You can attach these custom policies to the custom IAM roles that you create for your Glacier vaults. 
+You can also create your own custom IAM policies to allow permissions for Amazon Glacier API actions and resources. You can attach these custom policies to the custom IAM roles that you create for your Amazon Glacier vaults. 
@@ -124 +126 @@ You can also create your own custom IAM policies to allow permissions for Glacie
-Both of the Glacier AWS Managed policies discussed in the next section grant permissions for `glacier:ListVaults`. 
+Both of the Amazon Glacier AWS Managed policies discussed in the next section grant permissions for `glacier:ListVaults`. 
@@ -168 +170 @@ This example shows how you might create a policy that allows IAM users to view t
-In this section, you can find example user policies that grant permissions for various Glacier actions. These policies work when you are using Glacier REST API, the Amazon SDKs, the AWS CLI, or, if applicable, the Glacier management console. 
+In this section, you can find example user policies that grant permissions for various Amazon Glacier actions. These policies work when you are using Amazon Glacier REST API, the Amazon SDKs, the AWS CLI, or, if applicable, the Amazon Glacier management console. 
@@ -207 +209 @@ The following example policy grants permissions to upload archives to a specific
-The following example policy grants permissions for all Glacier actions on a vault named `examplevault`.
+The following example policy grants permissions for all Amazon Glacier actions on a vault named `examplevault`.