AWS Security ChangesHomeSearch

AWS amazonglacier documentation change

Service: amazonglacier · 2025-10-10 · Documentation low

File: amazonglacier/latest/dev/vault-lock-policy.md

Summary

Updated branding from 'Glacier' to 'Amazon Glacier', added deprecation notice for standalone Glacier service (no new customers after 2025), and emphasized migration guidance to S3 Glacier storage classes

Security assessment

Changes focus on service naming consistency, deprecation announcements, and migration recommendations. No evidence of addressing security vulnerabilities or weaknesses. The Vault Lock policy documentation remains unchanged in security context, only updated terminology.

Diff

diff --git a/amazonglacier/latest/dev/vault-lock-policy.md b/amazonglacier/latest/dev/vault-lock-policy.md
index da78d6afb..04410fbcb 100644
--- a//amazonglacier/latest/dev/vault-lock-policy.md
+++ b//amazonglacier/latest/dev/vault-lock-policy.md
@@ -3 +3 @@
-[Documentation](/index.html)[Amazon S3 Glacier](/glacier/index.html)[Developer Guide](introduction.html)
+[Documentation](/index.html)[Amazon Glacier](/glacier/index.html)[Developer Guide](introduction.html)
@@ -7 +7 @@ Example 1: Deny Deletion Permissions for Archives Less Than 365 Days OldExample
-**This page is only for existing customers of the Glacier service using Vaults and the original REST API from 2012.**
+**This page is only for existing customers of the Amazon Glacier service using Vaults and the original REST API from 2012.**
@@ -9 +9,3 @@ Example 1: Deny Deletion Permissions for Archives Less Than 365 Days OldExample
-If you're looking for archival storage solutions we suggest using the Glacier storage classes in Amazon S3, **S3 Glacier Instant Retrieval** , **S3 Glacier Flexible Retrieval** , and **S3 Glacier Deep Archive**. To learn more about these storage options, see [Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/) and [Long-term data storage using Glacier storage classes](https://docs.aws.amazon.com/AmazonS3/latest/userguide/glacier-storage-classes) in the _Amazon S3 User Guide_. These storage classes use the Amazon S3 API, are available in all regions, and can be managed within the Amazon S3 console. They offer features like Storage Cost Analysis, Storage Lens, advanced optional encryption features, and more.
+If you're looking for archival storage solutions, we recommend using the Amazon Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. To learn more about these storage options, see [Amazon Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/).
+
+Amazon Glacier (original standalone vault-based service) will no longer accept new customers starting December 15, 2025, with no impact to existing customers. Amazon Glacier is a standalone service with its own APIs that stores data in vaults and is distinct from Amazon S3 and the Amazon S3 Glacier storage classes. Your existing data will remain secure and accessible in Amazon Glacier indefinitely. No migration is required. For low-cost, long-term archival storage, AWS recommends the [Amazon S3 Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/), which deliver a superior customer experience with S3 bucket-based APIs, full AWS Region availability, lower costs, and AWS service integration. If you want enhanced capabilities, consider migrating to Amazon S3 Glacier storage classes by using our [AWS Solutions Guidance for transferring data from Amazon Glacier vaults to Amazon S3 Glacier storage classes](https://aws.amazon.com/solutions/guidance/data-transfer-from-amazon-s3-glacier-vaults-to-amazon-s3/).
@@ -13 +15 @@ If you're looking for archival storage solutions we suggest using the Glacier st
-An Amazon Glacier (Glacier) vault can have one resource-based vault access policy and one Vault Lock policy attached to it. A _Vault Lock policy_ is a vault access policy that you can lock. Using a Vault Lock policy can help you enforce regulatory and compliance requirements. Amazon Glacier provides a set of API operations for you to manage the Vault Lock policies, see [Locking a Vault by Using the Glacier API](./vault-lock-how-to-api.html). 
+An Amazon Glacier (Amazon Glacier) vault can have one resource-based vault access policy and one Vault Lock policy attached to it. A _Vault Lock policy_ is a vault access policy that you can lock. Using a Vault Lock policy can help you enforce regulatory and compliance requirements. Amazon Glacier provides a set of API operations for you to manage the Vault Lock policies, see [Locking a Vault by Using the Amazon Glacier API](./vault-lock-how-to-api.html). 
@@ -17 +19 @@ As an example of a Vault Lock policy, suppose that you are required to retain ar
-You can use the Glacier API, Amazon SDKs, AWS CLI, or the Glacier console to create and manage Vault Lock policies. For a list of Glacier actions allowed for vault resource-based policies, see [API Permissions Reference](./glacier-api-permissions-ref.html).
+You can use the Amazon Glacier API, Amazon SDKs, AWS CLI, or the Amazon Glacier console to create and manage Vault Lock policies. For a list of Amazon Glacier actions allowed for vault resource-based policies, see [API Permissions Reference](./glacier-api-permissions-ref.html).
@@ -30 +32 @@ You can use the Glacier API, Amazon SDKs, AWS CLI, or the Glacier console to cre
-Suppose that you have a regulatory requirement to retain archives for up to one year before you can delete them. You can enforce that requirement by implementing the following Vault Lock policy. The policy denies the `glacier:DeleteArchive` action on the examplevault vault if the archive being deleted is less than one year old. The policy uses the Glacier-specific condition key `ArchiveAgeInDays` to enforce the one-year retention requirement. 
+Suppose that you have a regulatory requirement to retain archives for up to one year before you can delete them. You can enforce that requirement by implementing the following Vault Lock policy. The policy denies the `glacier:DeleteArchive` action on the examplevault vault if the archive being deleted is less than one year old. The policy uses the Amazon Glacier-specific condition key `ArchiveAgeInDays` to enforce the one-year retention requirement.