Amazon S3 Glacier
Developer Guide (API Version 2012-06-01)

Using Resource-Based Policies for Amazon S3 Glacier (Vault Policies)

An Amazon S3 Glacier (Glacier) vault is the primary resource in Glacier. You can add permissions to the policy associated with a Glacier vault. Permissions policies attached to Glacier vaults are referred to as resource-based policies (or vault policies in Glacier). Each Glacier vault can have resource-based permissions policies associated with it. For information about available permissions policy options, see Managing Access to Resources.

Important

Before you create resource-based policies, we recommend that you first review the introductory topics that explain the basic concepts and options available for you to manage access to your Glacier resources. For more information, see Overview of Managing Access Permissions to Your Amazon S3 Glacier Resources.

A Glacier vault can have one vault access policy and one Vault Lock policy associated with it. An Amazon S3 Glacier vault access policy is a resource-based policy that you can use to manage permissions to your vault. A Vault Lock policy is vault access policy that can be locked. After you lock a Vault Lock policy, the policy can't be changed. You can use a Vault Lock Policy to enforce compliance controls.

For more information, see the following topics.