You can setup AWS Glacier via S3 bucket replication. Create a S3 bucket and slap this bucket policy.
{ "Version": "2012-10-17", "Id": "S3PolicyId1", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::your-bucket-storage-name/*", "Condition": { "IpAddress": { "aws:SourceIp": "10.0.0.0/8" } } }, { "Sid": "DenyIncorrectEncryptionHeader", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::your-bucket-storage-name/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256" } } }, { "Sid": "DenyUnEncryptedObjectUploads", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::your-bucket-name/*", "Condition": { "Null": { "s3:x-amz-server-side-encryption": "true" } } } ] } |
Add this policy to your IAM user or role.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::your-bucket-name/*" }, { "Effect": "Allow", "Action": [ "s3:List*", "s3:Get*" ], "Resource": "arn:aws:s3:::*" } ] } |
Finally, add a lifecycle policy to move your files from Standard to Glacier storage type.