**This page is only for existing customers of the Amazon Glacier service using Vaults and the original REST API from 2012.**

If you're looking for archival storage solutions, we recommend using the Amazon Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. To learn more about these storage options, see [Amazon Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/).

Amazon Glacier (original standalone vault-based service) is no longer accepting new customers. Amazon Glacier is a standalone service with its own APIs that stores data in vaults and is distinct from Amazon S3 and the Amazon S3 Glacier storage classes. Your existing data will remain secure and accessible in Amazon Glacier indefinitely. No migration is required. For low-cost, long-term archival storage, AWS recommends the [Amazon S3 Glacier storage classes](https://aws.amazon.com/s3/storage-classes/glacier/), which deliver a superior customer experience with S3 bucket-based APIs, full AWS Region availability, lower costs, and AWS service integration. If you want enhanced capabilities, consider migrating to Amazon S3 Glacier storage classes by using our [AWS Solutions Guidance for transferring data from Amazon Glacier vaults to Amazon S3 Glacier storage classes](https://aws.amazon.com/solutions/guidance/data-transfer-from-amazon-s3-glacier-vaults-to-amazon-s3/).

# API Permissions Reference
<a name="glacier-api-permissions-ref"></a>

When you are setting up [How Amazon Glacier works with IAM](security_iam_service-with-iam.md) and writing a permissions policy that you can attach to an IAM identity (identity-based policies) or a resource (resource-based policies), you can use the following table as a reference. The table lists each Amazon Glacier API operation, the corresponding actions for which you can grant permissions to perform the action, and the AWS resource for which you can grant the permissions.

You specify the actions in the policy's `Action` element, and you specify the resource value in the policy's `Resource` element. Also, you can use the IAM policy language `Condition` element to specify when a policy should take effect.

To specify an action, use the `glacier:` prefix followed by the API operation name (for example, `glacier:CreateVault`). For most Amazon Glacier actions, `Resource` is the vault on which you want to grant the permissions. You specify a vault as the `Resource` value by using the vault ARN. To express conditions, you use predefined condition keys. For more information, see [Resource-based policies within Amazon Glacier](security_iam_service-with-iam.md#security_iam_service-with-iam-resource-based-policies).

The following table lists actions that can be used with identity-based policies and resource-based policies. 

**Note**  
Some actions can only be used with identity-based policies. These actions are marked by an asterisk (\*) after the name of the API operation in the first column.

Use the scroll bars to see the rest of the table.


**Amazon Glacier API and Required Permissions for Actions**  

| Amazon Glacier API Operations | Required Permissions (API Actions) | Resources | Condition Keys | 
| --- | --- | --- | --- | 
| [Abort Multipart Upload (DELETE uploadID)](api-multipart-abort-upload.md)  | glacier:AbortMultipartUpload | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [Abort Vault Lock (DELETE lock-policy)](api-AbortVaultLock.md)  | glacier:AbortVaultLock |   |  | 
| [Add Tags To Vault (POST tags add)](api-AddTagsToVault.md) | glacier:AddTagsToVault | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Complete Multipart Upload (POST uploadID)](api-multipart-complete-upload.md) | glacier:CompleteMultipartUpload | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Complete Vault Lock (POST lockId)](api-CompleteVaultLock.md)  | glacier:CompleteVaultLock |   | `glacier:ResourceTag/{{TagKey}}` | 
| [Create Vault (PUT vault)](api-vault-put.md) \*  | glacier:CreateVault |   |  | 
| [Delete Archive (DELETE archive)](api-archive-delete.md) | glacier:DeleteArchive | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ArchiveAgeInDays`<br />`glacier:ResourceTag/{{TagKey}}` | 
| [Delete Vault (DELETE vault)](api-vault-delete.md) | glacier:DeleteVault | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Delete Vault Access Policy (DELETE access-policy)](api-DeleteVaultAccessPolicy.md) | glacier:DeleteVaultAccessPolicy | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Delete Vault Notifications (DELETE notification-configuration)](api-vault-notifications-delete.md) | glacier:DeleteVaultNotifications | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Describe Job (GET JobID)](api-describe-job-get.md) | glacier:DescribeJob | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | 
| [Describe Vault (GET vault)](api-vault-get.md) | glacier:DescribeVault | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [Get Data Retrieval Policy (GET policy)](api-GetDataRetrievalPolicy.md) \*  | glacier:GetDataRetrievalPolicy | `arn:aws:glacier:{{region}}:{{account-id}}:policies/retrieval-limit-policy` |  | 
| [Get Job Output (GET output)](api-job-output-get.md) | glacier:GetJobOutput | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [Get Vault Access Policy (GET access-policy)](api-GetVaultAccessPolicy.md) | glacier:GetVaultAccessPolicy | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [Get Vault Lock (GET lock-policy)](api-GetVaultLock.md)  | glacier:GetVaultLock | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [Get Vault Notifications (GET notification-configuration)](api-vault-notifications-get.md) | glacier:GetVaultNotifications | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [Initiate Job (POST jobs)](api-initiate-job-post.md) | glacier:InitiateJob | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ArchiveAgeInDays`<br />`glacier:ResourceTag/{{TagKey}}` | 
| [Initiate Multipart Upload (POST multipart-uploads)](api-multipart-initiate-upload.md) | glacier:InitiateMultipartUpload | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Initiate Vault Lock (POST lock-policy)](api-InitiateVaultLock.md)  | glacier:InitiateVaultLock |   | `glacier:ResourceTag/{{TagKey}}` | 
| [List Jobs (GET jobs)](api-jobs-get.md) | glacier:ListJobs | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [List Multipart Uploads (GET multipart-uploads)](api-multipart-list-uploads.md) | glacier:ListMultipartUploads | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [List Parts (GET uploadID)](api-multipart-list-parts.md) | glacier:ListParts | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [List Tags For Vault (GET tags)](api-ListTagsForVault.md) | glacier:ListTagsForVault | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` |  | 
| [List Vaults (GET vaults)](api-vaults-get.md) | glacier:ListVaults |  |  | 
| [Remove Tags From Vault (POST tags remove)](api-RemoveTagsFromVault.md) | glacier:RemoveTagsFromVault | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Set Data Retrieval Policy (PUT policy)](api-SetDataRetrievalPolicy.md) \* | glacier:SetDataRetrievalPolicy | `arn:aws:glacier:{{region}}:{{account-id}}:policies/retrieval-limit-policy` |  | 
| [Set Vault Access Policy (PUT access-policy)](api-SetVaultAccessPolicy.md) | glacier:SetVaultAccessPolicy | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Set Vault Notification Configuration (PUT notification-configuration)](api-vault-notifications-put.md) | glacier:SetVaultNotifications | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Upload Archive (POST archive)](api-archive-post.md) | glacier:UploadArchive | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` | 
| [Upload Part (PUT uploadID)](api-upload-part.md) | glacier:UploadMultipartPart | `arn:aws:glacier:{{region}}:{{account-id}}:vaults/vault-name`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/example*`<br />`arn:aws:glacier:{{region}}:{{account-id}}:vaults/*` | `glacier:ResourceTag/{{TagKey}}` |