How to share Amazon Glacier Vault with another AWS User. Share the vault using Vault Access Policy. How to grant access to your vault to another user.

Share the Vault using Vault Access Policy. Grant access to your vault to another AWS user.

FastGlacier

Free Windows Client for Amazon Glacier

Follow:

Twitter
Facebook
RSS

Recently Amazon Glacier Team announced the new featue called Glacier Vault Access Policies. Using Access Policies you can easily share your vault(s) with other AWS users. From the tutorial below you will learn on how to grant access to your vault to another AWS user and how to connect to the vault shared with you by another user.

Prerequisites: in order to grant access to your vault to another user you need to know their Account Id. The users may find their Account Id in Account Settings.

To Share the Vault:

1. Start FastGlacier and navigate to the vault you want to share.

2. Click Vaults, Advanced, Access Policy

Click Vaults, Advanced, Access Policy to open Policy Editor

Vault Access Policy Editor dialog will open:

Vault Access Policy Editor

3. Paste the following access policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "cross-account-upload",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::111111111111:root"
      },
      "Action": [
        "glacier:InitiateMultipartUpload",
        "glacier:ListParts",
        "glacier:UploadArchive",
        "glacier:UploadMultipartPart",
        "glacier:AbortMultipartUpload",
        "glacier:CompleteMultipartUpload"
      ],
      "Resource": "arn:aws:glacier:us-west-2:777777777777:vaults/DailyBackup"
    }
  ]
}
	
Where 111111111111 is the Account Id of the user you want to share the vault with.

And arn:aws:glacier:us-west-2:777777777777:vaults/DailyBackup is the ARN of the Vault you want to share.

The policy above allows the user with Account Id 111111111111 to upload files into the vault DailyBackup located in US West (Oregon) region. For full list of allowed actions and policy examples please check AWS Documentation.

If you paste the policy into the Policy Editor, the Vault Arn is updated automatically.

4. Click Apply to save changes

Click Apply to save changes

5. Send the following details to the user you shared the vault with:

Vault Name - the name of the vault you shared (DailyBackup in our example)

Vault Region - the region where the shared vault is located (US West (Oregon) in our example)

Account Id - your Account Id (777777777777 in our example)

The user may follow instructions below to access the vault (permanent link).

To Access Shared Vault:

1. Click Vaults, Add External Vault

Click Vaults, Add External Vault

Add External Vault dialog will open:

Add External Vault Dialog

2. Fill out the following fields:

Vault Name - the name of the vault you want to connect to

Vault Region - the region where the vault is located

Vault Owner's Account Id - an Account Id of the vault owner

Add External Vault Dialog - filled example

3. Click Add.

Now you can work with the vault according to the permissions provided.

Vault Access Policy Editor - working with Vault Access Policy.

FastGlacier 4.1.5 Freeware

Social Connection

People like FastGlacier!

Our customers say

"Your client software has been wonderful to use and has made working with the Glacier service a pleasant experience. What I like most about FastGlacier is that it's extremely easy to use, even for non-technical/IT people." - Rob Costello, Pro User

"Your product recently saved me after I deleted everything I had locally. But with FG, I restored all our video and photos from AWS. Phew! Divorce averted!!" - Jamie C., USA

"Spending ~$40 on @FastGlacier was one of my best software purchases." - J Biggert (Twitter)

Sharing the Vault via Vault Access Policies

To Share the Vault:

To Access Shared Vault:

Related articles