Share the Vault using Vault Access Policy. Grant access to your vault to another AWS user.
FastGlacier
Free Windows Client for Amazon Glacier
Follow:
Like:
Share:

Sharing the Vault via Vault Access Policies

Recently Amazon Glacier Team announced the new featue called Glacier Vault Access Policies. Using Access Policies you can easily share your vault(s) with other AWS users. From the tutorial below you will learn on how to grant access to your vault to another AWS user and how to connect to the vault shared with you by another user.

Prerequisites: in order to grant access to your vault to another user you need to know their Account Id. The users may find their Account Id in Account Settings.

To Share the Vault:

1. Start FastGlacier and navigate to the vault you want to share.

2. Click Vaults, Advanced, Access Policy

vaults-advanced-access-policy

Click Vaults, Advanced, Access Policy to open Policy Editor

Vault Access Policy Editor dialog will open:

vault-policy-editor-dialog

Vault Access Policy Editor

3. Paste the following access policy:


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "cross-account-upload",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::111111111111:root"
      },
      "Action": [
        "glacier:InitiateMultipartUpload",
        "glacier:ListParts",
        "glacier:UploadArchive",
        "glacier:UploadMultipartPart",
        "glacier:AbortMultipartUpload",
        "glacier:CompleteMultipartUpload"
      ],
      "Resource": "arn:aws:glacier:us-west-2:777777777777:vaults/DailyBackup"
    }
  ]
}
	

Where 111111111111 is the Account Id of the user you want to share the vault with.

And arn:aws:glacier:us-west-2:777777777777:vaults/DailyBackup is the ARN of the Vault you want to share.

The policy above allows the user with Account Id 111111111111 to upload files into the vault DailyBackup located in US West (Oregon) region. For full list of allowed actions and policy examples please check AWS Documentation.

If you paste the policy into the Policy Editor, the Vault Arn is updated automatically.

4. Click Apply to save changes

vault-policy-editor-dialog-filled

Click Apply to save changes

5. Send the following details to the user you shared the vault with:

  • Vault Name - the name of the vault you shared (DailyBackup in our example)
  • Vault Region - the region where the shared vault is located (US West (Oregon) in our example)
  • Account Id - your Account Id (777777777777 in our example)

The user may follow instructions below to access the vault (permanent link).

To Access Shared Vault:

1. Click Vaults, Add External Vault

vaults-add-external-vault

Click Vaults, Add External Vault

Add External Vault dialog will open:

add-external-vault-dialog

Add External Vault Dialog

2. Fill out the following fields:

  • Vault Name - the name of the vault you want to connect to
  • Vault Region - the region where the vault is located
  • Vault Owner's Account Id - an Account Id of the vault owner

add-external-vault-dialog-filled

Add External Vault Dialog - filled example

3. Click Add.

Now you can work with the vault according to the permissions provided.


Related articles

Vault Access Policy Editor - working with Vault Access Policy.

FastGlacier 3.4.7 Freeware
Powered by Amazon Web Services
Social Connection
Glacier Client Logo
 
People like FastGlacier!
Our customers say

"Your client software has been wonderful to use and has made working with the Glacier service a pleasant experience. What I like most about FastGlacier is that it's extremely easy to use, even for non-technical/IT people." - Rob Costello, Pro User

"Your product recently saved me after I deleted everything I had locally. But with FG, I restored all our video and photos from AWS. Phew! Divorce averted!!" - Jamie C., USA

"Spending ~$40 on @FastGlacier was one of my best software purchases." - J Biggert (Twitter)

Related Products
Copyright © 2012-2017 NetSDK Software, LLC. All rights reserved.  Terms of Use.  Privacy Policy.