This page is only for existing customers of the S3 Glacier service using Vaults and the original REST API from 2012.
If you're looking for archival storage solutions we suggest using the S3 Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. To learn more about these storage options, see S3 Glacier storage classes
Get Vault Access Policy (GET access-policy)
Description
This operation retrieves the access-policy subresource set on the
vault—for more information on setting this subresource, see Set Vault Access Policy (PUT access-policy). If
there is no access policy set on the vault, the operation returns a 404 Not
found error. For more information about vault access policies, see Vault Access Policies.
Requests
To return the current vault access policy, send an HTTP GET request to
the URI of the vault's access-policy subresource.
Syntax
GET /AccountId/vaults/vaultName/access-policy HTTP/1.1 Host: glacier.Region.amazonaws.com.cn Date:DateAuthorization:SignatureValuex-amz-glacier-version: 2012-06-01
Note
The AccountId value is the Amazon Web Services account ID of the account that owns the vault. You can either specify an Amazon Web Services account ID or optionally a single '-' (hyphen), in which case Amazon S3 Glacier uses the Amazon Web Services account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.
Request Parameters
This operation does not use request parameters.
Request Headers
This operation uses only request headers that are common to all operations. For information about common request headers, see Common Request Headers.
Request Body
This operation does not have a request body.
Responses
In response, Amazon S3 Glacier (S3 Glacier) returns the vault access policy in JSON format in the body of the response.
Syntax
HTTP/1.1 200 OK x-amzn-RequestId: x-amzn-RequestId Date: Date Content-Type: application/json Content-Length: length { "Policy": "string" }
Response Headers
This operation uses only response headers that are common to most responses. For information about common response headers, see Common Response Headers.
Response Body
The response body contains the following JSON fields.
- Policy
-
The vault access policy as a JSON string, which uses "\" as an escape character.
Type: String
Errors
For information about Amazon S3 Glacier exceptions and error messages, see Error Responses.
Examples
The following example demonstrates how to get a vault access policy.
Example Request
In this example, a GET request is sent to the URI of a vault's access-policy subresource.
GET /-/vaults/examplevault/access-policy HTTP/1.1 Host: glacier.us-west-2.amazonaws.com.cn x-amz-Date: 20170210T120000Z x-amz-glacier-version: 2012-06-01 Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20141123/us-west-2/glacier/aws4_request,SignedHeaders=host;x-amz-date;x-amz-glacier-version,Signature=9257c16da6b25a715ce900a5b45b03da0447acf430195dcb540091b12966f2a2
Example Response
If the request was successful, S3 Glacier returns the vault access policy as a JSON string in the body of the response. The returned JSON string uses "\" as an escape character, as shown in the Set Vault Access Policy (PUT access-policy) examples. However, the following example shows the returned JSON string without escape characters for readability.
HTTP/1.1 200 OK x-amzn-RequestId: AAABZpJrTyioDC_HsOmHae8EZp_uBSJr6cnGOLKp_XJCl-Q Date: Wed, 10 Feb 2017 12:00:00 GMT Content-Type: application/json Content-Length: length { "Policy": " { "Version": "2012-10-17", "Statement": [ { "Sid": "allow-time-based-deletes", "Principal": { "AWS": "999999999999" }, "Effect": "Allow", "Action": "glacier:Delete*", "Resource": [ "arn:aws:glacier:us-west-2:999999999999:vaults/examplevault" ], "Condition": { "DateGreaterThan": { "aws:CurrentTime": "2018-12-31T00:00:00Z" } } } ] } " }
Related Sections
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: