This page is only for existing customers of the S3 Glacier service using Vaults and the original REST API from 2012.
If you're looking for archival storage solutions we suggest using the S3 Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. To learn more about these storage options, see S3 Glacier storage classes
Set Vault Access Policy (PUT access-policy)
Description
This operation configures an access policy for a vault and will overwrite an existing
policy. To configure a vault access policy, send a PUT
request to the
access-policy
subresource of the vault. You can set one access policy per vault
and the policy can be up to 20 KB in size. For more information about vault access
policies, see Vault Access Policies.
Requests
Syntax
To set a vault access policy, send an HTTP PUT
request to the URI of
the vault's access-policy
subresource as shown in the following syntax
example.
PUT /
AccountId
/vaults/vaultName
/access-policy HTTP/1.1 Host: glacier.Region
.amazonaws.com.cn Date:Date
Authorization:SignatureValue
Content-Length:Length
x-amz-glacier-version: 2012-06-01 { "Policy": "string" }
Note
The AccountId
value is the Amazon Web Services account ID of the account that owns the vault. You can either specify an Amazon Web Services account ID or optionally a single '-
' (hyphen), in which case Amazon S3 Glacier uses the Amazon Web Services account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.
Request Parameters
This operation does not use request parameters.
Request Headers
This operation uses only request headers that are common to all operations. For information about common request headers, see Common Request Headers.
Request Body
The request body contains the following JSON fields.
- Policy
-
The vault access policy as a JSON string, which uses "\" as an escape character.
Type: String
Required: Yes
Responses
In response, S3 Glacier returns 204 No Content
if the policy is
accepted.
Syntax
HTTP/1.1 204 No Content x-amzn-RequestId: x-amzn-RequestId Date: Date
Response Headers
This operation uses only response headers that are common to most responses. For information about common response headers, see Common Response Headers.
Response Body
This operation does not return a response body.
Errors
For information about Amazon S3 Glacier exceptions and error messages, see Error Responses.
Examples
Example Request
The following example sends an HTTP PUT
request to the URI of the vault's
access-policy
subresource. The Policy
JSON string uses
"\" as an escape character.
PUT /-/vaults/examplevault/access-policy HTTP/1.1 Host: glacier.us-west-2.amazonaws.com.cn x-amz-Date: 20170210T120000Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20141123/us-west-2/glacier/aws4_request,SignedHeaders=host;x-amz-date;x-amz-glacier-version,Signature=9257c16da6b25a715ce900a5b45b03da0447acf430195dcb540091b12966f2a2 Content-Length: length x-amz-glacier-version: 2012-06-01 {"Policy":"{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Define-owner-access-rights\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::999999999999:root\"},\"Action\":\"glacier:DeleteArchive\",\"Resource\":\"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault\"}]}"}
Example Response
If the request was successful, Amazon S3 Glacier (S3 Glacier) returns a HTTP 204 No Content
as
shown in the following example.
HTTP/1.1 204 No Content x-amzn-RequestId: AAABZpJrTyioDC_HsOmHae8EZp_uBSJr6cnGOLKp_XJCl-Q Date: Wed, 10 Feb 2017 12:02:00 GMT
Related Sections
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: