Compliance Validation for Amazon Glacier - Amazon Glacier
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This page is only for existing customers of the Amazon Glacier service using Vaults and the original REST API from 2012.

If you're looking for archival storage solutions, we recommend using the Amazon Glacier storage classes in Amazon S3, S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, and S3 Glacier Deep Archive. To learn more about these storage options, see Amazon Glacier storage classes.

Amazon Glacier (original standalone vault-based service) will no longer accept new customers starting December 15, 2025, with no impact to existing customers. Amazon Glacier is a standalone service with its own APIs that stores data in vaults and is distinct from Amazon S3 and the Amazon S3 Glacier storage classes. Your existing data will remain secure and accessible in Amazon Glacier indefinitely. No migration is required. For low-cost, long-term archival storage, Amazon recommends the Amazon S3 Glacier storage classes, which deliver a superior customer experience with S3 bucket-based APIs, full Amazon Web Services Region availability, lower costs, and Amazon service integration. If you want enhanced capabilities, consider migrating to Amazon S3 Glacier storage classes by using our Amazon Solutions Guidance for transferring data from Amazon Glacier vaults to Amazon S3 Glacier storage classes.

Compliance Validation for Amazon Glacier

The security and compliance of Amazon Glacier (Amazon Glacier) is assessed by third-party auditors as part of multiple Amazon compliance programs, including the following:

  • System and Organization Controls (SOC)

  • Payment Card Industry Data Security Standard (PCI DSS)

  • Federal Risk and Authorization Management Program (FedRAMP)

  • Health Insurance Portability and Accountability Act (HIPAA)

Amazon provides a frequently updated list of Amazon services in scope of specific compliance programs at Amazon Services in Scope by Compliance Program.

Third-party audit reports are available for you to download using Amazon Artifact. For more information, see Downloading Reports in Amazon Artifact in the Amazon Artifact User Guide.

For more information about Amazon compliance programs, see Amazon Compliance Programs.

Your compliance responsibility when using Amazon Glacier is determined by the sensitivity of your data, your organization’s compliance objectives, and applicable laws and regulations. If your use of Amazon Glacier is subject to compliance with standards like HIPAA, PCI, or FedRAMP, Amazon provides resources to help:

  • Amazon Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual Amazon Glacier vaults with a vault lock policy. You can specify controls such as “write once read many” (WORM) in a vault lock policy and lock the policy from future edits. After the policy is locked, it can no longer be changed. Vault lock policies can help you comply with regulatory frameworks such as SEC17a-4 and HIPAA.

  • Security and Compliance Quick Start Guides discuss architectural considerations and steps for deploying security- and compliance-focused baseline environments on Amazon.

  • Architecting for HIPAA Security and Compliance outlines how companies use Amazon to help them meet HIPAA requirements.

  • The Amazon Well-Architected Tool (Amazon WA Tool) is a service in the cloud that provides a consistent process for you to review and measure your architecture using Amazon best practices. The Amazon WA Tool provides recommendations for making your workloads more reliable, secure, efficient, and cost-effective.

  • Amazon Compliance Resources provide several different workbooks and guides that might apply to your industry and location.

  • Amazon Config can help you assess how well your resource configurations comply with internal practices, industry guidelines, and regulations.

  • Amazon Security Hub provides you with a comprehensive view of your security state within Amazon and helps you check your compliance with security industry standards and best practices.