Amazon S3 Adds Lock-Down Function for Glacier Archiving
Amazon has added some new security and compliance controls to its Glacier archiving service.
Glacier is an adjunct feature to Amazon's popular Simple Storage Service, so users need to sign up for S3 first. To use Glacier, users create separate "vaults" and fill them with archived data or files, either directly or by using S3 lifecycle rules.
The Seattle-based Web services giant on July 9 introduced a new vault lock feature with a list of compliance controls that are designed to support business or personal records-retention use cases. These are especially relevant to regulated businesses, such as in health care, financial services, government and military use cases.
Users now can create a Vault Lock policy on a vault and lock it down; once locked, the policy cannot be overwritten or deleted. Glacier will enforce the policy and protect records according to the controls (including a predefined retention period), Amazon evangelist Jeff Barr wrote in his corporate blog.
"You cannot change the Vault Lock policy after you lock it. However, you can still alter and configure the access controls that are not related to compliance by using a separate vault access policy. For example, you can grant read access to business partners or designated third parties (as sometimes required by regulation)," Barr wrote.
Because the locking policy cannot be changed or removed after it is locked down (to assure compliance), Amazon has implemented a two-step locking process to give users an opportunity to test it before locking the vault down for good.
For more information, go here.