Skip to content

Resource: awsGlacierVault

Provides a Glacier Vault Resource. You can refer to the Glacier Developer Guide for a full explanation of the Glacier Vault functionality

\~> NOTE: When removing a Glacier Vault, the Vault must be empty.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSnsTopicAwsSnsTopic = new aws.snsTopic.SnsTopic(
  this,
  "aws_sns_topic",
  {
    name: "glacier-sns-topic",
  }
);
const dataAwsIamPolicyDocumentMyArchive =
  new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
    this,
    "my_archive",
    {
      statement: [
        {
          actions: ["glacier:InitiateJob", "glacier:GetJobOutput"],
          effect: "Allow",
          principals: [
            {
              identifiers: ["*"],
              type: "*",
            },
          ],
          resources: [
            "arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive",
          ],
          sid: "add-read-only-perm",
        },
      ],
    }
  );
const awsGlacierVaultMyArchive = new aws.glacierVault.GlacierVault(
  this,
  "my_archive_2",
  {
    accessPolicy: dataAwsIamPolicyDocumentMyArchive.json,
    name: "MyArchive",
    notification: {
      events: ["ArchiveRetrievalCompleted", "InventoryRetrievalCompleted"],
      snsTopic: awsSnsTopicAwsSnsTopic.arn,
    },
    tags: {
      Test: "MyArchive",
    },
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsGlacierVaultMyArchive.overrideLogicalId("my_archive");

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).
  • accessPolicy - (Optional) The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here. Use the Glacier Developer Guide for more information on Glacier Vault Policy
  • notification - (Optional) The notifications for the Vault. Fields documented below.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

notification supports the following:

  • events - (Required) You can configure a vault to publish a notification for archiveRetrievalCompleted and inventoryRetrievalCompleted events.
  • snsTopic - (Required) The SNS Topic ARN.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • location - The URI of the vault that was created.
  • arn - The ARN of the vault.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Glacier Vaults can be imported using the name, e.g.,

$ terraform import aws_glacier_vault.archive my_archive