Skip to content

Instantly share code, notes, and snippets.

@Shereef
Forked from Remiii/README.md
Last active April 21, 2022 12:26
Show Gist options
  • Save Shereef/01344518b477f1cf525c4f0b27467db1 to your computer and use it in GitHub Desktop.
Save Shereef/01344518b477f1cf525c4f0b27467db1 to your computer and use it in GitHub Desktop.
How to delete Vault (AWS Glacier)

How to delete Vault (AWS Glacier)

This Gist give some tips in order to remove AWS Glacier Vault with AWS CLI (ie. https://aws.amazon.com/en/cli/).

Step 1 / Retrive inventory

$ aws glacier initiate-job --job-parameters "{\"Type\": \"inventory-retrieval\"}" --vault-name YOUR_VAULT_NAME --account-id YOUR_ACCOUNT_ID --region YOUR_REGION

Wait during 3/5 hours… :-(

For the new step you need to get the JobId. When the retrive inventory is done you can get it with the following command: aws glacier list-jobs --vault-name YOUR_VAULT_NAME --region YOUR_REGION

Step 2 / Get the ArchivesIds

$ aws glacier get-job-output --job-id YOUR_JOB_ID --vault-name YOUR_VAULT_NAME --region YOUR_REGION ./output.json

See. Downloading a Vault Inventory in Amazon Glacier

You can get all the ArchiveId in the ./output.json file.

Step 3 / Delete Archives

Powershell

from @vinyar

$input_file_name = 'output.json'
$vault_name = 'my_vault'
# $account_id = 'AFDKFKEKF9EKALD' #not used. using - instead

$a = ConvertFrom-Json $(get-content $input_file_name)

$a.ArchiveList.archiveid | %{
write "executing: aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id -"
aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id - }

Python

from @robweber

ijson, which reads in the file as a stream instead. You can install it with pip

import ijson, subprocess

input_file_name = 'output.json'
vault_name = ''
account_id = ''

f = open(input_file_name)
archive_list = ijson.items(f,'ArchiveList.item')

for archive in archive_list:
    print("Deleting archive " + archive['ArchiveId'])
    command = "aws glacier delete-archive --archive-id='" + archive['ArchiveId'] + "' --vault-name " + vault_name + " --acc$
    subprocess.run(command, shell=True, check=True)

f.close()

PHP

from @Remiii

<?php

$file = './output.json' ;
$accountId = 'YOUR_ACCOUNT_ID' ;
$region = 'YOUR_REGION' ;
$vaultName = 'YOUR_VAULT_NAME' ;

$string = file_get_contents ( $file ) ;
$json = json_decode($string, true ) ;
foreach ( $json [ 'ArchiveList' ] as $jsonArchives )
{
    echo 'Delete Archive: ' . $jsonArchives [ 'ArchiveId' ] . "\n" ;
    exec ( 'aws glacier delete-archive --archive-id="' . $jsonArchives [ 'ArchiveId' ] . '" --vault-name ' . $vaultName . ' --account-id ' . $accountId . ' --region ' . $region , $output ) ;
    echo $output ;
}

Mark: After you delete an archive, if you immediately download the vault inventory, it might include the deleted archive in the list because Amazon Glacier prepares vault inventory only about once a day.

See. Deleting an Archive in Amazon Glacier

Step 4 / Delete a Vault

$ aws glacier delete-vault --vault-name YOUR_VAULT_NAME --account-id YOUR_ACCOUNT_ID --region YOUR_REGION

Gist originally by @Remiii

@BlairLeduc
Copy link

Thank you!

@Shereef
Copy link
Author

Shereef commented Oct 28, 2021

Thank you!

You are most welcome!

@jrgd
Copy link

jrgd commented Apr 21, 2022

that's an awesome compilation of resources; thanks for assembling them in one place!

Side note: I had to adapt this because the files were so big, php wasn't able to open them (maxing out my max); initially I went with the command line

while read in; do aws glacier delete-archive --region REGION --vault-name VAULT_NAME --account-id ACC_ID --archive-id "$in"; echo $in; echo $in >> processed.txt; done < output4

… but then, sometimes, when the archive-id is starting with a dash, bash/zsh will interpret this as an argument, it's standard practice on shell; no combo of "'` or escaping managed to produce a satisfying result. So I went back to PHP but I first sliced the output4 file into smaller chunks of 5k lines; something like:

slice -l5000 output4

I still can't believe there isn't an option to force delete even if not empty 😂 I guess it's a retention trick

update: I also realise just now that the bash one liner uses --archive-id XXX when the PHP script exec with --archive-id="' . $single_id which probably sort out my issue with dash-starting archive_ids …

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment