As you may have realized, it’s not possible to delete Glacier vaults from the AWS S3 Glacier management console
. The purpose of this article is to provide a walk through for getting rid of Glacier vaults, and address the below issues that you may encounter in the process.
Errors this article will help you solve:
- “Error deleting vault – vault not empty or recently written too”
- “Unknown options: inventory-retrieval}”
- “The job is not currently available for download”
- Now that I have finally have an output.json file, how do I delete everything?
You’ll need to have the following handy:
- AWS Access Key
- AWS Secret Key
- Default region name.
Everything you need for that should all be available under the Identify Access Management (IAM) console in AWS which you hopefully have documented somewhere. If not, it’s a relatively straightforward process to create a new account and assign it access to Glacier (the AWS Access key is in the Security Credentials tab), and document your Secret key, etc.
Assuming that’s all sorted out, AWS provides a template for Deleting an Archives in Glacier
. One of the first issues you may encounter is the “Unknown options: inventory-retrieval}
” error, which Chris documents in his blog post
. Essentially, create a file aws-json.txt with the following:
You’ll then be able to run the command:
aws glacier initiate-job --vault-name VAULT-NAME --account-id AccountID1234 --job-parameters file://aws-json.txt
This will produce some json output which will include the job-id you’ll need for the next command.
aws glacier describe-job --vault-name VAULT-name --account-id AccountID1234 --job-id "longstring"
The inventory process will likley take several hours to complete. As a result, if you run the below command before it’s has been completed you’ll get an error message to the effect of “The job is not currently available for download”
aws glacier get-job-output --vault-name VAULT-NAME --account-id AccountID1234 --job-id "insert-long-string-here" output.json
This will produce a file called output.json which will have all of the archive IDs you need to delete. In my case, I had over 75k archive IDs that needed to deleted before the vault could be deleted. Conveniently, BytesAndBolts has a delete-aws-glacier-archives
script that will take precisely that output, and loop through deleting the archives. Be aware, that this may take many hours to complete (in my case about 30 hours).
You’ll just need to edit the python script filling in the below lines before you run it:
Now you just be able to run it via Python…
You can finally delete the vault:
After you run it, the script will start looping through the records and deleting everything… returned value: 0 indicates the command was successful. After the script runs (I took about 30 hours to run against one of my vaults), go back to the AWS console and the size of the vault in question should now be empty and ready to delete.
Get Free Email Updates!
If you liked this article, you’ll LOVE the newsletter
Sign-up for the newsletter, and we’ll send you useful and exclusive content that doesn’t get posted to the site. No spam. Ever. Unsubscribe at any time.