How to delete Vault (AWS Glacier) 🗻

README.md

How to delete Vault (AWS Glacier)

This Gist give some tips in order to remove AWS Glacier Vault with AWS CLI (ie. https://aws.amazon.com/en/cli/).

Step 1 / Retrive inventory

$ aws glacier initiate-job --job-parameters '{"Type": "inventory-retrieval"}' --vault-name YOUR_VAULT_NAME --account-id YOUR_ACCOUNT_ID --region YOUR_REGION

Wait during 3/5 hours… :-(

For the new step you need to get the JobId. When the retrive inventory is done you can get it with the following command: aws glacier list-jobs --vault-name YOUR_VAULT_NAME --region YOUR_REGION

Step 2 / Get the ArchivesIds

$ aws glacier get-job-output --job-id YOUR_JOB_ID --vault-name YOUR_VAULT_NAME --region YOUR_REGION ./output.json

See. Downloading a Vault Inventory in Amazon Glacier

You can get all the ArchiveId in the ./output.json file.

Step 3 / Delete Archives

PHP Version

<?php

$file = './output.json' ;
$accountId = 'YOUR_ACCOUNT_ID' ;
$region = 'YOUR_REGION' ;
$vaultName = 'YOUR_VAULT_NAME' ;

$string = file_get_contents ( $file ) ;
$json = json_decode($string, true ) ;
foreach ( $json [ 'ArchiveList' ] as $jsonArchives )
{
    echo 'Delete Archive: ' . $jsonArchives [ 'ArchiveId' ] . "\n" ;
    exec ( 'aws glacier delete-archive --archive-id="' . $jsonArchives [ 'ArchiveId' ] . '" --vault-name ' . $vaultName . ' --account-id ' . $accountId . ' --region ' . $region , $output ) ;
    echo $output ;
}

Python version

import json, subprocess

input_file_name = './output.json'
account_id = 'YOUR_ACCOUNT_ID'
region = 'YOUR_REGION'
vault_name = 'YOUR_VAULT_NAME'

with open(input_file_name) as f:
    json_string = f.read()

parsed_json = json.loads(json_string)
archive_list = parsed_json['ArchiveList']

for archive in archive_list:
    print("Deleting archive " + archive['ArchiveId'])
    command = "aws glacier delete-archive --archive-id='" + archive['ArchiveId'] + "' --vault-name " + vault_name + " --account-id " + account_id + " --region " + region
    subprocess.run(command, shell=True, check=True)

Bash version

A Bash version is available here: https://gist.github.com/veuncent/ac21ae8131f24d3971a621fac0d95be5

Powersheel version

$input_file_name = 'output.json'
$vault_name = 'my_vault'
# $account_id = 'AFDKFKEKF9EKALD' #not used. using - instead

$a = ConvertFrom-Json $(get-content $input_file_name)

$a.ArchiveList.archiveid | %{
write "executing: aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id -"
aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id - }

Mark: After you delete an archive, if you immediately download the vault inventory, it might include the deleted archive in the list because Amazon Glacier prepares vault inventory only about once a day.

See. Deleting an Archive in Amazon Glacier

Step 4 / Delete a Vault

$ aws glacier delete-vault --vault-name YOUR_VAULT_NAME --account-id YOUR_ACCOUNT_ID --region YOUR_REGION

Just a little note:
for list-jobs and get-job-output, one needs to type account-id, too.

Thank you.

For Step 3, I rewrote this in Python in case anyone wants it!

import json, subprocess

input_file_name = 'output.json'
vault_name = 'xxx'
account_id = 'xxx'

with open(input_file_name) as f:
    json_string = f.read()

parsed_json = json.loads(json_string)
archive_list = parsed_json['ArchiveList']

for archive in archive_list:
    print("Deleting archive " + archive['ArchiveId'])
    command = "aws glacier delete-archive --archive-id='" + archive['ArchiveId'] + "' --vault-name " + vault_name + " --account-id " + account_id
    subprocess.run(command, shell=True, check=True)

That Python script needs the region added to it otherwise it can fail.

Thanks for this great tutorial!
I created a version in Bash: https://gist.github.com/veuncent/ac21ae8131f24d3971a621fac0d95be5

Thanks for this. I had one issue, my output file was huge, like over 1GB. The python file listed above was bombing out trying to read the whole thing into memory. I found a python library called ijson, which read in the file as a stream instead. You can install it with pip, my modified python code is:

import ijson, subprocess

input_file_name = 'output.json'
vault_name = ''
account_id = ''

f = open(input_file_name)
archive_list = ijson.items(f,'ArchiveList.item')

for archive in archive_list:
    print("Deleting archive " + archive['ArchiveId'])
    command = "aws glacier delete-archive --archive-id='" + archive['ArchiveId'] + "' --vault-name " + vault_name + " --acc$
    subprocess.run(command, shell=True, check=True)

f.close()

Thanks all for your messages. And sorry for the delay in my answer, Github don't send any alert when somebody comment on a Gist (isaacs/github#21). :-(

to whom is interested, I did a small python scripts here that guides the user to accomplish this, look on the glacier folder

I am getting this error: Could not connect to the endpoint URL:... I think I'm having trouble properly defining my --region. it's 'N.Virginia'.. but i'm not sure whether i need the dot, or don't need to dot or whether I should be writing 'us-east-1' or' n-virginia' or what. I desperately need to get the hang of deleting some glacier vaults so any help would be appreciated.

Thank you ! This is awesome. I do not understand why it is so complicated to just delete a vault.

Powershell version:

$input_file_name = 'output.json'
$vault_name = 'my_vault'
# $account_id = 'AFDKFKEKF9EKALD' #not used. using - instead

$a = ConvertFrom-Json $(get-content $input_file_name)

$a.ArchiveList.archiveid | %{
write "executing: aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id -"
aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id - }

Has anyone encountered this error after running for an hour An error occurred (ExpiredTokenException) when calling the DeleteArchive operation: The security token included in the request is expired?

@robweber this worked great for me. I did have to add region and account-id but so far so good. Thanks for your contribution.

For massive vaults it would probably be great to have a multi-threaded version.

exactly what i was looking for. very useful!!!

Thanks, it works.

In my case Step 1 failed so it was slightly modified to use the external file:
... --region xxxxx --job-parameters file: //aws-json.txt
where file aws-json.txt contains
{
"Type": "inventory-retrieval"
}
Also Step 3 generated the error:
php LookupError: unknown encoding: cp65001
not sure why (I ran it in Win 7) however it works in Ubuntu

Thanks again

aws glacier initiate-job --job-parameters "{\"Type\": \"inventory-retrieval\"}"......etc

works for me

Powershell version:

$input_file_name = 'output.json'
$vault_name = 'my_vault'
# $account_id = 'AFDKFKEKF9EKALD' #not used. using - instead

$a = ConvertFrom-Json $(get-content $input_file_name)

$a.ArchiveList.archiveid | %{
write "executing: aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id -"
aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id - }

You rock!

...and after two days waiting I got this when tryied deletion:

An error occurred (InvalidParameterValueException) when calling the DeleteVault operation: Vault not empty or recently written to: arn:aws:glacier:eu-west-1:XXXXXXXX:vaults/Koti

Any ideas?

@eksiscloud : the vault must be empty before deleting it...

@remii I know that. But why the vault wasn't empty is the question. I followed all the steps but I had to do it three times before I could remove it. So, is there something I don't understand now? That vault wasn't awfull big, just a bit over 800Gb

@eksiscloud I don't have any clue

Here's a better Ruby script snippet (since the "ruby" above isn't ruby):

glacier = Aws::Glacier::Client.new(:access_key_id => access_key, :secret_access_key => secret_key)
parsed_json = JSON.parse(json_string)
archive_list = parsed_json['ArchiveList']
archive_list.each do |archive|
  archive_id = archive['ArchiveId']
  resp = glacier.delete_archive({
     account_id: account_id, 
     archive_id: archive_id, 
     vault_name: vault_name, 
  })
end

Agree with jheitzeb. The "ruby" script you have posted is a python script.

Yep... typo sorry. It's fixed.

thanks !

Thanks for this!

very useful, thank you!

Powershell version:

$input_file_name = 'output.json'
$vault_name = 'my_vault'
# $account_id = 'AFDKFKEKF9EKALD' #not used. using - instead

$a = ConvertFrom-Json $(get-content $input_file_name)

$a.ArchiveList.archiveid | %{
write "executing: aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id -"
aws glacier delete-archive --archive-id=$_ --vault-name $vault_name --account-id - }

Thank you for this, but just to confirm, we do not need to fill in our account id? Thanks again.

@rikachu225 Yep.

Thank you for the script. It helped me!

I would recommend using https://github.com/leeroybrun/glacier-vault-remove

It's really quick in comparison with removing each archive one-by-one