#!/bin/bash if [ ! -f $1 ]; then echo "You must first prepare the manifest, which is a csv with content :" exit 1 fi cat < trust-policy.json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "batchoperations.s3.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF # Create batch restore role aws iam create-role \ --role-name S3BatchRestoreRole \ --description "S3 batch restore role" \ --assume-role-policy-document file://trust-policy.json aws iam attach-role-policy \ --role-name S3BatchRestoreRole \ --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess # Create manufest bucket and copy manifest over MANIFEST_BUCKET="deep-archive-restore-batch-$(uuid)" aws s3 mb s3://$MANIFEST_BUCKET aws s3 cp $1 s3://$MANIFEST_BUCKET/ echo "Uploaded manifest to s3://$MANIFEST_BUCKET/objectlist.csv" # Build input json parameters etag=$(aws s3api list-objects --bucket $MANIFEST_BUCKET --prefix objectlist.csv | jq -cr .Contents[].ETag | tr -d \") jo -p Spec="$(jo -p Format=S3BatchOperations_CSV_20180820 Fields=$(jo -a Bucket Key))" Location="$(jo -p ObjectArn=arn:aws:s3:::$MANIFEST_BUCKET/objectlist.csv ETag=$etag)" > /tmp/manifest.json jo Bucket=arn:aws:s3:::$MANIFEST_BUCKET Prefix=batch-reports Format=Report_CSV_20180820 Enabled=true ReportScope=AllTasks > /tmp/report.json # Submit batch restore job ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) jobid=```aws s3control create-job \ --account-id $ACCOUNT_ID \ --operation '{"S3InitiateRestoreObject": {"ExpirationInDays": 14, "GlacierJobTier": "STANDARD"}}' \ --manifest file:///tmp/manifest.json \ --report file:///tmp/report.json \ --role-arn arn:aws:iam::$ACCOUNT_ID:role/S3BatchRestoreRole \ --description "Restore objects from Deep Archive" \ --priority 10 \ --region ap-east-1 | jq -cr .JobId``` sleep 5 # Approve job $jobid aws s3control update-job-status \ --account-id $ACCOUNT_ID \ --job-id $jobid \ --requested-job-status Ready echo "To delete the manifest bucket:" echo "aws s3 rb s3://$MANIFEST_BUCKET --force"