.. _minio-lifecycle-management-transition-to-azure: ====================================== Transition Objects from MinIO to Azure ====================================== .. default-domain:: minio .. contents:: Table of Contents :local: :depth: 2 The procedure on this page creates a new object lifecycle management rule that transition objects from a MinIO bucket to a remote storage tier on the :abbr:`Azure (Microsoft Azure)` storage backend. This procedure supports use cases like moving aged data to low-cost public cloud storage solutions after a certain time period or calendar date. .. todo: diagram Requirements ------------ Install and Configure ``mc`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This procedure uses :mc:`mc` for performing operations on the MinIO cluster. Install :mc:`mc` on a machine with network access to both source and destination clusters. See the ``mc`` :ref:`Installation Quickstart ` for instructions on downloading and installing ``mc``. Use the :mc:`mc alias` command to create an alias for the source MinIO cluster. Alias creation requires specifying an access key for a user on the source and destination clusters. The specified users must have :ref:`permissions ` for configuring and applying transition operations. .. _minio-lifecycle-management-transition-to-azure-permissions: Required MinIO Permissions ~~~~~~~~~~~~~~~~~~~~~~~~~~ MinIO requires the following permissions scoped to the bucket or buckets for which you are creating lifecycle management rules. - :policy-action:`s3:PutLifecycleConfiguration` - :policy-action:`s3:GetLifecycleConfiguration` MinIO also requires the following administrative permissions on the cluster in which you are creating remote tiers for object transition lifecycle management rules: - :policy-action:`admin:SetTier` - :policy-action:`admin:ListTier` For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:. .. literalinclude:: /extra/examples/LifecycleManagementAdmin.json :language: json :class: copyable .. _minio-lifecycle-management-transition-to-azure-permissions-remote: Required Azure Permissions ~~~~~~~~~~~~~~~~~~~~~~~~~~ Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, MinIO requires the :abbr:`Azure (Microsoft Azure)` credentials provide read, write, list, and delete permissions for the remote bucket. Refer to the `Azure RBAC `__ documentation for more complete guidance on configuring the required permissions. Considerations -------------- Exclusive Access to Remote Data ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. include:: /includes/common-minio-tiering.rst :start-after: start-transition-bucket-access-desc :end-before: end-transition-bucket-access-desc .. important:: MinIO does *not* support changing the account name associated to an Azure remote tier. Azure storage backends are tied to the account, such that changing the account would change the storage backend and prevent access to any objects transitioned to the original account/backend. Please contact `MinIO Support `__ if you need situation-specific guidance around configuring Azure remote tiers. Availability of Remote Data ~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. include:: /includes/common-minio-tiering.rst :start-after: start-transition-data-loss-desc :end-before: end-transition-data-loss-desc Procedure --------- 1) Configure User Accounts and Policies for Lifecycle Management ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. |permissions| replace:: :ref:`permissions ` .. include:: /includes/common-minio-tiering.rst :start-after: start-create-transition-user-desc :end-before: end-create-transition-user-desc 2) Configure the Remote Storage Tier ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Use the :mc-cmd:`mc admin tier add` command to add a new remote storage tier: .. code-block:: shell :class: copyable mc admin tier add azure TARGET TIER_NAME \ --endpoint https://HOSTNAME --bucket BUCKET \ --prefix PREFIX --account-name ACCOUNT \ --account-key KEY \ --region REGION The example above uses the following arguments: .. list-table:: :header-rows: 1 :widths: 30 70 :width: 100% * - Argument - Description * - :mc-cmd:`TARGET ` - The :mc:`alias ` of the MinIO deployment on which to configure the remote tier. * - :mc-cmd:`TIER_NAME ` - The name to associate with the new :abbr:`Azure (Microsoft Azure)` blob remote storage tier. Specify the name in all-caps, e.g. ``AZURE_TIER``. This value is required in the next step. * - :mc-cmd:`HOSTNAME ` - The URL endpoint for the :abbr:`Azure (Microsoft Azure)` storage backend. * - :mc-cmd:`BUCKET ` - The name of the bucket on the :abbr:`Azure (Microsoft Azure)` storage backend to which MinIO transitions objects. * - :mc-cmd:`PREFIX ` - The optional bucket prefix within which MinIO transitions objects. MinIO stores all transitioned objects in the specified ``BUCKET`` under a unique per-deployment prefix value. Omit this argument to use only that value for isolating and organizing data within the remote storage. MinIO recommends specifying this optional prefix for remote storage tiers which contain other data, including transitioned objects from other MinIO deployments. This prefix should provide a clear reference back to the source MinIO deployment to faciliate ease of operations related to diagnostics, maintenance, or disaster recovery. * - :mc-cmd:`ACCOUNT ` - The account name MinIO uses to access the bucket. The account name *must* correspond to an :abbr:`Azure (Microsoft Azure)` user with the required :ref:`permissions `. You cannot change this account name after creating the tier. * - :mc-cmd:`KEY ` - The corresponding key for the specified ``ACCOUNT``. * - :mc-cmd:`REGION ` - The :abbr:`Azure (Microsoft Azure)` blob storage region of the specified ``BUCKET``. You can safely omit this option if the ``HOSTNAME`` includes the region. 3) Create and Apply the Transition Rule ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .. include:: /includes/common-minio-tiering.rst :start-after: start-create-transition-rule-desc :end-before: end-create-transition-rule-desc 4) Verify the Transition Rule ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Use the :mc:`mc ilm ls` command to review the configured transition rules: .. code-block:: shell :class: copyable mc ilm ls ALIAS/PATH --transition - Replace :mc-cmd:`ALIAS ` with the :mc:`alias ` of the MinIO deployment. - Replace :mc-cmd:`PATH ` with the name of the bucket for which to retrieve the configured lifecycle management rules.