minio/docs

mirror of https://github.com/minio/docs.git synced 2025-09-13 04:26:43 +03:00

Files

Andrea Longo c5b43238d6 Remote tier needs DeleteObjectVersion if remote bucket is versioned (#1089 )

If the remote tier bucket is versioned, MinIO requires additional
permissions to successfully transition objects. But it is not
recommended, as each object version becomes a distinct object on the
remote tier.

This is not new, it was omitted from the docs. Mention, but discourage.

Staged:

http://192.241.195.202:9000/staging/DOCS-1016/linux/reference/minio-mc/mc-ilm-tier.html#transition-permissions

Fixes https://github.com/minio/docs/issues/1016

---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>

2024-01-03 16:52:11 -07:00

4.5 KiB

Raw Permalink Blame History

`mc ilm tier`

minio

Table of Contents

mc ilm tier

RELEASE.2022-12-24T15-21-38Z

mc ilm tier replaces mc admin tier.

Description

The mc ilm tier command and its subcommands configure a remote supported S3-compatible service for MinIO Lifecycle Management: Object Transition ("Tiering") <minio-lifecycle-management-expiration>.

After creating one or more tiers with this command, use mc ilm rule and its subcommands to create the rules that move objects to other storage.

For more information, see the overview of lifecycle management <minio-lifecycle-management>.

Subcommands

mc ilm tier includes the following subcommands:

Subcommand	Description
`~mc ilm tier add`
`~mc ilm tier check`
`~mc ilm tier info`
`~mc ilm tier ls`
`~mc ilm tier rm`
`~mc ilm tier update`

Required Permissions

To create tiers for object transition, MinIO requires the following administrative permissions on the cluster:

admin:SetTier
admin:ListTier

For example, the following policy provides sufficient permissions for configuring object transition lifecycle management rules on any bucket in the cluster:

/extra/examples/LifecycleManagementAdmin.json

Transition Permissions

Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, MinIO requires the remote tier credentials provide read, write, list, and delete permissions.

For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permissions for transitioning objects into and out of the remote tier:

/extra/examples/LifecycleManagementUser.json

Modify the Resource for the bucket into which MinIO tiers objects.

Avoid enabling versioning in the remote tier

MinIO strongly recommends against enabling bucket versioning for remote tiers. If the remote tier bucket is versioned, each source object version is transitioned to a unique object in the remote tier.

If your environment requires versioning for the remote tier, you must also allow the s3:DeleteObjectVersion permission.

Defer to the documentation for the supported tiering targets for more complete information on configuring users and permissions to support MinIO tiering:

Amazon S3 Permissions <service-authorization/latest/reference/list_amazons3.html#amazons3-actions-as-permissions>
Google Cloud Storage Access Control
Authorizing access to data in Azure storage

/reference/minio-mc/mc-ilm-tier-add /reference/minio-mc/mc-ilm-tier-check /reference/minio-mc/mc-ilm-tier-info /reference/minio-mc/mc-ilm-tier-ls /reference/minio-mc/mc-ilm-tier-rm /reference/minio-mc/mc-ilm-tier-update