minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-04-22 19:02:57 +03:00
Code
docs/source/administration/object-management/transition-objects-to-s3.rst
Ravind Kumar d815aa9ce8
Final pass on platformization (#555)
2022-09-16 16:40:20 -04:00

7.6 KiB
Raw Blame History

Transition Objects from MinIO to S3

minio

Table of Contents

The procedure on this page creates a new object lifecycle management rule that transition objects from a MinIO bucket to a remote storage tier on the Amazon Web Services S3 storage backend or an S3-compatible service. This procedure supports use cases such as tiering objects to low-cost or archival storage after a certain time period or calendar date.

Requirements

Install and Configure mc

This procedure uses mc for performing operations on the MinIO cluster. Install mc on a machine with network access to both source and destination clusters. See the mc Installation Quickstart <mc-install> for instructions on downloading and installing mc.

Use the mc alias command to create an alias for the source MinIO cluster. Alias creation requires specifying an access key for a user on the source and destination clusters. The specified users must have permissions <minio-lifecycle-management-transition-to-s3-permissions> for configuring and applying transition operations.

Required MinIO Permissions

MinIO requires the following permissions scoped to the bucket or buckets for which you are creating lifecycle management rules.

  • s3:PutLifecycleConfiguration
  • s3:GetLifecycleConfiguration

MinIO also requires the following administrative permissions on the cluster in which you are creating remote tiers for object transition lifecycle management rules:

  • admin:SetTier
  • admin:ListTier

For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:.

/extra/examples/LifecycleManagementAdmin.json

Required S3 Permissions

Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, MinIO requires the remote tier credentials provide read, write, list, and delete permissions for the remote bucket.

For example, the following policy provides the necessary permission for transitioning objects into and out of the remote tier:

/extra/examples/LifecycleManagementUser.json

Modify the Resource for the bucket into which MinIO tiers objects.

Refer to the Amazon S3 Permissions <service-authorization/latest/reference/list_amazons3.html#amazons3-actions-as-permissions> documentation for more complete guidance on configuring the required permissions.

Considerations

Lifecycle Management Object Scanner

MinIO uses a scanner process to check objects against all configured lifecycle management rules. Slow scanning due to high IO workloads or limited system resources may delay application of lifecycle management rules. See minio-lifecycle-management-scanner for more information.

Exclusive Access to Remote Data

Availability of Remote Data

Procedure

1) Configure User Accounts and Policies for Lifecycle Management

2) Configure the Remote Storage Tier

Use the mc admin tier add command to add an Amazon S3 service as the new remote storage tier:

mc admin tier add s3 TARGET TIER_NAME \
   --endpoint https://HOSTNAME \
   --bucket BUCKET \
   --prefix PREFIX
   --access-key ACCESS_KEY \
   --secret-key SECRET_KEY \
   --region REGION \
   --storage-class STORAGE_CLASS

The example above uses the following arguments:

Argument Description
TARGET <mc admin tier add TARGET> The alias <mc alias> of the MinIO deployment on which to configure the S3 remote tier.
TIER_NAME <mc admin tier add TIER_NAME> The name to associate with the new S3 remote storage tier. Specify the name in all-caps, e.g. S3_TIER. This value is required in the next step.
HOSTNAME <mc admin tier add --endpoint> The URL endpoint for the S3 storage backend.
BUCKET <mc admin tier add --bucket> The name of the bucket on the S3 storage backend to which MinIO transitions objects.

PREFIX <mc admin tier add --prefix>

The optional bucket prefix within which MinIO transitions objects.

MinIO stores all transitioned objects in the specified BUCKET under a unique per-deployment prefix value. Omit this argument to use only that value for isolating and organizing data within the remote storage.

MinIO recommends specifying this optional prefix for remote storage tiers which contain other data, including transitioned objects from other MinIO deployments. This prefix should provide a clear reference back to the source MinIO deployment to faciliate ease of operations related to diagnostics, maintenance, or disaster recovery.
ACCESS_KEY <mc admin tier add --access-key> The S3 access key MinIO uses to access the bucket. The access key must correspond to an IAM user with the required permissions <minio-lifecycle-management-transition-to-s3-permissions-remote>.
SECRET_KEY <mc admin tier add --secret-key> The corresponding secret key for the specified ACCESS_KEY.
REGION <mc admin tier add --region> The AWS S3 region of the specified BUCKET. You can safely omit this option if the HOSTNAME includes the region.
STORAGE_CLASS <mc admin tier add --storage-class> The S3 storage class to which MinIO transitions objects. Specify one of the following supported storage classes:
  • STANDARD
  • REDUCED

3) Create and Apply the Transition Rule

4) Verify the Transition Rule

Use the mc ilm ls command to review the configured transition rules:

mc ilm ls ALIAS/PATH --transition
  • Replace ALIAS <mc ilm ls ALIAS> with the alias <mc alias> of the MinIO deployment.
  • Replace PATH <mc ilm ls ALIAS> with the name of the bucket for which to retrieve the configured lifecycle management rules.