Lifecycle ILM tier with MinIO - cesnietor/dev-docs GitHub Wiki

Transition Objects to Remote MinIO Deployment

Docs https://min.io/docs/minio/linux/administration/object-management/transition-objects-to-minio.html#required-remote-minio-permissions

Steps:

Policy for Source

cat > lifecyclepolicy.json << EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EnableRemoteTierManagement",
            "Effect": "Allow",
            "Action": [
                "admin:ListTier",
                "admin:SetTier"
            ]
        },
        {
            "Sid": "EnableLifecycleManagementRules",
            "Effect": "Allow",
            "Action": [
                "s3:GetLifecycleConfiguration",
                "s3:PutLifecycleConfiguration"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}
EOF

Create user with right permissions for the source

mc admin user add myminio myminiolifecycle myminiolifecycle123
mc admin policy create myminio LifecycleAdminPolicy lifecyclepolicy.json
mc admin policy attach myminio LifecycleAdminPolicy --user myminiolifecycle

Create versioned bucket in source server (e.g. versionedbucket) Create bucket in TARGET (e.g. running in 9002) server (e.g buckettarget) Add user for Target with right permissions as specified in https://min.io/docs/minio/linux/administration/object-management/transition-objects-to-minio.html#required-remote-minio-permissions

cat > lifecyclepolicyRemote.json << EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::buckettarget"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::buckettarget/*"
            ]
        }
    ]
}
EOF

mc admin user add remoteAlias remotelifecycleuser remotelifecycleuser123
mc admin policy create remoteAlias LifeCycleRemotePolicy lifecyclepolicyRemote.json
mc admin policy attach remoteAlias LifeCycleRemotePolicy --user remotelifecycleuser

Add new alias using credentials created for lifecycle user which already has the proper permissions in source server.

mc alias set myminiolifecycle http://localhost:9000 myminiolifecycle myminiolifecycle123

Add TIER using new alias

mc ilm tier add minio myminiolifecycle HOT-TIER --endpoint http://localhost:9002 --access-key remotelifecycleuser --secret-key remotelifecycleuser123 --bucket buckettarget

ADD rule

mc ilm rule add myminiolifecycle/versionedbucket --transition-tier HOT-TIER --transition-days 0

That's it new objects created in source bucket will be passed to target bucket