mc ilm rule
Changed in version RELEASE.2022-12-24T15-21-38Z: The following commands have moved to subcommands under mc ilm rule
:
Description
The mc ilm rule
command and its subcommands configure the rules used to transition objects between storage tiers in MinIO’s Lifecycle Management.
Before creating rules with this command, use mc ilm tier
and its subcommands to create the tier or tiers of other object storage locations where objects move.
For more information, see the overview of lifecycle management.
Subcommands
mc ilm rule
includes the following subcommands:
Subcommand |
Description |
---|---|
The |
|
The |
|
The |
|
The |
|
The |
|
The |
Permissions
MinIO requires the following permissions scoped to to the bucket or buckets for which you create lifecycle management rules.
For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"admin:SetTier",
"admin:ListTier"
],
"Effect": "Allow",
"Sid": "EnableRemoteTierManagement"
},
{
"Action": [
"s3:PutLifecycleConfiguration",
"s3:GetLifecycleConfiguration"
],
"Resource": [
"arn:aws:s3:::*"
],
"Effect": "Allow",
"Sid": "EnableLifecycleManagementRules"
}
]
}
Transition Permissions
Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, MinIO requires the remote tier credentials provide read, write, list, and delete permissions.
For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permission for transitioning objects into and out of the remote tier:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::MyDestinationBucket"
],
"Sid": ""
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::MyDestinationBucket/*"
],
"Sid": ""
}
]
}
Modify the Resource
for the bucket into which MinIO tiers objects.
Defer to the documentation for the supported tiering targets for more complete information on configuring users and permissions to support MinIO tiering: