Documentation

mc ilm rule

Changed in version RELEASE.2022-12-24T15-21-38Z: The following commands have moved to subcommands under mc ilm rule:

Description

The mc ilm rule command and its subcommands configure the rules used to transition objects between storage tiers in MinIO’s Lifecycle Management.

Before creating rules with this command, use mc ilm tier and its subcommands to create the tier or tiers of other object storage locations where objects move.

For more information, see the overview of lifecycle management.

Subcommands

mc ilm rule includes the following subcommands:

Subcommand

Description

add

The mc ilm rule add command adds an object lifecycle management rule to a bucket.

edit

The mc ilm rule edit command modifies an existing object lifecycle management rule on a MinIO bucket.

export

The mc ilm rule export command exports the object lifecycle management configuration for a MinIO bucket.

import

The mc ilm rule import command imports an object lifecycle management configuration and applies it to a MinIO bucket.

ls

The mc ilm rule ls command summarizes all configured object lifecycle management rules on a MinIO bucket in a tabular format.

rm

The mc ilm rule rm command removes an object lifecycle management rule from a MinIO Bucket.

Permissions

MinIO requires the following permissions scoped to to the bucket or buckets for which you create lifecycle management rules.

For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:.

{
   "Version": "2012-10-17",
   "Statement": [
      {
            "Action": [
               "admin:SetTier",
               "admin:ListTier"
            ],
            "Effect": "Allow",
            "Sid": "EnableRemoteTierManagement"
      },
      {
            "Action": [
               "s3:PutLifecycleConfiguration",
               "s3:GetLifecycleConfiguration"
            ],
            "Resource": [
                        "arn:aws:s3:::*"
            ],
            "Effect": "Allow",
            "Sid": "EnableLifecycleManagementRules"
      }
   ]
}

Transition Permissions

Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, MinIO requires the remote tier credentials provide read, write, list, and delete permissions.

For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permission for transitioning objects into and out of the remote tier:

{
   "Version": "2012-10-17",
   "Statement": [
      {
            "Action": [
               "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
               "arn:aws:s3:::MyDestinationBucket"
            ],
            "Sid": ""
      },
      {
            "Action": [
               "s3:GetObject",
               "s3:PutObject",
               "s3:DeleteObject"
            ],
            "Effect": "Allow",
            "Resource": [
               "arn:aws:s3:::MyDestinationBucket/*"
            ],
            "Sid": ""
      }
   ]
}

Modify the Resource for the bucket into which MinIO tiers objects.

Defer to the documentation for the supported tiering targets for more complete information on configuring users and permissions to support MinIO tiering: