mc ilm rule

Description

The mc ilm rule command and its subcommands configure the rules used to transition objects between storage tiers in MinIO’s Lifecycle Management.

Before creating rules with this command, use mc ilm tier and its subcommands to create the tier or tiers of other object storage locations where objects move.

For more information, see the overview of lifecycle management.

Subcommands

mc ilm rule includes the following subcommands:

Subcommand	Description
`add`	Add an object lifecycle management rule to a bucket.
`edit`	Modify an existing object lifecycle management rule on a AIStor bucket.
`export`	Export the object lifecycle management configuration for a AIStor bucket.
`import`	Import an object lifecycle management configuration and apply it to a AIStor bucket.
`ls`	Summarize all configured object lifecycle management rules on a AIStor bucket in a tabular format.
`rm`	Remove an object lifecycle management rule from a AIStor bucket.

Permissions

AIStor requires the following permissions scoped to to the bucket or buckets for which you create lifecycle management rules.

For example, the following policy provides permission for configuring object transition lifecycle management rules on any bucket in the cluster:

{
   "Version": "2012-10-17",
   "Statement": [
      {
            "Action": [
               "admin:SetTier",
               "admin:ListTier"
            ],
            "Effect": "Allow",
            "Sid": "EnableRemoteTierManagement"
      },
      {
            "Action": [
               "s3:PutLifecycleConfiguration",
               "s3:GetLifecycleConfiguration"
            ],
            "Resource": [
                        "arn:aws:s3:::*"
            ],
            "Effect": "Allow",
            "Sid": "EnableLifecycleManagementRules"
      }
   ]
}

Transition Permissions

Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, AIStor requires the remote tier credentials provide read, write, list, and delete permissions. For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permission for transitioning objects into and out of the remote tier:

{
   "Version": "2012-10-17",
   "Statement": [
      {
            "Action": [
               "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
               "arn:aws:s3:::MyDestinationBucket"
            ],
            "Sid": ""
      },
      {
            "Action": [
               "s3:GetObject",
               "s3:PutObject",
               "s3:DeleteObject"
            ],
            "Effect": "Allow",
            "Resource": [
               "arn:aws:s3:::MyDestinationBucket/*"
            ],
            "Sid": ""
      }
   ]
}

Modify the Resource for the bucket into which AIStor tiers objects.

Defer to the documentation for the supported tiering targets for more complete information on configuring users and permissions to support AIStor tiering: