mc ilm tier

Description

The mc ilm tier command and its subcommands configure a remote supported S3-compatible service for AIStor Lifecycle Management: Object Transition (“Tiering”).

After creating one or more tiers with this command, use mc ilm rule and its subcommands to create the rules that move objects to other storage.

For more information, see the overview of lifecycle management.

Subcommands

mc ilm tier includes the following subcommands:

Subcommand	Description
`add`	Create a new remote storage tier to a supported storage service.
`check`	Display the configuration for a remote tier on a deployment.
`info`	Output statistics about a tier or all tiers for a deployment.
`ls`	Show the remote tiers configured on a deployment.
`rm`	Remove a remote tier that has not been used to transition any objects.
`update`	Modify an existing configured remote tier.

Required Permissions

To create tiers for object transition, AIStor requires the following administrative permissions on the cluster:

For example, the following policy provides sufficient permissions for configuring object transition lifecycle management rules on any bucket in the cluster:

{
   "Version": "2012-10-17",
   "Statement": [
      {
            "Action": [
               "admin:SetTier",
               "admin:ListTier"
            ],
            "Effect": "Allow",
            "Sid": "EnableRemoteTierManagement"
      },
      {
            "Action": [
               "s3:PutLifecycleConfiguration",
               "s3:GetLifecycleConfiguration"
            ],
            "Resource": [
                        "arn:aws:s3:::*"
            ],
            "Effect": "Allow",
            "Sid": "EnableLifecycleManagementRules"
      }
   ]
}

Transition Permissions

Object transition lifecycle management rules require additional permissions on the remote storage tier. Specifically, AIStor requires the remote tier credentials provide read, write, list, and delete permissions.

For example, if the remote storage tier implements AWS IAM policy-based access control, the following policy provides the necessary permissions for transitioning objects into and out of the remote tier:

{
   "Version": "2012-10-17",
   "Statement": [
      {
            "Action": [
               "s3:ListBucket"
            ],
            "Effect": "Allow",
            "Resource": [
               "arn:aws:s3:::MyDestinationBucket"
            ],
            "Sid": ""
      },
      {
            "Action": [
               "s3:GetObject",
               "s3:PutObject",
               "s3:DeleteObject"
            ],
            "Effect": "Allow",
            "Resource": [
               "arn:aws:s3:::MyDestinationBucket/*"
            ],
            "Sid": ""
      }
   ]
}

Modify the Resource for the bucket into which AIStor tiers objects.

Defer to the documentation for the supported tiering targets for more complete information on configuring users and permissions to support AIStor tiering: