This topic describes the operations that you must perform before you migrate data.
Step 1: Estimate the amount of data to be migrated
Estimate the size and number of files to be migrated. You can view the size and number of files to be migrated in the Object Storage Service (OSS) console.
To ensure a successful migration, you must specify valid values for the size and number of files when you create a migration job.
Step 2: Restore data in the source bucket
Before you create a migration task to migrate data of the Archive storage class, you must manually restore the data. Take note of the following items when you restore the data:
Before you create a source data address and a migration task, make sure that data of the Archive storage class is restored.
Specify the number of days during which the restored data remains in the restored state based on the amount of data that you want to migrate. This can prevent data from entering the archived state during data migration.
You may be charged for the restoration operation. The fee may be relatively high. For more information about the billing methods, contact the service provider that offers the source bucket.
Data Online Migration does not restore data in archived files at the source data address during data migration. The files that are not restored or are being restored cannot be migrated.
Step 3: Create a destination bucket
Create a destination bucket in the OSS console to store the migrated data. For more information, see Create a bucket.
Step 4: Create a RAM user that is used to migrate data
- Log on to the Resource Access Management (RAM) console.
- In the left-side navigation pane, choose .
- On the Users page, click Create User.
- In the User Account Information section of the Create User page, configure the Logon Name and Display Name parameters.
- In the Access Mode section, select Console Access and OpenAPI Access. Then, save the generated logon name, password, AccessKey ID, and AccessKey secret.
- Console Access: If you select this option, you must configure the console password, password reset settings, and multi-factor authentication (MFA) settings.
- OpenAPI Access: If you select this option, an AccessKey pair is automatically created for the RAM user. The RAM user can call API operations or use other development tools to access Alibaba Cloud resources.
Note If you need to migrate data across accounts, you must save the logon name, password, AccessKey ID, and AccessKey secret that are generated for each RAM user by the corresponding Alibaba Cloud account. - After the RAM user is created, go to the Users page. Find the RAM user that you want to manage and click Add Permissions in the column to grant the RAM user the AliyunOSSFullAccess permissions.
- In the left-side navigation pane, click Overview.
- On the page that appears, navigate to the Account Management section and click the link under RAM user logon. On the page that appears, enter the logon name and password of the RAM user to log on to the Alibaba Cloud Management Console.
Step 5: Grant permissions to the RAM user
After the RAM user is created, go to the Users page in the RAM console. Find the RAM user that you want to manage and click Add Permissions in the Actions column to grant permissions to the RAM user. Grant the required permissions to the RAM user based on the migration scenario.
Migrate data within the same Alibaba Cloud account
If you want to migrate data within the same Alibaba Cloud account, you must grant the following permissions to the RAM user:
System policy: AliyunMGWFullAccess, which grants full permissions on Data Transport
Custom policies:
Grant the RAM user the permissions to list and read all resources in the source bucket
NoteThe following policy is for reference only. Replace
mybucket
with the name of the source bucket.For more information about RAM policies for OSS, see Common examples of RAM policies.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": "oss:ListObjects", "Resource": [ "acs:oss:*:*:mybucket", "acs:oss:*:*:mybucket/*" ] }, { "Effect": "Allow", "Action": "oss:GetObject", "Resource": [ "acs:oss:*:*:mybucket", "acs:oss:*:*:mybucket/*" ] } ] }
Grant the RAM user full permissions on the destination bucket
NoteThe following policy is for reference only. Replace
mybucket
with the name of the destination bucket.For more information about RAM policies for OSS, see Common examples of RAM policies.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": "oss:*", "Resource": [ "acs:oss:*:*:mybucket", "acs:oss:*:*:mybucket/*" ] } ] }
Migrate data across Alibaba Cloud accounts
If you want to migrate data across Alibaba Cloud accounts, you must grant the following permissions to the RAM users:
RAM user that is created within the source Alibaba Cloud account
System policy: AliyunMGWFullAccess, which grants full permissions on Data Transport
Custom policy:
Grant the RAM user the permissions to list and read all resources in the source bucket
NoteThe following policy is for reference only. Replace
mybucket
with the name of the source bucket.For more information about RAM policies for OSS, see Common examples of RAM policies.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": "oss:ListObjects", "Resource": [ "acs:oss:*:*:mybucket", "acs:oss:*:*:mybucket/*" ] }, { "Effect": "Allow", "Action": "oss:GetObject", "Resource": [ "acs:oss:*:*:mybucket", "acs:oss:*:*:mybucket/*" ] } ] }
RAM user that is created within the destination Alibaba Cloud account
System policy: AliyunMGWFullAccess, which grants full permissions on Data Transport
Custom policy:
Grant the RAM user full permissions on the destination bucket
NoteThe following policy is for reference only. Replace
mybucket
with the name of the destination bucket.For more information about RAM policies for OSS, see Common examples of RAM policies.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": "oss:*", "Resource": [ "acs:oss:*:*:mybucket", "acs:oss:*:*:mybucket/*" ] } ] }