Preparations - Data Online Migration - Alibaba Cloud Documentation Center

This topic describes the operations that you must perform before you migrate data.

Step 1: Estimate the amount of data to be migrated

Estimate the size and the number of files that you want to migrate. Log on to the Object Storage Service (OSS) console. In the left-side navigation pane, click Buckets. On the Buckets page, find the bucket that you want to migrate and click its name. You can view the storage capacity of the bucket and number of files stored in the bucket.

Note

To make sure that your data can be migrated as expected, you must enter an appropriate size and number of files when you create a migration task.

Step 2: Create a destination NAS file system

Create a destination Apsara File Storage NAS (NAS) file system that is used to store the migrated data. For more information, see Create a file system.
Note
If a NAS file system has been created to store the migrated data, skip this step.
Create a mount target for the NAS file system. For more information, see the Create a mount target section of the "Manage mount targets" topic.
Note
Only a NAS file system that is mounted to a virtual private cloud (VPC) is supported. A NAS file system that is mounted to the classic network is not supported.
If you configure a permission group for the NAS file system, you must allow all IP addresses in the VPC to which the NAS file system is mounted to access the NAS file system. For more information, see Manage permission groups.

Step 3: Create a RAM role that is used to migrate data

To ensure data security, we recommend that you create a RAM role and attach the required policies to the RAM role based on the principle of least privilege for data migration.

Note

If you want to migrate data across Alibaba Cloud accounts, you must create RAM roles for both Alibaba Cloud accounts to which the source and destination buckets belong. Then, you must attach the required policies to the RAM roles.

Log on to the RAM console.
In the left-side navigation pane, choose Identities > Roles.
On the Roles page, click Create Role.
In the Select Role Type step of the Create Role wizard, select Alibaba Cloud Service and click Next.
In the Selected Trusted Entity section, select Normal Service Role as Role Type, enter a RAM role name in the RAM Role Name field, and select Data Online Migration from the Select Trusted Service drop-down list. Then, click OK.

Step 4: Grant permissions to the RAM user

After the RAM user is created, go to the Users page in the RAM console. Find the RAM user that you want to manage and click Add Permissions in the Actions column to grant permissions to the RAM user. Grant the required permissions to the RAM user based on the migration scenario.

Migrate data within the same Alibaba Cloud account

If you want to migrate data within the same Alibaba Cloud account that is used to log on to the Data Online Migration console, you must attach the following policies to the RAM role:

System policy: AliyunMGWFullAccess
Custom policy:
- OSS permissions
  Note
  - The following policy is used to grant the RAM role the permissions to list and read all objects in the source bucket. Replace mybucket with the name of the source bucket.
  - For more information about RAM policies for OSS, see Common examples of RAM policies.
```
{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "oss:ListObjects",
            "Resource": [
                "acs:oss:*:*:mybucket",
                "acs:oss:*:*:mybucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "oss:GetObject",
            "Resource": [
                "acs:oss:*:*:mybucket",
                "acs:oss:*:*:mybucket/*"
            ]
        }
    ]
}
```
- NAS permissions
  Grant the RAM user the permissions to write the data that you want to migrate to the destination file system. For more information about RAM policies for NAS, see Perform access control based on RAM policies.

Migrate data across Alibaba Cloud accounts

If you want to migrate data across Alibaba Cloud accounts, you must grant the following permissions to the RAM users:

RAM user that is created within the source Alibaba Cloud account

System policy: AliyunMGWFullAccess

Custom policy:

Note

The following policy is used to grant the RAM role the permissions to list and read all objects in the source bucket. Replace mybucket with the name of the source bucket.
For more information about RAM policies for OSS, see Common examples of RAM policies.

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "oss:ListObjects",
            "Resource": [
                "acs:oss:*:*:mybucket",
                "acs:oss:*:*:mybucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "oss:GetObject",
            "Resource": [
                "acs:oss:*:*:mybucket",
                "acs:oss:*:*:mybucket/*"
            ]
        }
    ]
}

RAM user that is created within the destination Alibaba Cloud account
- System policy: AliyunMGWFullAccess
- Custom policy:
  Grant the RAM user the permissions to write the data that you want to migrate to the destination file system. For more information about RAM policies for NAS, see Perform access control based on RAM policies.