MinIO Multi Cloud Object Storage Available on AWS Marketplace

MinIO’s multi-cloud credentials are well established at this point with millions of deployments across the public cloud, private cloud and edge and close to a million on AWS alone.

Our goal in adding MinIO to the AWS Marketplace was to make it even easier for customers to run MinIO inside the biggest public cloud - gaining operational and economic benefits in the process.

As the leading cloud provider, AWS features prominently in many multicloud strategies.


Our approach to the AWS Marketplace is opinionated and Kubernetes centric. We thought long and hard about our customers’ needs and developed a YAML-based approach to deliver that with just a handful of clicks.

Sophisticated users can continue to roll their own solutions, but we think for the majority of the market, our “few clicks and you are done” approach will provide an optimal blend of resiliency, security, scalability and operational efficiency. The ability to manage these environments using MinIO Operator and Operator Console will further simplify Day 2 operations.

In order to give our customers the easiest and most streamlined MinIO-on-AWS experience, we conducted a TCO analysis for over 220 AWS instance types to make sure that we’re choosing the best infrastructure for your object storage. We took factors such as storage type, CPU type, cores and network performance into account and calculated the cost per GB of using that instance type as MinIO nodes. We then deployed MinIO as a small cluster on the instances with the best TCO. That exercise led us to conclude that when optimizing for performance, the i3en.12xlarge series of instances with NVMe and when optimizing for capacity, the d3en.12xlarge series with HDD provide the best TCO/performance ratio.

As storage requirements are constantly growing, we made it easy for customers to expand - simply add MinIO clusters in multiples of four AWS instances. Configure additional virtual machines to meet your capacity and erasure coding needs, then purchase them using the terms that meet your financial needs. For example, it's possible to save up to 58% by contracting for three year reserved instances, and even more by paying up front. Pricing instances can be complicated because of the many factors involved, please feel free to reach out to us via the Contact Sales button for help.  

You can make use of MinIO’s sophisticated data lifecycle features to enable storage tiering - and achieve better performance and lower cost than merely relying on S3 itself! Provision a fast MinIO primary storage cluster on i3en.12xlarge for NVMe, then tier to a less expensive and not-as-fast MinIO secondary storage cluster on d3en.12xlarge for HDD, and finally tier the least performance-sensitive data to even less expensive AWS S3 Glacier.

There are economic benefits as well. While this is a technical post, you can find additional information about the cost savings, operational savings and lock-in avoidance running MinIO inside of AWS provides.  

Getting Started with MinIO Multi Cloud Object Storage on AWS Marketplace

Prerequisites

You must create a subscription in the AWS Marketplace for MinIO, otherwise the automation from this setup won't work due to a missing entitlement.

You must also have installed:

Configuration Parameters

To get started, you are going to need three basic configuration parameters for your cluster: Entering them below will populate the necessary commands to deploy MinIO through EKS.

Step 1: Setup Cluster

eksctl create cluster --config-file minio-cluster.yaml

Where the minio-cluster.yaml file is the following:

apiVersion: eksctl.io/v1alpha5
availabilityZones:
  - us-west-2c
  - us-west-2d
  - us-west-2b
cloudWatch:
  clusterLogging: { }
iam:
  vpcResourceControllerPolicy: true
  withOIDC: false
kind: ClusterConfig
managedNodeGroups:
  - amiFamily: AmazonLinux2
    desiredCapacity: 2
    maxSize: 2
    minSize: 2
    disableIMDSv1: false
    disablePodIMDS: false
    iam:
      withAddonPolicies:
        albIngress: false
        appMesh: false
        appMeshPreview: false
        autoScaler: false
        certManager: false
        cloudWatch: false
        ebs: false
        efs: false
        externalDNS: false
        fsx: false
        imageBuilder: false
        xRay: false
    instanceSelector: { }
    instanceType: m5.xlarge
    labels:
      alpha.eksctl.io/cluster-name: minio-cluster
      alpha.eksctl.io/nodegroup-name: ng-minio-mngt
      alpha.min.io/nodegroup-template: template
    name: ng-minio-mngt
    privateNetworking: false
    releaseVersion: ""
    securityGroups:
      withLocal: null
      withShared: null
    ssh:
      allow: false
      publicKeyPath: ""
    tags:
      alpha.eksctl.io/nodegroup-name: ng-minio-mngt
      alpha.eksctl.io/nodegroup-type: managed
    volumeIOPS: 3000
    volumeSize: 80
    volumeThroughput: 125
    volumeType: gp3
    preBootstrapCommands:
      - echo IyEvYmluL2Jhc2gKI3NldCAteAoKbW91bnRfZGV2aWNlKCl7CkRFVklDRT0iL2Rldi8kMSIKVk9MVU1FX05BTUU9JDIKTU9VTlRfUE9JTlQ9JDMKCmZvcm1hdF9kZXZpY2UoKSB7CiAgZWNobyAiRm9ybWF0dGluZyAkREVWSUNFIgogIG1rZnMueGZzIC1pbWF4cGN0PTI1IC1mIC1MICRNT1VOVF9QT0lOVCAkREVWSUNFCn0KY2hlY2tfZGV2aWNlKCkgewogIGlmIFsgLWYgIi9ldGMvc3lzdGVtZC9zeXN0ZW0vJE1PVU5UX1BPSU5ULm1vdW50IiBdOyB0aGVuCiAgICBlY2hvICJEZXZpY2UgJE1PVU5UX1BPSU5UICgkREVWSUNFKSBleGlzdHMiCiAgICBlY2hvICJObyBhY3Rpb25zIHJlcXVpcmVkLi4uIgogIGVsc2UKICAgIGVjaG8gIiRNT1VOVF9QT0lOVC5tb3VudCB3YXMgbm90IGZvdW5kLCBjcmVhdGluZyB2b2x1bWUiCiAgICBmb3JtYXRfZGV2aWNlCiAgZmkKfQpjaGVja19tb3VudCgpIHsKICBpZiBbIC1mICIvZXRjL3N5c3RlbWQvc3lzdGVtLyRNT1VOVF9QT0lOVC5tb3VudCIgXTsgdGhlbgogICAgZWNobyAiRm91bmQgJE1PVU5UX1BPSU5ULm1vdW50IGluIC9ldGMvc3lzdGVtZC9zeXN0ZW0vIgogICAgZWNobyAiTm8gYWN0aW9ucyByZXF1aXJlZC4uLiIKICBlbHNlCiAgICBlY2hvICIkTU9VTlRfUE9JTlQubW91bnQgd2FzIG5vdCBmb3VuZCBpbiAvZXRjL3N5c3RlbWQvc3lzdGVtLyBhZGRpbmcgaXQiCiAgICBta2RpciAtcCAvJE1PVU5UX1BPSU5UCiAgICAKICAgIGVjaG8gIltVbml0XSIgPj4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS8kTU9VTlRfUE9JTlQubW91bnQKICAgIGVjaG8gIkRlc2NyaXB0aW9uPU1vdW50IFN5c3RlbSBCYWNrdXBzIERpcmVjdG9yeSIgPj4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS8kTU9VTlRfUE9JTlQubW91bnQKICAgIGVjaG8gIiIgPj4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS8kTU9VTlRfUE9JTlQubW91bnQKICAgIGVjaG8gIltNb3VudF0iID4+IC9ldGMvc3lzdGVtZC9zeXN0ZW0vJE1PVU5UX1BPSU5ULm1vdW50CiAgICBlY2hvICJXaGF0PUxBQkVMPSRNT1VOVF9QT0lOVCIgPj4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS8kTU9VTlRfUE9JTlQubW91bnQKICAgIGVjaG8gIldoZXJlPS8kTU9VTlRfUE9JTlQiID4+IC9ldGMvc3lzdGVtZC9zeXN0ZW0vJE1PVU5UX1BPSU5ULm1vdW50CiAgICBlY2hvICJUeXBlPXhmcyIgPj4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS8kTU9VTlRfUE9JTlQubW91bnQKICAgIGVjaG8gIk9wdGlvbnM9bm9hdGltZSIgPj4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS8kTU9VTlRfUE9JTlQubW91bnQKICAgIGVjaG8gIiIgPj4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS8kTU9VTlRfUE9JTlQubW91bnQKICAgIGVjaG8gIltJbnN0YWxsXSIgPj4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS8kTU9VTlRfUE9JTlQubW91bnQKICAgIGVjaG8gIldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0IiA+PiAvZXRjL3N5c3RlbWQvc3lzdGVtLyRNT1VOVF9QT0lOVC5tb3VudAoKICAgIHN5c3RlbWN0bCBlbmFibGUgJE1PVU5UX1BPSU5ULm1vdW50CiAgICBzeXN0ZW1jdGwgc3RhcnQgJE1PVU5UX1BPSU5ULm1vdW50CiAgZmkKfQpMQUJFTD0kKGJsa2lkIC1MICRWT0xVTUVfTkFNRSkKY2hlY2tfZGV2aWNlCmNoZWNrX21vdW50CnN5c3RlbWN0bCBkYWVtb24tcmVsb2FkCn0KCmZvciBpIGluIGBsc2JsayAtZCB8IGdyZXAgLXYgTkFNRSB8IGdyZXAgLXYgbnZtZTAgfCBhd2sgJ3twcmludCAkMX0nYDsgZG8KICBtbnRfcG9pbnQ9YGVjaG8gJGkgfCBzZWQgLWUgJ3MvbnZtZS9kaXNrL2cnIC1lICdzL24xLy9nJ2AKICBtb3VudF9kZXZpY2UgJGkgJGkgJG1udF9wb2ludDsKZG9uZQo= | base64 --decode > mount_drives.sh
      - chmod +x mount_drives.sh
      - ./mount_drives.sh
metadata:
  name: minio-cluster
  region: us-west-2
  version: "1.21"
privateCluster:
  enabled: false
  skipEndpointCreation: false
vpc:
  autoAllocateIPv6: false
  cidr: 192.168.0.0/16
  clusterEndpoints:
    privateAccess: false
    publicAccess: true
  manageSharedNodeSecurityGroupRules: true
  nat:
    gateway: Single

Step 2. Setup Required Roles, Policies and Connectors

All of these are scoped to the specific cluster called minio-cluster in the region us-west-2 and the account number 000000000000 , so make sure to update those values on the Configuration Parameters step.

2.1 Create IAM Policy

aws iam create-policy \
    --policy-name minio-eks-minio-cluster-group-scaling \
    --policy-document file://iam-policy.json

Where the iam-policy.json file is the following:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "eks:DescribeNodegroup",
        "eks:ListNodegroups"
      ],
      "Resource": [
        "arn:aws:eks:*:000000000000:nodegroup/minio-cluster/*/*",
        "arn:aws:eks:us-west-2:000000000000:cluster/minio-cluster"
      ]
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "eks:UpdateNodegroupConfig",
      "Resource": [
        "arn:aws:eks:*:000000000000:nodegroup/minio-cluster/*/*",
        "arn:aws:eks:us-west-2:000000000000:cluster/minio-cluster"
      ]
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "eks:CreateNodegroup",
        "eks:TagResource"
      ],
      "Resource": "arn:aws:eks:us-west-2:000000000000:cluster/minio-cluster"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "iam:PassRole",
        "iam:ListAttachedRolePolicies"
      ],
      "Resource": "arn:aws:iam::000000000000:role/eksctl-minio-cluster*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "iam:GetRole"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "ec2:RunInstances",
        "ec2:DescribeSubnets",
        "autoscaling:Describe*",
        "ec2:DescribeLaunchTemplateVersions"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "ec2:CreateTags"
      ],
      "Resource": "*"
    }
}

2.2 Create an OIDC Provider

eksctl utils associate-iam-oidc-provider --region=us-west-2 --cluster=minio-cluster --approve

2.3 Create Trust + Role + Service Account

eksctl create iamserviceaccount \
    --name integration-sa \
    --namespace minio-operator \
    --cluster minio-cluster \
    --attach-policy-arn arn:aws:iam::000000000000:policy/minio-eks-minio-cluster-group-scaling \
    --approve \
    --override-existing-serviceaccounts

Step 3. Install Operator

kubectl apply -k github.com/minio/operator/resources/\?ref\=v4.3.7

3.1 Get the JWT to login to Operator UI

kubectl -n minio-operator  get secret $(kubectl -n minio-operator get serviceaccount console-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode

Step 4. Port Forward into Operator UI

kubectl -n minio-operator port-forward svc/console 9090

4.1 Open the UI and Create a Tenant

Go to http://localhost:9090, enter the JWT from the previous step and create a tenant.

Now click on "Create Tenant".

Fill in the desired size of the MinIO tenant and the storage type:

Step 5. Sign up for MinIO Support

To receive 24/7 support, send us an email at support@min.io with your AWS Account Number to get started.

MinIO is the Key to Multicloud Success

Get started with MinIO on AWS Marketplace today. If you have any questions, ping us on hello@min.io or join the Slack community.