David's Cheatsheet on how to take Elasticsearch Snapshot
Resource: Working with Amazon Elasticsearch Service Index Snapshots
- Send a signed request to register the snapshot directory
- Take snapshot of Elasticsearch domain
- Restore (Optional)
-
The host where Python script and curl command(s) get invoked must have IP connectivity to the ES endpoint. If the host is an EC2 instance on a private subnet, you will need to route requests through a NAT gateway and permit the NAT gateway's public IP in the ES domain's access policy. If the host is an EC2 instance with a public IP address, you will need to permit the public IP address of the instance in the ES domain's access policy. If the host is behind a VPN firewall, you will need to permit the public IP address of the firewall in the ES domain's access policy.
-
Role must have S3 permissions among other
import boto3
import requests
from requests_aws4auth import AWS4Auth
host = 'https://search-inventoryservice-ni7kkw2izko47dar34epivxgo4.us-west-2.es.amazonaws.com/' # include https:// and trailing
/
region = 'us-west-2' # e.g. us-west-1
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)
## Register repository
path = '_snapshot/tars-elasticsearch-snapshots-us-west-2' # the Elasticsearch API endpoint
url = host + path
payload = {
"type": "s3",
"settings": {
"bucket": "tars-elasticsearch-snapshots-us-west-2",
"region": "us-west-2",
"role_arn": "arn:aws:iam::accountid:role/ElasticSearchSnapshotRole" <---- replace accountid with actual account ID
}
}
headers = {"Content-Type": "application/json"}
r = requests.put(url, auth=awsauth, json=payload, headers=headers)
print(r.status_code)
print(r.text)
# # Take snapshot
#
# path = '_snapshot/my-snapshot-repo/my-snapshot'
# url = host + path
#
# r = requests.put(url, auth=awsauth)
#
# print(r.text)
#
# # Delete index
#
# path = 'my-index'
# url = host + path
#
# r = requests.delete(url, auth=awsauth)
#
# print(r.text)
#
# # Restore snapshots (all indices)
#
# path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
# url = host + path
#
# r = requests.post(url, auth=awsauth)
#
# print(r.text)
#
# # Restore snapshot (one index)
#
# path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
# url = host + path
#
# payload = {"indices": "my-index"}
#
# headers = {"Content-Type": "application/json"}
#
# r = requests.post(url, auth=awsauth, json=payload, headers=headers)
#
# print(r.text)
Trust relationship for es.amazonaws.com service
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
TBD
=========================== To manually take a snapshot
- document existing ES domain parameters including access policy
- register repository using register-repo.py
- curl -XPUT 'elasticsearch-domain-endpoint/_snapshot/repository/snapshot-name'
=========================== To see all snapshot repositories
curl -XGET 'elasticsearch-domain-endpoint/_snapshot?pretty'
=========================== To verify the state of all snapshots of your domain
curl -XGET 'elasticsearch-domain-endpoint/_snapshot/repository/_all?pretty'
=========================== To restore all snapshots to a new domain
-
Create new domain with similar ES domain parameters including access policy where the access-policy uses the name of the new domain instead of the old.
Don't blindly copy/paste an access policy from one ES domain to the new one.
-
Register repository with new domain using register-repo-with-new-domain.py
-
Use the restore-snapshot.py script to restore ES domain.
-
If you get error 'cannot restore index [.kibana] because it's open' follow instructions here:
https://aws.amazon.com/premiumsupport/knowledge-center/elasticsearch-kibana-error/