Steps to link ES cluster to s3 and create/restore snapshots
In the Account that the S3 bucket is going to live, create a new IAM policy with the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:s3:::S3-BUCKET-NAME/*",
"arn:aws:iam::ACCOUNT-ID:role/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::S3-BUCKET-NAME"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::S3-BUCKET-NAME/*"
}
]
}
Create a new Role in that AWS account with the above policy, and also create a Trust permission with the following details:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Create a new user in the account and give it the the policy created earlier
---------Create connection to repository
PUT: https://SOURCE-CLUSTER-ENDPOINT/_snapshot/snapshot-respository
Body: as JSON
{ "type": "s3",
"settings": {
"bucket": "S3-BUCKET-NAME",
"region": "us-east-1",
"role_arn": "ARN FOR THE NEWLY CREATED ROLE"
}
}
--------Create backup
PUT: https://vpc-rbx-stg-es-6-8-f7kozzmqn3r2ygnqsqicjlrism.us-east-1.es.amazonaws.com/_snapshot/snapshot-respository/2023-01-05
--------Restore Status
GET: https://vpc-rbx-stg-es-6-8-f7kozzmqn3r2ygnqsqicjlrism.us-east-1.es.amazonaws.com/_snapshot/snapshot-respository/2023-01-05/_status
------Restore
POST: https://vpc-rbx-stg-es-6-8-shardings-ma7dgqmnnngrd6wthxwfgkot5u.us-east-1.es.amazonaws.com/_snapshot/snapshot-respository/2023-01-05/_restore
------Restore status
GET: https://vpc-rbx-stg-es-6-8-shardings-ma7dgqmnnngrd6wthxwfgkot5u.us-east-1.es.amazonaws.com/_cat/recovery
No Comments