Manual snapshots
We need to perform one-time setup to associate the S3 bucket with the ES cluster, and configure the appropriate IAM Role.
Create IAM Role (one-time configuration)
ESTEST_MANUAL_SNAPSHOT_ROLENAME=ESTEST_Manual_Snapshot_Role
ESTEST_MANUAL_SNAPSHOT_IAM_POLICY_NAME=ESTEST_Manual_Snapshot_IAM_Policy
ESTEST_MANUAL_SNAPSHOT_S3_BUCKET=jimtran-elasticsearch-snapshots
ESTEST_IAM_MANUAL_SNAPSHOT_ROLE_ARN=arn:aws:iam::$ESTEST_ACCOUNT_ID:role/$ESTEST_MANUAL_SNAPSHOT_ROLENAME
aws iam create-role \
--role-name "$ESTEST_MANUAL_SNAPSHOT_ROLENAME" \
--output text \
--query 'Role.Arn' \
--assume-role-policy-document '{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": { "Service": "es.amazonaws.com"},
"Action": "sts:AssumeRole"
}
]
}'
cat << EOF > /tmp/iam-policy_for_es_snapshot_to_s3.json
{
"Version":"2012-10-17",
"Statement":[{
"Action":["s3:ListBucket"],
"Effect":"Allow",
"Resource":["arn:aws:s3:::$ESTEST_MANUAL_SNAPSHOT_S3_BUCKET"]
},{
"Action":[
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"iam:PassRole"
],
"Effect":"Allow",
"Resource":["arn:aws:s3:::$ESTEST_MANUAL_SNAPSHOT_S3_BUCKET/*"]
}
]
}
EOF
aws iam put-role-policy \
--role-name "$ESTEST_MANUAL_SNAPSHOT_ROLENAME" \
--policy-name "$ESTEST_MANUAL_SNAPSHOT_IAM_POLICY_NAME" \
--policy-document file:///tmp/iam-policy_for_es_snapshot_to_s3.json
Run snapshot registration script (one-time configuration)
The Python script will need AWS credentials, so you will need to set the following environment variables with your AWS credentials.
ESTEST_AWS_ACCESS_KEY_ID=<your AWS access key>
ESTEST_AWS_SECRET_ACCESS_KEY=<your AWS secret access key>
Save as one-time-snapshot-registration.py:
from boto.connection import AWSAuthConnection
import os
class ESConnection(AWSAuthConnection):
def __init__(self, region, **kwargs):
super(ESConnection, self).__init__(**kwargs)
self._set_auth_region_name(region)
self._set_auth_service_name("es")
def _required_auth_capability(self):
return ['hmac-v4']
if __name__ == "__main__":
client = ESConnection(
region=os.environ['ESTEST_REGION'],
host=os.environ['ES_CLUSTER_DNS'],
aws_access_key_id=os.environ['ESTEST_AWS_ACCESS_KEY_ID'],
aws_secret_access_key=os.environ['ESTEST_AWS_SECRET_ACCESS_KEY'],
is_secure=False)
data='{"type": "s3","settings": { ' + \
'"bucket": "' + os.environ['ESTEST_MANUAL_SNAPSHOT_S3_BUCKET'] + \
'","region": "' + os.environ['ESTEST_REGION'] + \
'","role_arn": "' + os.environ['ESTEST_IAM_MANUAL_SNAPSHOT_ROLE_ARN'] + \
'"}}'
print 'Registering Snapshot Repository'
resp = client.make_request(method='POST',
path='/_snapshot/weblogs-index-backups',
data=data)
body = resp.read()
print body
Run the one-time script
# make environment variable available to subprocesses
export ESTEST_REGION=$ESTEST_REGION
export ES_CLUSTER_DNS=$ES_CLUSTER_DNS
export ESTEST_REGION=$ESTEST_REGION
export ESTEST_MANUAL_SNAPSHOT_S3_BUCKET=$ESTEST_MANUAL_SNAPSHOT_S3_BUCKET
export ESTEST_IAM_MANUAL_SNAPSHOT_ROLE_ARN=$ESTEST_IAM_MANUAL_SNAPSHOT_ROLE_ARN
export ESTEST_AWS_ACCESS_KEY_ID=$ESTEST_AWS_ACCESS_KEY_ID
export ESTEST_AWS_SECRET_ACCESS_KEY=$ESTEST_AWS_SECRET_ACCESS_KEY
# upgrade boto if necessary
sudo pip install --upgrade boto
python one-time-snapshot-registration.py
Take manual snapshot
curl -s -XPUT "$ES_CLUSTER/_snapshot/weblogs-index-backups/snapshot_name" | jq .
Get info about that particular snapshot
curl -s -XGET "$ES_CLUSTER/_snapshot/weblogs-index-backups/snapshot_name" | jq .
List info about all snapshots
curl -s -XGET "$ES_CLUSTER/_snapshot/weblogs-index-backups/_all" | jq .
Delete all indices and restore from the manual snapshot
Delete all indices
curl -XDELETE "$ES_CLUSTER/_all"
Restore from snapshot
curl -XPOST "$ES_CLUSTER/_snapshot/weblogs-index-backups/snapshot_name/_restore"