Migration of data from one elastic search index to another in different region in AWS using manual snapshots

Question

I have created two elastic search domains - one in us-east-1 and another in us-west-2. I have registered manual snapshot repository in us-east-1 domain and have taken snapshot and the data is in s3 bucket in us-east-1.

How should I go about doing the restoration?

Main questions:

Do I have to do cross-region replication of the s3 bucket to us-west-2, so that everytime a snapshot is taken in us-east-1, it automatically reflects to us-west-2 bucket?
If so, do I have to be in us-west-2 to register manual snapshot repository on the domain and that s3 bucket?
Will the restore API look like this? curl -XPOST 'elasticsearch-domain-endpoint-us-west-2/_snapshot/repository-name/snapshot-name/_restore'

score 0 · Answer 1 · answered Mar 22 '21 at 05:33

You don't need to create S3 buckets in several regions. Only one is sufficient. So your S3 repository will be in us-west-2
You need to create the snapshot repository in both of your clusters so that you can access it from both sides. From one cluster you will create snapshots and from the second cluster you'll be able to restore those snapshots.
Yes, that's correct.

score 0 · Answer 2 · answered Mar 22 '21 at 20:15

1.- No, as Val said you don't need to create S3 buckets in several regions. "all buckets work globally" AWS S3 Bucket with Multiple Regions

2.- Yes you do. You need to create the snapshot repository in both of your clusters. One repository for create your snapshot to the S3 bucket in us-east-1 And other for your snaphost in us-west-2, in order to read from your destination cluster.

3.- Yes It is. Additionally, you need to sign your calls to AWS ES to be able to create the repo and to take the snapshot. The best option for me was to use the Python script described below. To restore it is not necessary.

Follow this instructions: https://medium.com/docsapp-product-and-technology/aws-elasticsearch-manual-snapshot-and-restore-on-aws-s3-7e9783cdaecb and https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-managedomains-snapshots.html

Create a repository

import boto3
import requests
from requests_aws4auth import AWS4Auth

host = 'https://localhost:9999/' # include https:// and trailing / Your elasticsearch endpoint, if you use VPC, you can create a tunnel
region = 'us-east-1' # e.g. us-west-1
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)

path = '_snapshot/yourreponame' # the Elasticsearch API endpoint
url = host + path

payload = {
  "type": "s3",
  "settings": {
    "bucket": "yourreponame_bucket",
    "region": "us-east-1",
    "role_arn": "arn:aws:iam::1111111111111:role/AmazonESSnapshotRole" <-- Don't forget to create the AmazonESSnapshotRole
  }
}

headers = {"Content-Type": "application/json"}

r = requests.put(url, auth=awsauth, json=payload, headers=headers, verify=False)

print(r.status_code)
print(r.text)

Create a snapshot

import boto3
import requests
from requests_aws4auth import AWS4Auth

host = 'https://localhost:9999/' # include https:// and trailing /
region = 'us-east-1' # e.g. us-west-1
service = 'es'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)

path = '_snapshot/yourreponame/yoursnapshot_name' # the Elasticsearch API endpoint
url = host + path

payload = {
  "indices": "*",
  "include_global_state": "false",
  "ignore_unavailable": "false"
}

headers = {"Content-Type": "application/json"}

r = requests.put(url, auth=awsauth, json=payload, headers=headers, verify=False)

print(r.status_code)
print(r.text)

Restore

Must be called without signing

curl -XPOST -k "https://localhost:9999/_snapshot/yourreponame/yoursnapshot_name/_restore" \
-H "Content-type: application/json" \
-d $'{
  "indices": "*",
  "ignore_unavailable": false,
  "include_global_state": false,
  "include_aliases": false
}'

It is highly recommended that the clusters have the same version.

Thanks for the answer! A clarification on the second point: When I create my snapshot repository in us-west-2, I need to be in us-west-2 to be able to do that right? For example: I did it using a lambda in us-east-1 for the domain in east..So I would need to create one more lambda in west with all the permissions to be able to create it again in west right? — srinidhi sridharan, Mar 22 '21 at 23:42
Sorry, at this time Im not a AWS lambda person. I don't know if it's strictly necessary to create another lambda in us-west-2. If possible, feel free to open another question about it. It will be good to know how it goes. — Juan Carlos Alafita, Mar 23 '21 at 18:38

Migration of data from one elastic search index to another in different region in AWS using manual snapshots

2 Answers2