如何将 AWS Elasticsearch 移至另一个账户

Question

我正在将每项服务下的所有实例从旧 AWS 账户移动到新 AWS 账户。我找到了将 EC2 和 RDS 转移到另一个帐户的方法。

为了移动 EC2 实例，我创建了一个 AMI 并与新的 AWS 帐户共享。使用该图像我创建了一个实例
为了移动 RDS 实例，我创建了一个快照并与新的 AWS 账户共享。我已经在新帐户中恢复了共享快照

现在我需要将 Elasticsearch 从旧帐户移动到新帐户。我想不出一种方法来移动我的 Elasticsearch。谁能帮我解决这个问题？

Answer 1

创建具有 Elasticsearch 权限的角色。您也可以使用具有以下信任关系的现有角色，

{
  "Effect": "Allow",
  "Principal": {
    "Service": "es.amazonaws.com"
  },
  "Action": "sts:AssumeRole"
}

为其 access/secret 密钥将用于拍摄快照的 iam 用户提供 iam:PassRole。

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": "iam:PassRole",
    "Resource": "arn:aws:iam::accountID:role/TheServiceRole"
  }
}

更改以下代码中的访问密钥、主机、区域、路径和有效载荷并执行。

import requests
from requests_aws4auth import AWS4Auth

AWS_ACCESS_KEY_ID=''
AWS_SECRET_ACCESS_KEY=''
region = 'us-west-1'
service = 'es'

awsauth = AWS4Auth(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region, service)
host = 'https://elasticsearch-domain.us-west-1.es.amazonaws.com/' # include https:// and trailing /

# REGISTER REPOSITORY
path = '_snapshot/my-snapshot-repo' # the Elasticsearch API endpoint
url = host + path

payload = {
  "type": "s3",
  "settings": {
    "bucket": "s3-bucket-name",
    "region": "us-west-1",
    "role_arn": "arn:aws:iam::accountID:role/TheServiceRole"
  }
}

headers = {"Content-Type": "application/json"}
r = requests.put(url, auth=awsauth, json=payload, headers=headers) # requests.get, post, put, and delete all have similar syntax
print(r.text)

拍摄快照并将其存储在 S3 中

path = '_snapshot/my-snapshot-repo/my-snapshot'
url = host + path
r = requests.put(url, auth=awsauth)
print(r.text)

现在快照已准备就绪。将此快照共享到另一个帐户，并使用具有新帐户密钥和端点的相同代码使用以下代码片段恢复它。

从快照中恢复所有索引

path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
url = host + path
r = requests.post(url, auth=awsauth)
print(r.text)

从快照恢复单个索引

path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
url = host + path
payload = {"indices": "my-index"}
headers = {"Content-Type": "application/json"}
r = requests.post(url, auth=awsauth, json=payload, headers=headers)
print(r.text)

参考：AWS docs.

如何将 AWS Elasticsearch 移至另一个账户

How to move AWS Elasticsearch into another account

amazon-web-services

aws-elasticsearch

拍摄快照并将其存储在 S3 中

从快照中恢复所有索引

从快照恢复单个索引