如何将 AWS Elasticsearch 移至另一个账户
How to move AWS Elasticsearch into another account
我正在将每项服务下的所有实例从旧 AWS 账户移动到新 AWS 账户。我找到了将 EC2 和 RDS 转移到另一个帐户的方法。
- 为了移动 EC2 实例,我创建了一个 AMI 并与新的 AWS 帐户共享。使用该图像我创建了一个实例
- 为了移动 RDS 实例,我创建了一个快照并与新的 AWS 账户共享。我已经在新帐户中恢复了共享快照
现在我需要将 Elasticsearch 从旧帐户移动到新帐户。我想不出一种方法来移动我的 Elasticsearch。谁能帮我解决这个问题?
创建具有 Elasticsearch 权限的角色。您也可以使用具有以下信任关系的现有角色,
{
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
为其 access/secret 密钥将用于拍摄快照的 iam 用户提供 iam:PassRole。
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "arn:aws:iam::accountID:role/TheServiceRole"
}
}
更改以下代码中的访问密钥、主机、区域、路径和有效载荷并执行。
import requests
from requests_aws4auth import AWS4Auth
AWS_ACCESS_KEY_ID=''
AWS_SECRET_ACCESS_KEY=''
region = 'us-west-1'
service = 'es'
awsauth = AWS4Auth(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region, service)
host = 'https://elasticsearch-domain.us-west-1.es.amazonaws.com/' # include https:// and trailing /
# REGISTER REPOSITORY
path = '_snapshot/my-snapshot-repo' # the Elasticsearch API endpoint
url = host + path
payload = {
"type": "s3",
"settings": {
"bucket": "s3-bucket-name",
"region": "us-west-1",
"role_arn": "arn:aws:iam::accountID:role/TheServiceRole"
}
}
headers = {"Content-Type": "application/json"}
r = requests.put(url, auth=awsauth, json=payload, headers=headers) # requests.get, post, put, and delete all have similar syntax
print(r.text)
拍摄快照并将其存储在 S3 中
path = '_snapshot/my-snapshot-repo/my-snapshot'
url = host + path
r = requests.put(url, auth=awsauth)
print(r.text)
现在快照已准备就绪。将此快照共享到另一个帐户,并使用具有新帐户密钥和端点的相同代码使用以下代码片段恢复它。
从快照中恢复所有索引
path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
url = host + path
r = requests.post(url, auth=awsauth)
print(r.text)
从快照恢复单个索引
path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
url = host + path
payload = {"indices": "my-index"}
headers = {"Content-Type": "application/json"}
r = requests.post(url, auth=awsauth, json=payload, headers=headers)
print(r.text)
参考:AWS docs.
我正在将每项服务下的所有实例从旧 AWS 账户移动到新 AWS 账户。我找到了将 EC2 和 RDS 转移到另一个帐户的方法。
- 为了移动 EC2 实例,我创建了一个 AMI 并与新的 AWS 帐户共享。使用该图像我创建了一个实例
- 为了移动 RDS 实例,我创建了一个快照并与新的 AWS 账户共享。我已经在新帐户中恢复了共享快照
现在我需要将 Elasticsearch 从旧帐户移动到新帐户。我想不出一种方法来移动我的 Elasticsearch。谁能帮我解决这个问题?
创建具有 Elasticsearch 权限的角色。您也可以使用具有以下信任关系的现有角色,
{
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
为其 access/secret 密钥将用于拍摄快照的 iam 用户提供 iam:PassRole。
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "arn:aws:iam::accountID:role/TheServiceRole"
}
}
更改以下代码中的访问密钥、主机、区域、路径和有效载荷并执行。
import requests
from requests_aws4auth import AWS4Auth
AWS_ACCESS_KEY_ID=''
AWS_SECRET_ACCESS_KEY=''
region = 'us-west-1'
service = 'es'
awsauth = AWS4Auth(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region, service)
host = 'https://elasticsearch-domain.us-west-1.es.amazonaws.com/' # include https:// and trailing /
# REGISTER REPOSITORY
path = '_snapshot/my-snapshot-repo' # the Elasticsearch API endpoint
url = host + path
payload = {
"type": "s3",
"settings": {
"bucket": "s3-bucket-name",
"region": "us-west-1",
"role_arn": "arn:aws:iam::accountID:role/TheServiceRole"
}
}
headers = {"Content-Type": "application/json"}
r = requests.put(url, auth=awsauth, json=payload, headers=headers) # requests.get, post, put, and delete all have similar syntax
print(r.text)
拍摄快照并将其存储在 S3 中
path = '_snapshot/my-snapshot-repo/my-snapshot'
url = host + path
r = requests.put(url, auth=awsauth)
print(r.text)
现在快照已准备就绪。将此快照共享到另一个帐户,并使用具有新帐户密钥和端点的相同代码使用以下代码片段恢复它。
从快照中恢复所有索引
path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
url = host + path
r = requests.post(url, auth=awsauth)
print(r.text)
从快照恢复单个索引
path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
url = host + path
payload = {"indices": "my-index"}
headers = {"Content-Type": "application/json"}
r = requests.post(url, auth=awsauth, json=payload, headers=headers)
print(r.text)
参考:AWS docs.