Configure a snapshot repository using AWS S3edit

Configure a custom snapshot repository using an S3 storage bucket in your AWS account.

Prepare an S3 bucketedit

Create the S3 bucket in your custom AWS account. Make sure the bucket is in the same region as your cluster.

Next, create an IAM user, copy the access key ID and secret, and configure the following user policy. This is important to make sure the access keys, which you will need to provide to your cluster, can only access the intended bucket.

{
  "Statement": [
    {
      "Action": [
        "s3:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::bucket-name",
        "arn:aws:s3:::bucket-name/*"
      ]
    }
  ]
}

For more information on S3 and IAM, see AWS' S3-documentation and IAM-documentation.

Store your secrets in the keystoreedit

You can use the Elasticsearch Service Keystore to store the credentials to access your AWS account.

  1. Log in to the Elasticsearch Service Console.
  2. Navigate to the Security page of the deployment you wish to configure.
  3. Click Create settings.
  4. With Type set to Single string, add the following keys and their values:

    • s3.client.default.access_key
    • s3.client.default.secret_key

Create the repositoryedit

For deployments with Elastic Stack version 7.2 and higher:

  1. Open Kibana and go to Management > Snapshot and Restore.
  2. On the Repositories tab, click Register a repository.
  3. Provide a name for your repository and select type AWS S3.
  4. Provide the following settings:

    • Client: default
    • Bucket: YOUR_S3_BUCKET_NAME
  5. Add any other settings that you wish to configure.
  6. Click Register.
  7. Click Verify to confirm that your settings are correct and the deployment can connect to your repository.
  8. Your snapshot repository is now set up using S3! You can use Kibana to manage your snapshots and begin sending Elasticsearch snapshots to your own bucket. For details see the Kibana Snapshot and Restore documentation.

For deployments with Elastic Stack version 7.1 and lower:

With the bucket ready, you can create a repository with a PUT request to /_snapshot/repository_name:

PUT _snapshot/repository_name
{
  "type": "s3",
  "settings": {
    "bucket": "name-of-bucket",
    "region": "region-of-bucket-same-as-cluster"
  }
}