我正在将每个服务下的所有实例从旧AWS账户移动到新的AWS账户。我找到了将EC2和RDS转移到另一个帐户的方法。
现在我需要将Elasticsearch从旧帐户移到新帐户。我无法找到移动我的Elasticsearch的方法。任何人都可以帮我吗?
答案 0 :(得分:3)
使用Elasticsearch权限创建角色。您还可以使用具有以下信任关系的现有角色
{
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
为其访问/密钥将用于拍摄快照的iam用户提供 iam:PassRole 。
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "arn:aws:iam::accountID:role/TheServiceRole"
}
}
更改访问权限&以下代码中的密钥,主机,区域,路径和有效负载并执行它。
import requests
from requests_aws4auth import AWS4Auth
AWS_ACCESS_KEY_ID=''
AWS_SECRET_ACCESS_KEY=''
region = 'us-west-1'
service = 'es'
awsauth = AWS4Auth(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, region, service)
host = 'https://elasticsearch-domain.us-west-1.es.amazonaws.com/' # include https:// and trailing /
# REGISTER REPOSITORY
path = '_snapshot/my-snapshot-repo' # the Elasticsearch API endpoint
url = host + path
payload = {
"type": "s3",
"settings": {
"bucket": "s3-bucket-name",
"region": "us-west-1",
"role_arn": "arn:aws:iam::accountID:role/TheServiceRole"
}
}
headers = {"Content-Type": "application/json"}
r = requests.put(url, auth=awsauth, json=payload, headers=headers) # requests.get, post, put, and delete all have similar syntax
print(r.text)
path = '_snapshot/my-snapshot-repo/my-snapshot'
url = host + path
r = requests.put(url, auth=awsauth)
print(r.text)
现在快照准备就绪。将此快照共享到另一个帐户,并使用与新帐户密钥和端点相同的代码,使用以下代码段恢复该帐户。
path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
url = host + path
r = requests.post(url, auth=awsauth)
print(r.text)
path = '_snapshot/my-snapshot-repo/my-snapshot/_restore'
url = host + path
payload = {"indices": "my-index"}
headers = {"Content-Type": "application/json"}
r = requests.post(url, auth=awsauth, json=payload, headers=headers)
print(r.text)
参考:AWS docs。