Table of contents


Backup and restore Elasticsearch indices

GOV.UK uses AWS Managed Elasticsearch which takes daily snapshots of the cluster as part of the managed service. These are stored in a S3 bucket that is not made available to us. Restoration is done by making HTTP requests to the _snapshot endpoint.

To restore a snapshot, follow these steps:

  1. Log into a search machine

    govukcli set-context <environment>
    govukcli ssh search
  2. Query the _snapshot endpoint of Elasticsearch to get the snapshot repository name:

    curl http://elasticsearch5/_snapshot?pretty
  3. Query the _all endpoint to identify the available snapshots in the named repository:

    curl http://elasticsearch5/_snapshot/<repository-name>/_all?pretty
  4. If an index already exists with the same name as the one being restored, delete the existing index:

    curl -XDELETE http://elasticsearch5/<index-name>
  5. Restore the index from the snapshot:

    curl -XPOST 'http://elasticsearch5/_snapshot/<repository-name>/<snapshot-id>/_restore' -d '{"indices": "<index-name>"}' -H 'Content-Type: application/json'

Further information about Elasticsearch snapshots can be found in the AWS documentation

After a restore has taken place, traffic will need to be replayed following the restore, since the index will be out-of-sync with the publishing apps.

This page was last reviewed on 26 April 2019. It needs to be reviewed again on 26 July 2019 by the page owner #govuk-2ndline .
This page was set to be reviewed before 26 July 2019 by the page owner #govuk-2ndline. This might mean the content is out of date.