Table of contents

Backup and restore Elasticsearch indices

GOV.UK uses AWS Managed Elasticsearch which takes daily snapshots of the cluster.

After a restore has taken place, traffic will need to be replayed following the restore, since the index will be out-of-sync with the publishing apps.

AWS Managed Elasticsearch 5.x

Daily snapshots of the Elasticsearch indices are taken automatically by AWS as part of the managed service. These are stored in a S3 bucket that is not made available to us. Restoration is done by making HTTP requests to the _snapshot endpoint.

To restore a snapshot, follow these steps:

  1. Log into a search machine

    govukcli set-context <environment>
    govukcli ssh search
  2. Query the _snapshot endpoint of Elasticsearch to get the snapshot repository name:

    curl http://elasticsearch5/_snapshot?pretty
  3. Query the _all endpoint to identify the available snapshots in the named repository:

    curl http://elasticsearch5/_snapshot/<repository-name>/_all?pretty
  4. If an index already exists with the same name as the one being restored, delete the existing index:

    curl -XDELETE http://elasticsearch5/<index-name>
  5. Restore the index from the snapshot:

    curl -XPOST 'http://elasticsearch5/_snapshot/<repository-name>/<snapshot-id>/_restore' -d '{"indices": "<index-name>"}' -H 'Content-Type: application/json'

Further information about Elasticsearch snapshots can be found in the AWS documentation

This page was last reviewed on 25 March 2019. It needs to be reviewed again on 22 April 2019 by the page owner #govuk-2ndline .
This page was set to be reviewed before 22 April 2019 by the page owner #govuk-2ndline. This might mean the content is out of date.