Contact UsGet started

Configuring access to Object Storage from a Elasticsearch cluster

Written by
Updated at May 13, 2024

Warning

Yandex Managed Service for Elasticsearch is unavailable as of April 11, 2024.

You can create an OpenSearch cluster in Yandex Cloud as an alternative to Elasticsearch.

Managed Service for Elasticsearch supports using Yandex Object Storage as an Elasticsearch snapshot repository. This allows you to use Object Storage for:

For more information about snapshots, see the Elasticsearch documentation.

To access Object Storage bucket data from a cluster:

  1. Connect a service account to a cluster.
  2. Configure access rights.
  3. Connect a snapshot repository.

Connecting a service account to a cluster

  1. When creating or updating a cluster, either select an existing service account or create a new one.

  2. Make sure to assign the storage.editor role or higher to this account.

Setting up access rights

  1. In the management console, select the folder containing the bucket you need. If there is no such bucket, create one.
  2. Select Object Storage.
  3. Select the Buckets tab.
  4. Set up the bucket ACL:
    1. In the Select a user drop-down list, specify the service account connected to the cluster.
    2. Select the READ and WRITE permissions for the selected service account.
    3. Click Add.
    4. Click Save.

Connecting a snapshot repository

Alert

If a bucket is registered in an Elasticsearch cluster as a snapshot repository, do not edit the bucket contents manually as this will disrupt the Elasticsearch snapshot mechanism.

  1. Connect to the cluster.

  2. Install the repository-s3 plugin:

    sudo bin/elasticsearch-plugin install repository-s3

  3. Register the bucket as a snapshot repository using the public Elasticsearch API:

    PUT --cacert ~/.elasticsearch/root.crt https://admin:<password>@<host_FQDN>:9200/_snapshot/<repository>

    In the request parameters, specify the bucket associated with the cluster service account:

    curl --request PUT \
     "https://admin:<password>@<host_FQDN>:9200/_snapshot/<repository>" \
     --cacert ~/.elasticsearch/root.crt \
     --header "Content-Type: application/json" \
     --data '{
       "type": "s3",
       "settings": {
         "endpoint": "storage.yandexcloud.net",
         "bucket": "<bucket_name>",
         "base_path": "<path_to_snapshot_directory>",
         "canned_acl": "bucket-owner-full-control"
       }
     }'

    To learn more about managing repositories, see the Elasticsearch documentation.

Previous
Managing backups
Next
Deleting a cluster