Unable to restore from readonly S3 bucket

We don't seem to be able to restore the S3 backup/snapshot of one cluster to another (exactly the same version of Elasticsearch). Note, this is for version 1.7 (yeah, I know that is really ancient). Not sure if it is still a problem in more recent versions.

It looks like it might be due to the target cluster having read-only access to the S3 bucket. It seems to attempt to write a test object event when the repository is registered as read-only.

curl -XPUT -H 'Content-Type: application/json' localhost:9200/_snapshot/s3restore -d '{"type": "s3", "settings": {"bucket": "my-bucket", "base_path": "7", "region": "ap-southeast-2", "readonly": true}}'

{"error":"RepositoryVerificationException[[s3restore] path [7] is not accessible on master node]; nested: IOException[Unable to upload object 7/tests-xmzsBVjuRmuwKxiZY93cCw-master due to AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: A020A9CD5348F9EC)]; ","status":500}

Is there a way to do this without relaxing the S3 access permissions?

There is a verify=false option but I don't know if it's available for your version. See https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html#_repository_verification

This fixed it thanks! Somehow we missed the verify=false as it was a URL parameter instead of a field in the settings. Makes sense though, and we don't really need the verification step as we will immediately perform the restore after registering the repository.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.