How do I make my Amazon Elasticsearch Service domain more fault tolerant?
Last updated: 2021-01-05
I want to protect Amazon Elasticsearch Service (Amazon ES) resources against accidental deletion, application or hardware failures, or outages. What are some best practices for improving fault tolerance or restoring snapshots?
To improve the fault tolerance of an Amazon ES domain, consider the following best practices:
- Take regular index snapshots.
- Use Amazon CloudWatch metrics to monitor Amazon ES resources.
- Understand Amazon ES service limits.
- Use dedicated master nodes.
- Use at least three nodes.
- Enable zone awareness.
- Don't use T2 instances in production environments.
Take regular index snapshots
All Amazon ES domains take automated snapshots. Take manual index snapshots to create point-in-time backups of the data in an Amazon ES domain. Store the snapshots in an Amazon Simple Storage Service (Amazon S3) bucket. You can also use manual index snapshots to migrate data between Amazon ES domains and to restore data to another Amazon ES domain.
Monitor Amazon CloudWatch metrics
- Use the Cluster health and Instance health tabs in the Amazon ES console to monitor Amazon CloudWatch metrics about your Elasticsearch clusters.
- Create Amazon CloudWatch alarms for important Amazon ES metrics. For example, monitor the AutomatedSnapshotFailure metric to confirm that automated snapshots are happening at regular intervals. For a tutorial, see Get started with Amazon Elasticsearch Service: Set CloudWatch alarms on key metrics.
Use dedicated master nodes
Dedicated master nodes help prevent problems that are caused by overloaded nodes. Use dedicated master nodes when:
- Your domain is used in production environments.
- Your domain has five or more nodes.
- Your index mapping is complex, with many fields defined across types and indices.
Use at least three nodes
To avoid an unintentionally partitioned network (split brain), use at least three nodes. To avoid potential data loss, be sure that you have at least one replica for each index. (By default, each index has one replica.)
Enable zone awareness
Note: For a setup of three Availability Zones, use two replicas of your index. If there is a single zone failure, the two replicas ensure 100% data redundancy.
Don't use T2 instances in production environments
For production environments, use M-class or larger Amazon Elastic Compute Cloud (Amazon EC2) instances. If you decide to use T2 instance types, be sure to monitor the CPU credits, CPU usage, memory usage, and stability of your instances. Scale up or out when necessary.
Additionally, note the following limitations for T2 instances:
- T2 instances are assigned CPU credits. If there is a spike in network traffic, your Elasticsearch cluster could exceed the amount of CPU credits available in your T2 instance. For more information, see CPU credits and baseline utilization for burstable performance instances.
- T2 instances have an EBS volume limit of 35 GB.
- T2 instances have a payload limit of 10 MB. Make sure that your request payload does not exceed the payload limit. For more information about Amazon ES service limits, see Network limits.
- T2 instance types can be used only if your Amazon ES instance count is ten or fewer. For more information about the supported Amazon ES instance types, see Supported instance types.
- T2 instance types must not be used as data nodes or dedicated master nodes. T2 instance types can become unstable under sustained heavy load. For more information, see Amazon Elasticsearch Service best practices.