Restore a cluster’s data

edit

You can restore snapshots into a running cluster via the restore API. When you restore an index, you can alter the name of the restored index as well as some of its settings. There is a great deal of flexibility in how the snapshot and restore functionality can be used.

If your cluster has Elasticsearch security features enabled, the restore API requires the manage cluster privilege. There is no bespoke role for the restore process. This privilege is very permissive and should only be granted to users in the "administrator" category. Specifically, it allows malicious users to exfiltrate data to a location of their choosing. Automated tools should not run as users with this privilege.