Manage a backup plan

Overview

This page explains how to create and manage a backup plan for vaulted backups. For a description of what backup plans are and how they are used, see Backup plans in the Google Cloud console.

Before you begin

To get the permissions that you need to create and manage a backup plan, ask your administrator to grant you the Backup and DR User V2 (roles/backupdr.userv2) IAM role on your backup vault project. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the permissions required to create and manage a backup plan. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to create and manage a backup plan:

  • backupdr.backupPlans.create
  • backupdr.backupPlans.list
  • backupdr.backupPlans.get
  • backupdr.backupPlans.delete
  • backupdr.backupVaults.associate

You might also be able to get these permissions with custom roles or other predefined roles.

For guidance on granting a user the ability to apply backup plans in a given project (without the ability to create backup plans), see IAM roles and permissions for the backup user.

Create a backup plan

Use the following instructions to create a backup plan for vaulted backups:

Console

  1. In the Google Cloud console, go to the Backup plans page in the Backup and DR section.
  2. Click Create Backup plan.
  3. For Resource Type, select your target resource.
  4. For Identity, provide a unique Name and an optional Description.
  5. For Location, select the Region where the plan is active.
  6. For Destination, select the Backup vault that stores the data.
  7. To configure backup rules, do the following:
    1. Click Add rule.
    2. Set the Recurrence.
    3. Set the Backup window.
    4. Set the Retention period.
    5. For On-Demand Retention, set the Maximum custom on-demand retention value. If unspecified, the vault's minimum enforced retention plus 30 days is used as the default limit.
    6. For databases, toggle Database Logs to enable transaction log protection.
  8. Click Create.

A backup plan and its linked backup vault must reside in the same project.

gcloud

  1. Create a backup plan with a backup rule for a Compute Engine instance.

    gcloud backup-dr backup-plans create BACKUP_PLAN_NAME \
--location=REGION \
--resource-type=RESOURCE_TYPE \
--project=PROJECT_ID \
--backup-vault=BACKUPVAULT_NAME \
--backup-rule=rule-id=RULE_NAME,recurrence=RECURRENCE,hourly-frequency=HOURS,time-zone=TIME_ZONE,backup-window-start=START_TIME,backup-window-end=END_TIME,retention-days=BACKUP_RETENTION --max-custom-on-demand-retention-days=MAX_ONDEMAND_RETENTION

    Replace the following:

    • BACKUP_PLAN_NAME: the name of the backup plan.
    • REGION: the Google Cloud region where you want to create the backup plan.

    • RESOURCE_TYPE: the resource type to be protected by the backup plan. Values are:

      • compute.googleapis.com/Instance
      • compute.googleapis.com/Disk
      • sql.googleapis.com/Instance
      • alloydb.googleapis.com/Cluster
      • file.googleapis.com/Instance

    • PROJECT_ID: the name of the project where the backup vault resides.

    • BACKUPVAULT_NAME: the name of the backup vault that you want to use for backup storage.

    • RULE_NAME: the name of the backup rule.

    • RECURRENCE: the frequency at which backups to be created. It can be hourly, daily, weekly, monthly, or yearly.

    • HOURS: the frequency of the hourly backups. Specify this value only if you set the recurrence to hourly. The minimum hourly is always set to six hours.

    • TIME_ZONE: the time zone for the backup plan, such as UTC. Use the IANA time zone format to include the timezone for the backup plan.

    • START_TIME: the start time is the hour of the day in a 24 hour format. The start time must be before the end time and is inclusive for the backup window.

    • END_TIME: the end time is the hour of the day in a 24 hour format. The end time must be after the start time and is exclusive for the backup window.

    • BACKUP_RETENTION: the retention period of the backup. Note that the backup retention period must be equal to or greater than the backup vault enforced minimum retention period.

    • MAX_ONDEMAND_RETENTION: The maximum allowed custom retention period (in days) for on-demand backups created using this backup plan.

  2. Create a backup plan with no backup rule for a Compute Engine instance.

    gcloud backup-dr backup-plans create BACKUP_PLAN_NAME \
--location=REGION \
--resource-type=RESOURCE_TYPE \
--project=PROJECT_ID \
--backup-vault=BACKUPVAULT_NAME \
--max-custom-on-demand-retention-days=MAX_ONDEMAND_RETENTION

  3. Examples of assigning a backup plan:

    Example: Back up a Compute Engine instance every six hours and store the backups for 11 days.

      gcloud backup-dr backup-plans create bp-hourly \
  --project=test-project --location=us-central1 \
  --resource-type=compute.googleapis.com/Instance \
  --backup-vault=test-bv \
  --backup-rule=rule-id=rule-hourly,recurrence=HOURLY,hourly-frequency=6,backup-window-start=5,backup-window-end=12,retention-days=11

    Example: Back up disks daily between 5 AM and 12 PM and store the backups for 12 days.

      gcloud backup-dr backup-plans create bp-daily \
  --project=test-project --location=us-central1 \
  --resource-type=compute.googleapis.com/Disk \
  --backup-vault=test-bv \
  --backup-rule=rule-id=rule-daily,recurrence=DAILY,backup-window-start=5,backup-window-end=12,retention-days=12

    Example: Back up a Compute Engine instance on Monday and Wednesday between 5 AM and 12 PM and store the backups for 13 days.

      gcloud backup-dr backup-plans create bp-weekly \
  --project=test-project --location=us-central1 \
  --resource-type=compute.googleapis.com/Instance \
  --backup-vault=test-bv \
  --backup-rule=rule-id=rule-weekly,recurrence=WEEKLY,days-of-week='MON WED',backup-window-start=5,backup-window-end=12,retention-days=13

    Example: Back up disks on 1st and 15th of every month between 5 AM and 12 PM and store the backups for 14 days.

      gcloud backup-dr backup-plans create bp-monthly \
  --project=test-project --location=us-central1 \
  --resource-type=compute.googleapis.com/Disk \
  --backup-vault=test-bv \
  --backup-rule=rule-id=rule-monthly,recurrence=MONTHLY,days-of-month='1 15',backup-window-start=5,backup-window-end=12,retention-days=14

    Example: Back up a Compute Engine instance on the 10th, 20th, 30th of March, June, September, December of every year, and store the backups for 16 days.

      gcloud backup-dr backup-plans create bp-yearly \
  --project=test-project --location=us-central1 \
  --resource-type=compute.googleapis.com/Instance \
  --backup-vault=test-bv \
  --backup-rule=rule-id=rule-yearly,recurrence=YEARLY,months='MAR JUN SEP DEC',days-of-month='10 20 30',backup-window-start=5,backup-window-end=12,retention-days=16

Terraform

You can use a Terraform resource to create a backup plan with an hourly, daily, weekly, monthly, or yearly backup frequency.


# Before creating a backup plan, you need to create backup vault (google_backup_dr_backup_vault).
resource "google_backup_dr_backup_plan" "default" {
  provider       = google-beta
  location       = "us-central1"
  backup_plan_id = "my-bp"
  resource_type  = "compute.googleapis.com/Instance"
  backup_vault   = google_backup_dr_backup_vault.default.name
  # log_retention_days = 2 # Only applicable for Cloud SQL

  backup_rules {
    rule_id               = "rule-1"
    backup_retention_days = 5

    standard_schedule {
      recurrence_type  = "HOURLY"
      hourly_frequency = 6
      time_zone        = "UTC"

      backup_window {
        start_hour_of_day = 0
        end_hour_of_day   = 24
      }
    }
  }
}

List backup plans

Use the following instructions to list backup plans.

Console

  1. In the Google Cloud console, go to the Backup plans page.

    Go to Backup plans

    The Backup plan page lists all of the backup plans in your project.

gcloud

  1. List the backup plans.

      gcloud backup-dr backup-plans list \
  --location=LOCATION \
  --project=PROJECT_ID

    Replace the following:

    • LOCATION: the location of the backup plans.
    • PROJECT_ID: the name of the project where the backup plans are created.

View backup plan details

Use the following instructions to view backup plan details.

Console

  1. In the Google Cloud console, go to the Backup plans page.

    Go to Backup plans

  2. In the list of backup plans, click the name of the of the backup plan you want to view.

    The backup plan details displays the following information:

    • Resource type
    • Backup plan details
    • Backup vault name
    • Backup storage location
    • Backup retention period

gcloud

  1. View the backup plan details.

      gcloud backup-dr backup-plans describe BACKUP_PLAN_NAME \
  --location=LOCATION \
  --project=PROJECT_ID

    Replace the following:

    • BACKUP_PLAN_NAME: the name of the backup plan.
    • LOCATION: the location of the backup plan.
    • PROJECT_ID: the name of the project where the backup plan is created.

Delete a backup plan

A backup plan cannot be deleted if you are using it to protect a resource. To delete a backup plan, first remove the backup plan from the resource and then delete it.

When you delete a backup plan:

  • Backups created while the plan was applied are not affected. Backups expire according to their retention periods and can be accessed until then.
  • Any automations that reference the plan will no longer work.

Use the following instructions to delete a backup plan.

Console

  1. In the Google Cloud console, go to the Backup plans page.

    Go to Backup plans

  2. Click the backup plan you want to delete.

  3. Click Delete.

  4. In the overlay window that appears, confirm you want to delete the backup plan and its contents.

  5. Click Delete.

gcloud

  1. Delete a backup plan.

      gcloud backup-dr backup-plans delete BACKUP_PLAN_NAME \
  --location=LOCATION \
  --project=PROJECT_ID

    Replace the following:

    • BACKUP_PLAN_NAME: the name of the backup plan that you want to delete.
    • LOCATION: the location of the backup plan.
    • PROJECT_ID: the name of the project where the backup plan is created.

What's next