Apply backup plans to new instances

This document explains how to apply a Backup and DR Service backup plan to a Compute Engine instance during the instance's creation. To apply a backup plan to an existing compute instance, see Apply or change backup plans for existing instances.

Use Backup and DR Service backup plans to create rule-based and indelible backups of your compute instances and then store those backups in secure and isolated storage locations.

Backup and DR backup plans let you define advanced backup strategies to store your Compute Engine instances in secure storage locations called backup vaults. Using the backup plan that's applied to your compute instance, you can create scheduled or on-demand backups of your instance in a backup vault.

Before you begin

Required roles

  • To get the permissions that you need to create a compute instance and apply a backup plan during its creation, ask your administrator to grant you the following IAM roles :

    • To create the compute instance: Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1) on the project for the Compute Engine instance
    • To configure scheduled backups or run on-demand backups:

    For more information about granting roles, see Manage access to projects, folders, and organizations.

    You might also be able to get the required permissions through custom roles or other predefined roles.

  • If you want to back up a compute instance to a backup vault that is in a different project than the compute instance, then make sure that the Backup and DR Vault Service Agent for the project that contains the backup vault has permission to access compute instances in the compute instance's project. If the backup vault and compute instance are in the same project, then this permission is granted by default.

  • To ensure that Backup and DR Vault Service Agent has the necessary permissions to back up a Compute Engine instance to a backup vault, ask your administrator to grant the Backup and DR Compute Engine Operator (roles/backupdr.computeEngineOperator) IAM role to Backup and DR Vault Service Agent on the project for the Compute Engine instance.

Create a compute instance that has a backup plan applied

You can create a compute instance that has a backup plan applied only by using the Google Cloud console. To perform this task, do the following:

  1. In the Google Cloud console, go to the Create an instance page.

    Go to Create an instance

    If prompted, select your project and click Continue.

    The Create an instance page appears and displays the Machine configuration pane.

  2. In the Name field, specify a name for your compute instance. For more information, see Resource naming convention.

  3. In the Region field, specify the region where you want your compute instance.

  4. Optional: In the Zone field, select a zone for this compute instance.

    The default selection is Any. If you don't change this default selection, then Google automatically chooses a zone for you based on machine type and availability.

  5. To specify a backup plan for this compute instance, do the following:

    1. In the navigation menu, click OS and storage. The Operating system and storage pane appears.

    2. In the Backup plan section, click Select a plan.

    3. In the Select a backup plan pane that appears, do the following:

      1. Verify that the Project field has the same project name where your backup plans exist. If not, select the correct project.

      2. In the Backup plan name column, click the name of the backup plan that you want to use.

      3. To confirm your choice of backup plan and return to the Operating system and storage pane, click Apply.

  6. Optional. Specify any other configuration parameters for your compute instance. For more information about custom configuration options, see Create and start an instance.

  7. To create and start the VM, click Create.

What's next