Create an on-demand backup

This page describes how to create an on-demand backup of an AlloyDB cluster's data.

When you create an on-demand backup, AlloyDB checks that the cluster you're backing up and its primary instance are in the "Ready" state, and then it starts a long-running operation to perform the backup of the cluster data.

Before you begin

  • The Google Cloud project you are using must have been enabled to access AlloyDB.
  • You must have one of these IAM roles in the Google Cloud project you are using:
    • roles/alloydb.admin (the AlloyDB Admin predefined IAM role)
    • roles/owner (the Owner basic IAM role)
    • roles/editor (the Editor basic IAM role)

    If you don't have any of these roles, contact your Organization Administrator to request access.

Procedure

Console

  1. In the Google Cloud console, go to the Backups page.

    Go to Backups

  2. Click Create backup.
  3. Select the source cluster you want to back up.
  4. Enter an ID for the backup.
  5. If desired, enter a description to help you identify this backup.
  6. If you want to encrypt this backup using Customer-managed encryption key (CMEK) instead of Google-managed encryption, follow these additional steps:

    1. Click Advanced encryption options.
    2. Select Customer-managed encryption key (CMEK).
    3. Select a customer-managed key from the menu that appears.

      The Google Cloud console limits this list to keys within the same Google Cloud project and region as the new cluster. To use a key that is not on this list, click Don't see your key? Enter key resource name, and then type the key's resource name into the resulting dialog.

      Note that using CMEK with AlloyDB requires some additional setup. For more information, see Using CMEK with AlloyDB.

  7. Click Create.

AlloyDB checks that the source cluster is in the "Ready" state and then starts a long-running operation to perform the backup. The Backups page shows the backup with a status of "In progress" until the operation completes.

gcloud

To use the gcloud CLI, you can install and initialize the Google Cloud CLI, or you can use Cloud Shell.

Use the gcloud alloydb backups create command to create an on-demand backup.

gcloud alloydb backups create BACKUP_ID \
    --cluster=CLUSTER_ID \
    --region=REGION_ID \
    --project=PROJECT_ID \
    --async

This command returns an operation, whose status you can query using the gcloud alloydb operations describe command.

gcloud alloydb operations describe OPERATION_ID \
    --region=REGION_ID \
    --project=PROJECT_ID
  • BACKUP_ID: The ID for the backup to create.
    To create a backup in a cross-region location using the gcloud CLI, replace with the full backup path in the following format:
    projects/PROJECT_ID/locations/REGION_ID/backups/BACKUP_ID
  • CLUSTER_ID: The ID of the cluster you want to back up.
  • REGION_ID: The ID of the region where the cluster is placed.
  • PROJECT_ID: The ID of the project where the cluster is placed.

If you want to encrypt this backup using a customer-managed encryption key (CMEK) instead of the default Google-managed encryption, then you must provide these additional arguments:

  • --kms-key=KEY_ID: The ID of the CMEK key to use.
  • --kms-keyring=KEYRING_ID: The ID of the key's keyring.
  • --kms-location=LOCATION_ID: The ID of that keyring's region. Note that it must match the cluster's region.
  • --kms-project=PROJECT_ID: The keyring's project ID.

When you run this command, AlloyDB checks that the source cluster is the "Ready" state, starts a long-running operation to perform the backup, and displays information about the long-running operation.

You can track completion of the long-running operation using the operations describe command:

gcloud alloydb operations describe OPERATION_ID \
    --region=REGION_ID \
    --project=PROJECT_ID

OPERATION_ID: The operation ID reported when you ran the backups create command.