This page describes how to restore an AlloyDB backup.
When you restore a backup, you configure a new cluster in the same region as the backup. AlloyDB creates the cluster and restores the backup's data to that cluster's data storage. Then, you create a primary instance in that cluster to access the data.
Before you begin
- The Cloud project you are using must have been enabled to access AlloyDB.
- You must have one of these IAM roles in the Cloud project you are using:
roles/alloydb.admin(the AlloyDB Admin predefined IAM role)
roles/owner(the Owner basic IAM role)
roles/editor(the Editor basic IAM role)
If you don't have any of these roles, contact your Organization Administrator to request access.
- Restore the backup to a new AlloyDB cluster.
- In the Google Cloud console, go to the Backups page.
- In the list of backups, locate the backup you want to restore and click Restore in its row.
- In the Cluster ID field, enter an ID for the cluster that will be created to host the restored data.
- In the Network list, select the network you want the newly created cluster to be accessible from.
If you wish to encrypt the new cluster's data with a customer-managed encryption key (CMEK) instead of Google-managed encryption, follow these additional steps:
- Click Advanced encryption options.
- Select Customer-managed encryption key (CMEK).
Select a customer-managed key from the menu that appears.
The Google Cloud console limits this list to keys within the same Google Cloud project and region as the new cluster. To use a key that is not on this list, click Don't see your key? Enter key resource name, and then type the key's resource name into the resulting dialog.
Note that using CMEK with AlloyDB requires some additional setup. For more information, see Using CMEK with AlloyDB.
- Click Restore.
- CLUSTER_ID: The ID of the cluster to create.
- BACKUP_ID: The ID of the backup to restore into the new cluster.
- NETWORK: The name of the VPC network you want the newly created cluster to be accessible from.
- REGION_ID: The ID of the region where the backup is stored.
- PROJECT_ID: The ID of the project containing the backup.
--kms-key=KEY_ID: The ID of the CMEK key to use.
--kms-keyring=KEYRING_ID: The ID of the key's keyring.
--kms-location=LOCATION_ID: The ID of that keyring's region. Note that it must match the cluster's region.
--kms-project=PROJECT_ID: The keyring's project ID.
After AlloyDB finishes creating the cluster, create a primary instance for it.
When creating the new primary instance, you need to specify its configuration, including its size and flags; AlloyDB does not store instance configuration as part of the backup. Note that the configuration need not exactly match that of the original primary instance.
When AlloyDB finishes creating the instance, you can use it to access your restored data.
- Finish configuring the new cluster by setting up read-pool instances, if necessary.
clusters restore command to create a cluster and
restore the backup's data to it.
gcloud alloydb clusters restore CLUSTER_ID \ --backup=BACKUP_ID \ --network=NETWORK \ --region=REGION_ID \ --project=PROJECT_ID
If you wish to encrypt the new cluster's data using a customer-managed encryption key (CMEK) instead of the default Google-managed encryption, then you must provide these additional arguments: