Restore a cluster

This page describes how to restore an AlloyDB cluster, in one of two ways:

Restore a cluster from a backup.
Restore an existing cluster to a recent past state.

Before you begin

The Google Cloud project you are using must have been enabled to access AlloyDB.
You must have one of these IAM roles in the Google Cloud project you are using:
- roles/alloydb.admin (the AlloyDB Admin predefined IAM role)
- roles/owner (the Owner basic IAM role)
- roles/editor (the Editor basic IAM role)
If you don't have any of these roles, contact your Organization Administrator to request access.

Restore from a backup

When you restore from a backup, you configure a new cluster in the same region as the backup. AlloyDB creates the cluster and restores the backup's data to that cluster's data storage. Then, you create an instance in that cluster to access the data.

Restore the backup to a new AlloyDB cluster.

Console

In the Google Cloud console, go to the Backups page.
Go to Backups
In the list of backups, locate the backup you want to restore and click Restore in its row.
In the Cluster ID field, enter an ID for the cluster that will be created to host the restored data.
In the Network list, select the network you want the newly created cluster to be accessible from.
If you want to encrypt the new cluster's data with a customer-managed encryption key (CMEK) instead of Google-managed encryption, follow these additional steps:
1. Click Advanced encryption options.
2. Select Customer-managed encryption key (CMEK).
3. Select a customer-managed key from the menu that appears.
  
  The Google Cloud console limits this list to keys within the same Google Cloud project and region as the new cluster. To use a key that is not on this list, click Don't see your key? Enter key resource name, and then type the key's resource name into the resulting dialog.
  
  Note that using CMEK with AlloyDB requires some additional setup. For more information, see Using CMEK with AlloyDB.
Click Restore.

gcloud

To use the gcloud CLI, you can install and initialize the Google Cloud CLI, or you can use Cloud Shell.

Use the gcloud alloydb clusters restore command to create a cluster and restore the backup's data to it.

gcloud alloydb clusters restore CLUSTER_ID \
    --backup=BACKUP_ID \
    --network=NETWORK \
    --region=REGION_ID \
    --project=PROJECT_ID

CLUSTER_ID: The ID of the cluster to create.
BACKUP_ID: The ID of the backup to restore into the new cluster.
NETWORK: The name of the VPC network you want the newly created cluster to be accessible from.
REGION_ID: The ID of the region where the backup is stored.
PROJECT_ID: The ID of the project containing the backup.

If you want to encrypt the new cluster's data using a customer-managed encryption key (CMEK) instead of the default Google-managed encryption, then you must provide these additional arguments:

--kms-key=KEY_ID: The ID of the CMEK key to use.
--kms-keyring=KEYRING_ID: The ID of the key's keyring.
--kms-location=LOCATION_ID: The ID of that keyring's region. Note that it must match the cluster's region.
--kms-project=PROJECT_ID: The keyring's project ID.

After AlloyDB finishes creating the cluster, create a primary instance for it.

When creating the new primary instance, you need to specify its configuration, including its size and flags; AlloyDB does not store instance configuration as part of the backup. Note that the configuration need not exactly match that of the original primary instance.

When AlloyDB finishes creating the instance, you can use it to access your restored data.
Finish configuring the new cluster by setting up read-pool instances, if necessary.

Restore from a recent point in time

If you have enabled continuous backup and recovery on your cluster, then you can restore from any recent point in time within a specific range, instead of from a specific backup.

Available points in time to restore from

The range of time that you can restore from includes all points in time stretching backward from the present to whichever of the following is more recent:

The limit of your recovery window.
The creation time of the oldest continuous backup that AlloyDB created since you most recently enabled the feature.

The point in time cannot be further into the past than the size of the the recovery window that you specified when you most recently enabled or reconfigured continuous backup . For example, if you specified a seven-day window, then you must choose a point in time no more than seven days into the past.

After you enable continuous backup , you cannot perform a point-in-time recovery until AlloyDB creates its first new continuous backup. This occurs within 24 hours after you enable the feature.

The latter limitation is relevant only if you have recently enabled continuous backup . You can disregard this limitation after you leave continuous backup enabled beyond the length of your recovery window.

Performing a point-in-time restore

To create a new cluster located in the same region as the original one, with its data restored to that cluster's state from the specified point in time, follow these steps:

Use the Google Cloud CLI to perform the restore.
gcloud
Use the gcloud beta alloydb clusters restore command, specifying a cluster and a timestamp. Note that, unlike restoring from a backup, a point-in-time recovery requires the original cluster to still exist. You cannot perform this kind of restore on a deleted cluster.
```
gcloud beta alloydb clusters restore NEW_CLUSTER \
    --source-cluster=SOURCE_CLUSTER \
    --point-in-time=TIMESTAMP
    --region=REGION \
```
Replace the following:
- NEW_CLUSTER: The ID to use with the new cluster.
- SOURCE_CLUSTER: The ID of the cluster to recover data from.
- TIMESTAMP: A description of the point in time to recover data from, expressed in RFC 3339 format—for example, 2012-11-15T16:19:00.094Z. You can specify a fractional second as small as a microsecond.
  
  Note that this timestamp must exist within the retention period you specified when you created the cluster.
- REGION: The region that contains the source cluster, and where AlloyDB creates the new cluster as well. For example: us-central1.
If you want to encrypt the new cluster's data with a customer-managed encryption key (CMEK) instead of Google-managed encryption, then you must provide these additional arguments:
- --kms-key=KEY_ID: The ID of the CMEK key to use.
- --kms-keyring=KEYRING_ID: The ID of the key's keyring.
- --kms-location=LOCATION_ID: The ID of that keyring's region. Note that it must match the cluster's region.
- --kms-project=PROJECT_ID: The keyring's project ID.
After AlloyDB finishes creating the cluster, create a primary instance for it. That instance lets you access the restored data. Note that the new instance's configuration need not exactly match that of the original primary instance.
Optional: Create read-pool instances.

Resume using the cluster.