Create and manage a backup plan for vaulted resources

Overview

This page explains how to create and manage a backup plan for vaulted resources. For a description of what backup plans are and how they are used, see Backup plans in the Google Cloud console.

Before you begin

To get the permissions that you need to create and manage a backup plan, ask your administrator to grant you the Backup and DR User V2 (roles/backupdr.userv2) IAM role on your backup vault project. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the permissions required to create and manage a backup plan. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to create and manage a backup plan:

  • backupdr.backupPlans.create
  • backupdr.backupPlans.list
  • backupdr.backupPlans.get
  • backupdr.backupPlans.delete
  • backupdr.backupVaults.associate

You might also be able to get these permissions with custom roles or other predefined roles.

For guidance on granting a user the ability to apply backup plans in a given project (without the ability to create backup plans), see IAM roles and permissions for the backup user.

Create a backup plan

Use the following instructions to create a backup plan for vaulted resources.

Console

  1. In the Google Cloud console, go to the Backup plans page.

    Go to Backup plans

  2. Click Create Backup plan.

  3. In the Backup plan name field, enter a name for the backup plan. You can't change the name of a plan after the backup plan is created.

  4. In the Backup plan description field, enter an optional description for the backup plan.

  5. From the Regions list, select a backup plan region. The backup plan is created in this region. You can protect resources in the same region as the backup plan.

  6. From the Backup vault list, select a backup vault to store the backups.

  7. Click Add rule.

  8. In the Add a backup rule pane, enter your backup rule information and click Save.

    • Name your backup rule: Enter a name for the backup rule.
    • Choose when to create backups: Specify the recurrence and frequency of the backup.
    • Window: Select the Timezone, Start time, and Endtime for the backup job.
    • Choose how long backups are kept before they are deleted: Enter the duration in days that the backups should be retained before they are deleted. Note that this value must be equal to or greater than the backup vault minimum enforced retention period.
  9. Click Create.

gcloud

  1. Create a backup plan for hourly backups of a Compute Engine instance.

      gcloud backup-dr backup-plans create BACKUP_PLAN_NAME \
      --project=PROJECT_ID --location=LOCATION \
      --resource-type=compute.googleapis.com/Instance \
      --backup-vault BACKUPVAULT_NAME --backup-rule rule-id=RULE_NAME,retention-days=BACKUP_RETENTION,recurrence=RECURRENCE,hourly-frequency=HOURS,time-zone=TIME_ZONE,backup-window-start=START_TIME,backup-window-end=END_TIME
    

    Replace the following:

    • BACKUP_PLAN_NAME: the name of the backup plan.
    • PROJECT_ID: the name of the project where you want to create the backup plan.
    • LOCATION: the location where you want to create the backup plan.
    • BACKUPVAULT_NAME: the name of the backup vault that you want to use for backup storage.
    • RULE_NAME: the name of the backup rule.
    • BACKUP_RETENTION: the retention period of the backup. Note that the backup retention period must be equal to or greater than the backup vault enforced minimum retention period.
    • RECURRENCE: the frequency at which backups to be created. It can be hourly, daily, weekly, monthly, or yearly.
    • HOURS: the frequency of the hourly backups. Specify this value only if you set the recurrence to hourly. The minimum hourly is always set to six hours.
    • TIME_ZONE: the time zone for the backup plan, such as UTC. Use the IANA time zone format to include the timezone for the backup plan.
    • START_TIME: the start time is the hour of the day in a 24 hour format. The start time must be before the end time and is inclusive for the backup window.
    • END_TIME: the end time is the hour of the day in a 24 hour format. The end time must be after the start time and is exclusive for the backup window.

    Example: Backup every six hours and store the backups for 11 days.

      ```gcloud
      gcloud alpha backup-dr backup-plans create bp-hourly \
      --project=test-project --location=us-central1 \
      --resource-type=compute.googleapis.com/Instance \
      --backup-vault=test-bv \
      --backup-rule=rule-id=rule-hourly,recurrence=HOURLY,hourly-frequency=6,backup-window-start=5,backup-window-end=12,retention-days=11
      ```
    

    Example: Backup daily between 5 AM and 12 PM and store the backups for 12 days.

      ```gcloud
      gcloud alpha backup-dr backup-plans create bp-daily \
      --project=test-project --location=us-central1 \
      --resource-type=compute.googleapis.com/Instance \
      --backup-vault=test-bv \
      --backup-rule=rule-id=rule-daily,recurrence=DAILY,backup-window-start=5,backup-window-end=12,retention-days=12
      ```
    

    Example: Backup on Monday and Wednesday between 5 AM and 12 PM and store the backups for 13 days.

      ```gcloud
      gcloud alpha backup-dr backup-plans create bp-weekly \
      --project=test-project --location=us-central1 \
      --resource-type=compute.googleapis.com/Instance \
      --backup-vault=test-bv \
      --backup-rule=rule-id=rule-weekly,recurrence=WEEKLY,days-of-week='MON WED',backup-window-start=5,backup-window-end=12,retention-days=13
      ```
    

    Example: Backup on 1st and 15th of every month between 5 AM and 12 PM and store the backups for 14 days.

      ```gcloud
      gcloud alpha backup-dr backup-plans create bp-monthly \
      --project=test-project --location=us-central1 \
      --resource-type=compute.googleapis.com/Instance \
      --backup-vault=test-bv \
      --backup-rule=rule-id=rule-monthly,recurrence=MONTHLY,days-of-month='1 15',backup-window-start=5,backup-window-end=12,retention-days=14
      ```
    

    Example: Backup on 10th, 20th, 30th of March, June, September, December of every year, and store the backups for 16 days.

      ```gcloud
      gcloud alpha backup-dr backup-plans create bp-yearly \
      --project=test-project --location=us-central1 \
      --resource-type=compute.googleapis.com/Instance \
      --backup-vault=test-bv \
      --backup-rule=rule-id=rule-yearly,recurrence=YEARLY,months='MAR JUN SEP DEC',days-of-month='10 20 30',backup-window-start=5,backup-window-end=12,retention-days=16
      ```
    

Terraform

You can use a Terraform resource to create a backup plan with an hourly, daily, weekly, monthly, or yearly backup frequency.


# Before creating a backup plan, you need to create backup vault (google_backup_dr_backup_vault).
resource "google_backup_dr_backup_plan" "default" {
  provider       = google-beta
  location       = "us-central1"
  backup_plan_id = "my-bp"
  resource_type  = "compute.googleapis.com/Instance"
  backup_vault   = google_backup_dr_backup_vault.default.name

  backup_rules {
    rule_id               = "rule-1"
    backup_retention_days = 5

    standard_schedule {
      recurrence_type  = "HOURLY"
      hourly_frequency = 6
      time_zone        = "UTC"

      backup_window {
        start_hour_of_day = 0
        end_hour_of_day   = 24
      }
    }
  }
}

List backup plans

Use the following instructions to list backup plans.

Console

  1. In the Google Cloud console, go to the Backup plans page.

    Go to Backup plans

    The Backup plan page lists all of the backup plans in your project.

gcloud

  1. List the backup plans.

      gcloud backup-dr backup-plans list \
      --location=LOCATION \
      --project=PROJECT_ID
    

    Replace the following:

    • LOCATION: the location of the backup plans.
    • PROJECT_ID: the name of the project where the backup plans are created.

View backup plan details

Use the following instructions to view a backup plan details.

Console

  1. In the Google Cloud console, go to the Backup plans page.

    Go to Backup plans

  2. In the list of backup plans, click the name of the of the backup plan you want to view.

    The backup plan details displays the following information:

    • Resource type
    • Backup plan details
    • Backup vault name
    • Backup storage location
    • Backup retention period

gcloud

  1. View the backup plan details.

      gcloud backup-dr backup-plans describe BACKUP_PLAN_NAME \
      --location=LOCATION \
      --project=PROJECT_ID
    

    Replace the following:

    • BACKUP_PLAN_NAME: the name of the backup plan.
    • LOCATION: the location of the backup plan.
    • PROJECT_ID: the name of the project where the backup plan is created.

Delete a backup plan

A backup plan cannot be deleted if you are using it to protect a resource. To delete a backup plan, first remove the backup plan from the resource and then delete it.

When you delete a backup plan:

  • Backups created while the plan was applied are not affected. Backups expire according to their retention periods and can be accessed until then.
  • Any automations that reference the plan will no longer work.

Use the following instructions to delete a backup plan.

Console

  1. In the Google Cloud console, go to the Backup plans page.

    Go to Backup plans

  2. Click the backup plan you want to delete.

  3. Click Delete.

  4. In the overlay window that appears, confirm you want to delete the backup plan and its contents.

  5. Click Delete.

gcloud

  1. Delete a backup plan.

      gcloud backup-dr backup-plans delete BACKUP_PLAN_NAME \
      --location=LOCATION \
      --project=PROJECT_ID
    

    Replace the following:

    • BACKUP_PLAN_NAME: the name of the backup plan that you want to delete.
    • LOCATION: the location of the backup plan.
    • PROJECT_ID: the name of the project where the backup plan is created.

What's next