About Cloud SQL backups

This page describes how backups of your Cloud SQL instance work. You can perform backups on your primary instance.

For step-by-step directions for scheduling backups or creating an on-demand backup, see Creating and Managing On-Demand and Automatic Backups.

For an overview of how to restore data to an instance from the backup, see Overview of restoring an instance.

What backups provide

Backups help you restore lost data to your Cloud SQL instance. Additionally, if an instance is having a problem, you can restore it to a previous state by using the backup to overwrite it. Enable automated backups for any instance that contains necessary data. Backups protect your data from loss or damage.

Enabling automated backups, along with binary logging, is also required for some operations, such as clone and replica creation.

What backups cost

By default, for each instance, Cloud SQL retains seven automated backups, in addition to on-demand backups. You can configure how many automated backups to retain (from 1 to 365). We charge a lower rate for backup storage than for other types of instances.

Cloud SQL doesn't take a backup of an instance if you stop or delete the instance. If you delete an instance, then the data is preserved for only 4 days. To recover the instance and its data, contact Google Cloud Support within the 4-day window with all required instance information.

See the pricing page for more information.

Backups versus exports

Backups are managed by Cloud SQL according to retention policies, and are stored separately from the Cloud SQL instance. Cloud SQL backups differ from an export uploaded to Cloud Storage, where you manage the lifecycle. Backups encompass the entire database. Exports can select specific contents.

Backup and restore operations can't be used to upgrade a database to a later version. You can only restore from a backup to an instance with the same database version.

To upgrade to a later version, consider using the Database Migration Service or exporting and then importing your database to a new Cloud SQL instance.

About backup size

Cloud SQL backups are incremental. They contain only data that changed after the previous backup was taken. Your oldest backup is a similar size to your database, but the sizes of subsequent backups depend on the rate of change of your data. When the oldest backup is deleted, the size of the next oldest backup increases so that a full backup still exists.

Types of backups

Cloud SQL performs two types of backups:

On-demand backups

You can create a backup at any time. This could be useful if you are about to perform a risky operation on your database, or if you need a backup and you do not want to wait for the backup window. You can create on-demand backups for any instance, whether the instance has automatic backups enabled or not.

On-demand backups are not automatically deleted the way automated backups are. They persist until you delete them or until their instance is deleted. Because they are not automatically deleted, on-demand backups can have a long-term effect on your billing charges.

Automated backups

Automated backups are taken daily, within a 4-hour backup window. The backup starts during the backup window. When possible, schedule backups when your instance has the least activity.

We recommend that you don't delete any automated backups because they're needed to support point-in-time recovery.

During the backup window, automated backups occur every day your instance is running. One additional automated backup is taken after your instance is stopped to safeguard all changes prior to the instance stopping. Up to seven most recent backups are retained, by default. You can configure how many automated backups to retain, from 1 to 365. Backup and transaction log retention values can be changed from the default setting. Learn more.

Where backups are stored

Backups locations include:

  • Default locations that Cloud SQL selects, based on the location of the original instance.
  • Custom locations that you choose when you do not want to use the default location.

Default backup locations

If you do not specify a storage location, your backups are stored in the multiregion that is geographically closest to the location of your Cloud SQL instance. For example, if your Cloud SQL instance is in us-central1, your backups are stored in the us multi-region by default. However, a default location like australia-southeast1 is outside of a multi-region. The closest multi-region is asia.

Custom backup locations

Cloud SQL lets you select a custom location for your backup data. This is useful if your organization needs to comply with data residency regulations that require you to keep your backups within a specific geographic boundary. If your organization has this type of requirement, it probably uses a Resource Location Restriction organizational policy. With this policy, when you try to use a geographic location that does not comply with the policy, you see an alert on the Backups page. If you see this alert, you need to change the backup location to a location the policy allows.

When selecting a custom location for a backup, consider the following:

  • Cost: one cluster in your instance may be in a lower-cost region than the others.
  • Proximity to your application server: you might want to store the backup as close to your serving application as possible.
  • Storage utilization: you need enough storage space to keep your backup as it grows in size. Depending on your workload, you might have clusters of different sizes or with different disk usages. This might factor into which cluster you choose.

For a complete list of valid regional values, see Instance Locations. For a complete list of multi-regional values, see Multi-regional locations.

For more information about setting locations for backups and seeing the locations of backups taken for an instance, see Set a custom location for backups and View backup locations.

Automated backup and transaction log retention

Automated backups are used to restore a Cloud SQL instance. A combination of automated backups and transaction logs are used to perform a point-in-time recovery.

Automated backups can be retained for up to a year by configuring the retention period whereas on-demand backups persist until you delete the backups or until your instance is deleted.

While transaction logs are counted in days, automated backups are not guaranteed to occur on a day boundary. Different units are used for these retention settings. Automated backup retention is a count and can be set from one to 365 backups.

Transaction log retention is in days. The range for Cloud SQL Enterprise Plus edition instances is from 1 to 35 (default: 15) and from 1 to 7 (default: 7) for Cloud SQL Enterprise edition instances. For Cloud SQL Enterprise Plus edition instances, the transaction log retention setting must be less than than the backup retention setting.

The lower bounds are useful for test instances, because logs and backups are deleted faster. For transaction logs, disk size doesn't grow as much with lower bounds. Using higher values for automated backups retention let you restore from further back in time.

Logs are purged once daily, not continuously. When the number of days of log retention is the same as the number of backups, insufficient log retention can result. For example, setting log retention to seven days and backup retention to seven backups means that between six and seven days of logs will be retained.

We recommend setting the number of backups to at least one more than the days of log retention to guarantee a minimum of specified days of log retention.

High write activity to the database can generate a large volume of transaction logs, which can consume significant disk space, and lead to disk growth for auto storage increase enabled instances. We recommend sizing instance storage to account for transaction log retention.

See Setting automated backup retention.

See Setting transaction log retention.

Can I export a backup?

No, you can't export a backup. You can only export instance data. See Exporting data from Cloud SQL.

About the special backup user

Cloud SQL creates a special database user, cloudsqladmin, for each instance, and generates a unique instance-specific password for it. Cloud SQL logs in as the cloudsqladmin user to perform automated backups.

How backups affect instance operations

For MySQL instances, the FLUSH TABLES WITH READ LOCK flag is not used for backups. This means that writes and other operations are unaffected by backup operations.

Typically, backups complete within two minutes, but if a large amount of data has been written since the last backup, the backup takes longer to complete.

If there's a pending operation at the time of the backup attempt, Cloud SQL usually makes several attempts within the window to complete the backup. Operations that block backup are long-running Cloud SQL instance operations such as import, export, update (for example, an instance metadata change), and instance restart. If frequent or long-running operations block the automated backup during the backup window, then consider scheduling the backup at a different time.

During a long-running operation, such as loading data, you can temporarily disable automated backups.

Backup rate limitations

Cloud SQL limits the rate for backup operations on the data disk. You are allowed a maximum of five backup operations every 50 minutes per instance per project. If a backup operation fails, it does not count towards this quota. If you reach the limit, the operation fails with an error message that tells you when you can retry.

Let's take a look at how Cloud SQL performs rate limiting for backups.

Cloud SQL uses tokens from a bucket to determine how many backup operations are available at any one time. Each instance has a bucket. There's a maximum of five tokens in the bucket that you can use for backup operations. Every 10 minutes, a new token is added to the bucket. If the bucket is full, the token overflows.

Each time you issue a backup operation, a token is granted from the bucket. If the operation succeeds, the token is removed from the bucket. If it fails, the token is returned to the bucket. The following diagram shows how this works:

How tokens work

Backup and data integrity checks

Cloud SQL performs background database integrity checks automatically to identify any potential data integrity issues. These checks are done as offline processes by restoring a sampling of customer-initiated backups or recovery backups.

Recovery backups

After an instance is deleted, Cloud SQL deletes all backups. To prevent accidental deletion of instances, Cloud SQL retains an instance's backups for four days. To recover a deleted instance, contact Google Cloud Customer Care within four days.

Cloud SQL retains at least one last good daily backup of every active instance. As a result, if there are no good backups available, you can use the daily backup to recover your instance, by contacting Google Cloud Customer Care.

Troubleshooting

Issue Troubleshooting
You can't see the current operation's status. The Google Cloud console reports only success or failure when the operation is done. It isn't designed to show warnings or other updates.

Run the gcloud sql operations list command to list all operations for the given Cloud SQL instance.

You want to find out who issued an on-demand backup operation. The user interface doesn't show the user who started an operation.

Look in the logs and filter by text to find the user. You may need to use audit logs for private information. Relevant log files include:

  • cloudsql.googlapis.com/mysql-general.log
  • cloudsql.googleapis.com/mysql.err
  • If Cloud Audit Logs is enabled and you have the required permissions to view them, cloudaudit.googleapis.com/activity may also be available.
After an instance is deleted, you can't take a backup of the instance.

After an instance is purged, no data recovery is possible. However, if the instance is restored, then its backups are also restored. For more information on recovering a deleted instance, see Recovery backups.

If you have done an export operation, create a new instance and then do an import operation to recreate the database. Exports are written to Cloud Storage and imports are read from there.

An automated backup is stuck for many hours and can't be canceled. Backups can take a long time depending on the database size.

If you really need to cancel the operation, you can ask customer support to force restart the instance.

A restore operation can fail when one or more users referenced in the SQL dump file don't exist. Before restoring a SQL dump, all the database users who own objects or were granted permissions on objects in the dumped database must exist in the target database. If they don't, the restore operation fails to recreate the objects with the original ownership or permissions.

Create the database users before restoring the SQL dump.

You want to increase the number of days that you can keep automatic backups from seven to 30 days, or longer. You can configure the number of automated backups to retain, from 1 to 365. Automated backups get pruned regularly based on the retention value configured. Unfortunately, this means that the currently visible backups are the only automated backups you can restore from.

To keep backups indefinitely, you can create an on-demand backup, as they are not deleted in the same way as automated backups. On-demand backups remain indefinitely. That is, they remain until they're deleted or the instance they belong to is deleted. Because that type of backup is not deleted automatically, it can affect billing.

An automated backup failed and you didn't receive an email notification. To have Cloud SQL notify you of the backup's status, configure a log-based alert.

What's next