About restoring an instance

This page provides information to review before restoring an instance from a backup or performing a point-in-time recovery (PITR).

What happens during a restore?

When you restore an instance, the following data from the primary instance are restored to the new instance:

  • Databases
  • Users

The restore operation causes the instance to restart.

Point-in-time recovery

Point-in-time recovery helps you recover an instance to a specific point in time. For example, if an error causes a loss of data, you can recover a database to its state before the error occurred.

A point-in-time recovery always creates a new instance; you can't perform a point-in-time recovery to an existing instance. The new instance inherits the settings of the source instance, similar to how clone creation works. However, for the new instance to inherit these settings, the instance's state must be RUNNABLE.

Point-in-time recovery is enabled by default when you create a Cloud SQL instance.

Point-in-time recovery uses write-ahead logging (WAL) archiving. For new Cloud SQL instances that have point-in-time recovery enabled or for existing instances that enable point-in-time recovery after this feature for storing WAL logs in Cloud Storage is available, logs will no longer be stored on disk; instead they'll be stored in Cloud Storage in the same region as the instances.

To see whether an instance's logs are stored in Cloud Storage, check the bytes_used_by_data_type metric for the instance. If the value for the archived_wal_log data type is 0, the instance's logs are stored in Cloud Storage.

After you use a PostgreSQL client such as psql or pgAdmin to connect to a database of the instance, run the following command: show archive_command. If any WALs are archived in Cloud Storage, then you'll see -async_archive -remote_storage.

All other existing instances that have point-in-time recovery enabled will continue to have their logs stored on disk. The change to storing logs in Cloud Storage will be made available at a later time.

The write-ahead logs used with point-in-time recovery are deleted automatically with their associated automatic backup, which generally happens after the value set for transactionLogRetentionDays is met. This is the number of days of transaction logs that Cloud SQL retains for point-in-time recovery, from 1 to 7.

When you restore a backup on a Cloud SQL instance before enabling point-in-time recovery, you lose the WAL logs that allow the operability of point-in-time recovery.

For instances that have write-ahead logs stored in Cloud Storage, the logs are stored in the same region as the primary instance. This log storage (up to seven days, the maximum length for point-in-time recovery) generates no additional cost per instance.

If your instance has point-in-time recovery enabled, and if the size of your write-ahead logs on disk is causing an issue for your instance, then disable point-in-time recovery and re-enable it to ensure that new logs are stored in Cloud Storage in the same region as the instance. This deletes existing write-ahead logs, so you can't perform a point-in-time-restore earlier than the time that you re-enabled point-in-time recovery. However, the disk size will remain the same.

For step-by-step instructions for performing a point-in-time recovery, see Perform a point-in-time recovery.

General tips about performing a restore

When you restore an instance from a backup, whether to the same instance or to a different instance, keep in mind the following items:

  • The restore operation overwrites all data on the target instance.
  • The target instance is unavailable for connections during the restore operation; existing connections are lost.
  • If you are restoring to an instance with read replicas, you must delete all replicas and recreate them after the restore operation completes.
  • The restore operation restarts the instance.

For step-by-step instructions for performing a restore, see:

Tips and requirements for restoring to a different instance

When you are restoring a backup to a different instance, keep in mind the following restrictions and best practices:

  • The target instance must have the same database version and edition as the instance from which the backup was taken.

  • Cloud SQL always sets the storage capacity of the target instance to the maximum value of the size of both the configured disk and the backup disk. The backup disk is the size of the disk when the backup is taken.

  • The storage capacity of the target instance must be at least as large as the capacity of the instance being backed up. The amount of storage used does not matter. You can see the storage capacity of the instance in the console Cloud SQL instances page.

  • The target instance must be in the RUNNABLE state.

  • The target instance can have a different number of cores or amount of memory than the instance from which the backup was taken.

  • The target instance can be in a different region from the source instance.

  • During an outage, you can still retrieve a list of backups in a particular project. See Viewing backups during an outage.

Restore rate limitations

You are allowed a maximum of three restore operations every 30 minutes per instance per region per project. If a restore operation fails, it does not count towards this quota. If you reach the limit, the operation fails with an error message that tells you when you can run the operation again.

Let's take a look at how Cloud SQL performs rate limiting for restores.

Cloud SQL uses tokens from a bucket to determine how many restore operations are available at any one time. For each backup, there's a bucket for each target project and target region. The target instances from the same project share one bucket if they are in the same region. There's a maximum of three tokens in each bucket that you can use for restore operations. Every 10 minutes, a new token is added to the bucket. If the bucket is full, the token overflows.

Each time you issue a restore operation, a token is granted from the bucket. If the operation succeeds, the token is removed from the bucket. If it fails, the token is returned to the bucket. The following diagram shows how this works:

How tokens work

For example, in the following figure, Backup1, Backup2, and Backup3 are the backups from the same source instance.

Tokens for restore operation rate limiting

  • Each backup (Backup1, Backup2, and Backup3) has its own bucket of tokens for restore operations that target different instances in Project 1 in Region A (Bucket11A, Bucket21A, and Bucket31A). Because each backup has its own bucket, you can restore each backup to the same instance three times every thirty minutes.
  • Each backup has a bucket for a separate project and for a separate region. For example, if there are five projects in a region, there are five buckets for that backup in that region, one in each project. In the previous figure, we have two projects in region A: Project 1 and Project n.
    • Backup1 has two buckets of tokens for restore operations in Region A. One bucket for Project 1 (Bucket11A), and one bucket for Project n (Bucket1nA).
    • Similarly, Backup3 has two buckets for restore operations in Region A. One for Project 1 (Bucket31A) and one for Project n (Bucket3nA).
  • Backup3 has one bucket in Region B, for Project1, because all instances in the same target project and the same target region share one bucket.

What's next