This document provides information about how to apply a backup plan, or change the backup plan that is applied, to your Compute Engine instance. You can configure your instance's backup plan to align your data protection strategy with your changing operational requirements.
Backup and DR backup plans let you define advanced backup strategies to store your Compute Engine instances in secure storage locations called backup vaults. Using the backup plan applied to your instance, you can create scheduled or on-demand backups of your instance in a backup vault.
Before you begin
- Enable the Backup and DR Service API where the Compute Engine instances are located.
- Create a backup vault
- Create a backup plan
- Set up Log Analytics on your bucket to monitor Backup and DR backup jobs.
Required roles
-
To get the permissions that you need to edit an instance's properties and change the associated backup plan, ask your administrator to grant you the following IAM roles :
-
To edit the instance:
Compute Instance Admin (v1) (
roles/compute.instanceAdmin.v1) on the project for the Compute Engine instance -
To configure scheduled backups or run on-demand backups:
-
Backup and DR Backup User (
roles/backupdr.backupUser) on the project for the backup vault -
Viewer (
roles/viewer) on the project for the backup vault
-
Backup and DR Backup User (
For more information about granting roles, see Manage access to projects, folders, and organizations.
You might also be able to get the required permissions through custom roles or other predefined roles.
-
To edit the instance:
Compute Instance Admin (v1) (
-
If you want to back up a Compute Engine instance to a backup vault that is in a different project than the instance, then make sure the Backup and DR Vault Service Agent for the backup vault has been granted permission to access the instances in that project. (If the backup vault and instance are in the same project, then this permission is already granted by default.)
-
To ensure that Backup and DR Vault Service Agent has the necessary permissions to back up a Compute Engine instance to a backup vault, ask your administrator to grant the Backup and DR Compute Engine Operator (
roles/backupdr.computeEngineOperator) IAM role to Backup and DR Vault Service Agent on the project for the Compute Engine instance.
Apply or change backup plans for an existing instance
You can apply or change backup plans for an existing instance by modifying the instance configuration on the Google Cloud console. If you change the backup plan that's applied to your instance, then your new backup plan must be from the same project and store the backup in the same backup vault as your existing plan.
In the Google Cloud console, go to the VM instances page.
Click the name of the instance for which you want to apply or change the backup plan. The instance details page appears for the selected instance.
Click Edit. The Edit page appears for your instance.
Navigate to the Backup plan section and click Change plan.
In the Select a backup plan pane that appears, do the following:
- In the Backup plan name column, click the name of the backup plan that you want to use.
- To confirm your choice of backup plan and return to the Edit page, click Apply.
To apply your backup plan and save your new instance configuration, click Save.
What's next
- Learn how to use your instance's backup plan to schedule or create backups in a backup vault.
- Learn how to restore an instance from a backup vault.