Cloud setup for backup and restore using YugabyteDB Anywhere - Yugabyte Db

When backing up to and/or restoring from external cloud storage, generally speaking, both YugabyteDB Anywhere (YBA) and database nodes require permissions to write to and read from the external storage.

When backing up to an NFS storage target, only database nodes need access to the NFS storage.

<ul class="nav nav-tabs-alt nav-tabs-yb custom-tabs"> <li> <a href="#onprem" class="nav-link active" id="onprem-tab" data-bs-toggle="tab" role="tab" aria-controls="onprem" aria-selected="true"> <i class="fa-solid fa-building"></i> On-premises </a> </li> <li> <a href="#aws" class="nav-link" id="aws-tab" data-bs-toggle="tab" role="tab" aria-controls="aws" aria-selected="false"> <i class="fa-brands fa-aws"></i> AWS </a> </li> <li> <a href="#gcp" class="nav-link" id="gcp-tab" data-bs-toggle="tab" role="tab" aria-controls="gcp" aria-selected="false"> <i class="fa-brands fa-google"></i> GCP </a> </li> <li> <a href="#azure" class="nav-link" id="azure-tab" data-bs-toggle="tab" role="tab" aria-controls="azure" aria-selected="false"> <i class="fa-brands fa-microsoft"></i> Azure </a> </li> </ul> <div class="tab-content"> <div id="onprem" class="tab-pane fade show active" role="tabpanel" aria-labelledby="onprem-tab">

When backing up to and/or restoring from NFS storage, the NFS storage system must be configured to allow the following access:

The yugabyte user (and its UID) on the database cluster nodes needs to have read and write permissions for the NFS volume.
The NFS volume must be mounted on the database cluster nodes.

(This guidance is intentionally repeated in Prepare Servers for On-Premises provider, where it may be more suitable for some readers.)

</div> <div id="aws" class="tab-pane fade" role="tabpanel" aria-labelledby="aws-tab">

When backing up to and/or restoring from AWS S3 or S3-compatible storage, YBA and DB nodes must be able to write to and read from the S3 storage bucket.

To grant the required access, you can do one of the following:

Provide a service account with the following permissions.
Create the EC2 VM instances (for both the YBA VM and the DB nodes VMs) with an IAM role with the required permissions.

The following permissions are required:

properties

"s3:DeleteObject",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"

The Access key ID and Secret Access Key for the service account are used when creating a backup storage configuration for S3.

Save for later	To configure
Service account Access key ID and Secret Access Key	Storage configuration for S3

</div> <div id="gcp" class="tab-pane fade" role="tabpanel" aria-labelledby="gcp-tab">

When backing up to and/or restoring from GCP GCS, YBA and database nodes must be able to write to and read from the GCS storage bucket.

To grant the required access, you can do one of the following:

Provide a GCP service account with IAM roles for cloud storage with the required permissions.
Create the VM instances (for both the YBA VM and the DB nodes VMs) with an IAM role that has the required permissions.

The following permissions are required:

roles/storage.admin

The credentials for this account (in JSON format) are used when creating a backup storage configuration for GCS.

Save for later	To configure
Service account JSON credentials	Storage configuration for GCS

</div> <div id="azure" class="tab-pane fade" role="tabpanel" aria-labelledby="azure-tab">

When backing up to and/or restoring from Azure Storage, YBA and DB nodes must be able to write to and read from the storage blob.

To grant the required access, create a Shared Access Signature (SAS) token with the permissions as shown in the following illustration.

The Connection string and SAS token are used when creating a backup storage configuration for Azure.

Save for later	To configure
Azure storage Connection string and SAS token	Storage configuration for Azure

</div> </div>