Manage backup vaults - Cloud Backup - Alibaba Cloud Documentation Center

A storage vault is a cloud repository that is used by Cloud Backup to store backup data and archive data. Storage vaults include backup vaults and archive vaults. On the Storage Vaults page of the Cloud Backup console, you can view all storage vaults and the following information about each storage vault: name, ID, type, status, creation time, the amount of source data, the amount of data stored in the storage vault, and the number of backup plans. You can view the backup content, configure tags for storage vaults, create a remote mirror vault for a backup vault, configure parameters, and grant permissions.

Procedure

Log on to the Cloud Backup console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Storage Vaults.
The Storage Vaults page displays all backup vaults and archive vaults. You can view the following information about each storage vault: name, ID, type, status, creation time, the amount of source data, the amount of data stored in the storage vault, and the number of backup plans. For more information about storage vaults, see Storage vault types.

Configure tags for a storage vault

You can use tags to identify and categorize Cloud Backup resources. Tags help you efficiently search for and aggregate resources.

You can configure different tags for different storage vaults. When you manage teams or projects, you can create tags based on departments or projects, and then use these tags to group your resources. For example, you can create a tag named project:a for a project. This way, you can quickly find a group of storage vaults based on the tag when you manage storage vaults.

Usage notes
- Each tag consists of a key-value pair.
- A tag must be unique.
  For example, the company:a tag is added to a backup vault. If you add the company:b tag to the backup vault, the company:a tag is replaced by the company:b tag.
- Tags are not shared across regions. For example, tags that are created in the China (Hangzhou) region are invisible to the China (Shanghai) region.

Limits

Item	Limit
The maximum length of a key	128 characters
The maximum length of a value	128 characters
The maximum number of custom tags that you can add to a resource	20
The key of a tag	The key cannot start with `aliyun` or `acs:`. The key cannot contain `http://` or `https://`. The key cannot be an empty string.
The value of a tag	A tag value cannot contain `http://` or `https://`.

In the Tags column of the storage vault, click the icon.
In the dialog box that appears, click Edit.
In the Key and Value fields, enter the key-value pair of a tag and click Save.
If you want to create more than one tag, click Add a row to specify the key-value pair of a new tag.

Create a mirror vault for a backup vault

To meet the requirements for disaster recovery, you can create a remote mirror vault for a backup vault. Data in the backup vault is automatically replicated to the mirror vault. This way, you can back up data across regions. For more information, see Back up data across regions.

Important

Archive vaults (Storage Vault Type: Archive) do not support the cross-region backup feature.

Search for storage vaults by tag

On the Storage Vaults page, select Tags from the drop-down list, enter the tag information, and then click the icon.

You can search for a resource by using a key, as shown in the following example:
```
aaa
```
You can search for a resource by using a key-value pair, as shown in the following example:
```
aaa:bbb
```
You can search for a resource by using multiple key-value pairs, as shown in the following example:
```
aaa:bbb,ccc:ddd
```

Enable backup search and immutable backup for a backup vault

In the Actions column of the backup vault that you want to manage, choose More > Modify Backup Vault. Then, configure the Vault Name, Backup Search, and Immutable Backup parameters.

Important

Only backup vaults whose Storage Vault Type is General Backup support the backup search and immutable backup features. After the features are enabled, you cannot disable the features.
After the immutable backup feature is enabled, you cannot modify or delete backup vaults or backup data in the backup vaults during the specified retention period. For more information, see Enable the immutable backup feature.
After the immutable backup feature is enabled, you can continue to run backup or restore jobs.

Configure alert settings for a storage vault

In the Actions column of the storage vault that you want to manage, choose More > Alert Settings. Then, configure an alert notification method for the storage vault. By default, if a backup attempt fails or a backup client is disconnected from Cloud Backup, alert notifications are sent to the owner of the Alibaba Cloud account. The following alert notification methods are supported:

Disabled: The Cloud Backup client does not send alert notifications.
Notify Alibaba Cloud Account: The Cloud Backup client sends alert notifications to the owner of the Alibaba Cloud account by using emails.
Custom: If you select this option, you must select one or more alert contacts or alert contact groups. After you complete the configuration, the Cloud Backup client sends alert notifications to the selected alert contacts or alert contact groups.

Specify the retention period of data for a database backup vault

Important

This operation is available only when the Storage Vault Type is Database Backup. After the specified retention period expires, the backup data is automatically deleted.
You can configure the retention period of data for an archive vault only when you create an archive plan, and the configuration cannot be modified.

In the Actions column of the database backup vault that you want to manage, choose More > Set Retention Period. You can retain backup data in a database backup vault for a specified period of time or permanently.

If you set the retention period to 0, backup data is permanently retained.
After you change the retention period, the new retention period takes effect on historical backup data. The time when the new retention period takes effect may be delayed by 24 hours at most.
To perform an incremental backup, cumulative incremental backup, and log backup, Cloud Backup obtains the most recent backup files of full backup, incremental backup, cumulative incremental backup, and log backup. All backup files in a backup chain are retained in the database backup vault until the last backup file expires. The backup files occupy storage space.

Delete a storage vault

Warning

If you delete a storage vault (backup vault or archive vault), all data in the storage vault is deleted and the data cannot be restored. Proceed with caution.

In the Actions column of the storage vault that you want to delete, choose More > Delete.

Grant the permissions on a backup vault to a RAM user

In the Actions column of the backup vault that you want to manage, choose More > Modify Backup Vault. You can grant the permissions on a backup vault to a RAM user. For example, you can authorize the RAM user only to back up or restore data by using the backup vault.

You can grant permissions by using the following sample policies. To create a custom policy, copy one of the scripts and paste the script in the RAM console. Then, attach the custom policy to the RAM user. For more information, see Create custom policies.

To disallow a RAM user to restore data from a backup vault, use the following sample policy:

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "hbr:CreateRestore",
                "hbr:CreateRestoreJob",
                "hbr:CreateHanaRestore",
                "hbr:CreateUniRestorePlan",
                "hbr:CreateSqlServerRestore"
            ],
            "Resource": [
                "acs:hbr:*:1178******531:vault/v-000******blx06",
                "acs:hbr:*:1178******531:vault/v-000******blx06/client/*"
            ]
        }
    ]
}

To disallow a RAM user to back up data to a backup vault, use the following sample policy:

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": [
                "hbr:CreateUniBackupPlan",
                "hbr:UpdateUniBackupPlan",
                "hbr:DeleteUniBackupPlan",
                "hbr:CreateHanaInstance",
                "hbr:UpdateHanaInstance",
                "hbr:DeleteHanaInstance",
                "hbr:CreateHanaBackupPlan",
                "hbr:UpdateHanaBackupPlan",
                "hbr:DeleteHanaBackupPlan",
                "hbr:CreateClient",
                "hbr:CreateClients",
                "hbr:UpdateClient",
                "hbr:UpdateClientSettings",
                "hbr:UpdateClientAlertConfig",
                "hbr:DeleteClient",
                "hbr:DeleteClients",
                "hbr:CreateJob",
                "hbr:UpdateJob",
                "hbr:CreateBackupPlan",
                "hbr:UpdateBackupPlan",
                "hbr:ExecuteBackupPlan",
                "hbr:DeleteBackupPlan",
                "hbr:CreateBackupJob",
                "hbr:CreatePlan",
                "hbr:UpdatePlan",
                "hbr:CreateTrialBackupPlan",
                "hbr:ConvertToPostPaidInstance",
                "hbr:KeepAfterTrialExpiration"
            ],
            "Resource": [
                "acs:hbr:*:1178******9531:vault/v-000******blx06",
                "acs:hbr:*:1178******9531:vault/v-000******blx06/client/*"
            ]
        }
    ]
}