For more information about granting roles, see Manage access to projects, folders, and organizations .
Restore an AlloyDB cluster from a vaulted backup
To restore an AlloyDB for PostgreSQL cluster from a vaulted backup, use the following instructions:
-
Restore the backup to a new Backup and DR Service cluster.
Console
-
In the Google Cloud console, go to the Vaulted backupspage.
- End user should have
roles/alloydb.adminin the project where the target AlloyDB cluster is located. - End user should have roles/backupdr.restoreUser in the project where the source backup exists.
The Vaulted backupspage lists only the data resources that have backup plans applied and their backups stored in a backup vault within that project.
- End user should have
-
Select the backup that you want to restore. Either from the backup details page for the backup, or from the menu, select Restore.
The Restore a backuppage displays where you select the following restore options:
- The Resource typeis prefilled with
AlloyDB. - In Resource name, select the AlloyDB cluster to restore.
- When you click Backup, a pane opens showing all available backups. Select the specific backup to restore.
- For Choose the restore destination, select the project into which you want to restore the AlloyDB cluster.
- The Resource typeis prefilled with
-
Click Continue.
-
The next page shows the restore details so far, and prompts you to Configure a new cluster: This creates a new AlloyDB cluster based on the configuration stored in your backup. You can customize the cluster after the restore is complete. Provide a new Cluster IDusing lowercase letters, numbers, and hyphens. Start with a letter.
-
Choose a private connection method: There are two methods to connect services in Google Cloud or third party-hosted VPC networks, without assigning external IP addresses:
- Private services access: Assigns the cluster to a single VPC network using a peering connection. Use this when connecting to specific Google Cloud and third-party services in the same VPC network as the AlloyDB cluster. This requires additional APIs.
- Private Service Connect: Enables cluster access from one or more VPC networks using allowlists and Private Service Connect endpoints.
gcloud
gcloud beta alloydb clusters restore RESTORED_CLUSTER_ID \ --project = WORKLOAD_PROJECT_ID \ --region = REGION \ --backupdr-backup = BACKUP_NAMEReplace the following:
-
RESTORED_CLUSTER_ID: the ID for the new AlloyDB cluster you are restoring. -
WORKLOAD_PROJECT_ID: the ID of the project where you want to restore the AlloyDB cluster. -
REGION: the Google Cloud region where you want to restore the AlloyDB cluster. -
BACKUP_NAME: the name of the backup you want to restore.
-
-
After Backup and DR finishes creating the cluster, create a primary instance for it.
When creating the new primary instance, you need to specify its configuration, including its size and flags; Backup and DR does not store instance configuration as part of the backup. Note that the configuration need not exactly match that of the original primary instance.
When Backup and DR finishes creating the instance, you can use it to access your restored data.
-
Finish configuring the new cluster by setting up read-pool instances , if necessary.
Restore an AlloyDB cluster to a point in time
-
To restore an AlloyDB for PostgreSQL cluster to a specific point in time, use these instructions:
Console
-
In the Google Cloud console, go to the Vaulted backupspage.
- The end user needs:
roles/alloydb.adminin the project where the target AlloyDB cluster is located.roles/backupdr.restoreUserin the project where the source backup exists.The Vaulted backupspage lists only the data resources that have backup plans applied and their backups stored in a backup vault within that project.
-
At the top of the list of backups, select Restore from a point in time.
The Restore from a point in time to a new clusterpane appears. This is where you select the point in time to restore to and the details of the new cluster that you will create:
-
Choose a point in time: Enter a target time within this cluster's recovery window to restore your cluster data from.
-
Configure a new cluster: This creates a new AlloyDB cluster based on the configuration stored in your backup. You can customize the cluster after the restore is complete.
Provide a new Cluster IDusing lowercase letters, numbers, and hyphens. Start with a letter.
-
-
Choose a private connection method:
There are two methods to connect services in Google Cloud or third party-hosted VPC networks, without assigning external IP addresses:
-
Private services access: Assigns the cluster to a single VPC network using a peering connection. Use this when connecting to specific Google Cloud and third-party services in the same VPC network as the AlloyDB cluster. This requires additional APIs.
-
Private Service Connect: Enables cluster access from one or more VPC networks using allowlists and Private Service Connect endpoints.
-
gcloud
-
Restore the backup to a new Backup and DR Service cluster. This is a 2 step process.
First you must find the data source ID:
gcloud backup-dr data-source-references fetch-for-resource-type alloydb.googleapis.com/Cluster \ --location = REGION \ --project = WORKLOAD_PROJECT_ID \ --filter = 'dataSourceGcpResourceInfo.gcp_resourcename="projects/ WORKLOAD_PROJECT_NUMBER /locations/ REGION /clusters/ CLUSTER_NAME 'Then you perform the point-in-time restore
-
To restore the cluster, use the data source ID in the following script:
gcloud beta alloydb clusters restore RESTORED_CLUSTER_ID \ --project = WORKLOAD_PROJECT_ID \ --region = REGION \ --backupdr-data-source = projects/ VAULT_PROJECT_ID /locations/ REGION /backupVaults/ BV_ID /dataSources/ DS_ID \ --point-in-time = POINT_IN_TIMEReplace the following:
-
WORKLOAD_PROJECT_ID: the ID of the project where you want to restore the AlloyDB cluster. -
REGION: the Google Cloud region where you want to restore the AlloyDB cluster. -
RESTORED_CLUSTER_ID: the ID for the new AlloyDB cluster you are restoring. -
VAULT_PROJECT_ID: the ID of the project containing the backup vault. -
BV_ID: the ID of the backup vault. -
DS_ID: the ID of the data source. -
POINT_IN_TIME: the specific point in time to which you want to restore the cluster. A sample value is "2025-10-10T10:16:10Z"
-
-
-
After Backup and DR finishes creating the cluster, create a primary instance for it.
When creating the new primary instance, you need to specify its configuration, including its size and flags; Backup and DR does not store instance configuration as part of the backup. Note that the configuration need not exactly match that of the original primary instance.
When Backup and DR finishes creating the instance, you can use it to access your restored data.
-
Finish configuring the new cluster by setting up read-pool instances , if necessary.
List the backups in the backup vault
List the backups and select the backup to restore. You can find the data source ID and then list all the backups in the data source with these commands:
# Find the data source id
gcloud
backup-dr
data-source-references
fetch-for-resource-type
alloydb.googleapis.com/Cluster
\
--location =
REGION
\
--project =
WORKLOAD_PROJECT_ID
\
--filter =
'dataSourceGcpResourceInfo.gcp_resourcename="projects/ WORKLOAD_PROJECT_NUMBER
/locations/ REGION
/clusters/ CLUSTER_NAME
"'
# List backups
gcloud
backup-dr
backups
list
\
--project =
VAULT_PROJECT_ID
\
--location =
REGION
\
--backup-vault =
BV_ID
\
--data-source =
'projects/ VAULT_PROJECT_ID
/locations/ REGION
/backupVaults/ BV_ID
/dataSources/ DS_ID
'
Replace the following:
-
REGION: the Google Cloud region. -
WORKLOAD_PROJECT_ID: the ID of the project where your AlloyDB cluster is located. -
WORKLOAD_PROJECT_NUMBER: the number of the project where your AlloyDB cluster is located. -
CLUSTER_NAME: the name of your AlloyDB cluster. -
VAULT_PROJECT_ID: the ID of the project that contains the backup vault. -
BV_ID: the ID of the backup vault. -
DS_ID: the ID of the data source.
