From 9838e39e28b81e3b251e040cc1391771e4d4f6e2 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Mon, 23 Mar 2026 18:24:57 +0800 Subject: [PATCH 1/6] cloud-premium: add manual backup support for premium instances - Add manual backup feature with key characteristics and creation steps - Update PITR window to 7 days for premium instances - Fix Premium naming consistency using {{{ .premium }}} variable - Remove manual backup limitation note since it's now supported Co-Authored-By: Claude Opus 4.6 --- .../premium/backup-and-restore-premium.md | 34 +++++++++++++++---- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 392acfacbd4c0..a5438c3eadd07 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -6,12 +6,12 @@ aliases: ['/tidbcloud/restore-deleted-tidb-cluster'] # Back Up and Restore {{{ .premium }}} Data -This document describes how to back up and restore your data on {{{ .premium }}} instances. {{{ .premium }}} supports automatic backup and lets you restore backup data to a new instance as needed. +This document describes how to back up and restore your data on {{{ .premium }}} instances. {{{ .premium }}} supports both automatic backups and manual backups, and lets you restore backup data to a new instance as needed Backup files can originate from the following sources: - Active {{{ .premium }}} instances -- The Recycle Bin for backups from deleted Premium instances +- The Recycle Bin for backups from deleted {{{ .premium }}} instances > **Tip:** > @@ -67,6 +67,29 @@ To delete an existing backup file for your {{{ .premium }}} instance, perform th 2. Locate the corresponding backup file you want to delete, and click **...** > **Delete** in the **Action** column. +## Manual backups +In addition to automatic backups, {{{ .premium }}} supports manual backups. Manual backups provide a user-controlled, guaranteed restore point, which is highly recommended before performing high-risk actions such as system upgrades, critical data deletion, or irreversible schema/configuration changes. + +### Key characteristics of manual backups: + +- **Retention and Deletion**: Unlike automatic backups, manual backups are not automatically deleted based on retention rules. They are retained indefinitely until you explicitly delete them. If the instance is deleted, its manual backups are moved to the Recycle Bin and will remain there permanently until manual deletion. + +- **Storage Location**: Manual backups are stored in TiDB Managed Cloud Storage. + +- **Cost**: Due to their long-term retention, manual backups are subject to additional charges. + +- **Limitations**: Manual backups do not support Point-in-Time Recovery (PITR) or partial backups (e.g., table-level or database-level). Restoring a manual backup into an existing or running cluster is not supported; each restore requires a new cluster. + +- **Permissions**: Both Organization owners and Instance managers can perform manual backups. However, only Organization owners can perform restore actions for system-managed manual backups. + +### Create a manual backup + +1. Navigate to the [**Backup**](#view-the-backup-page) page of your instance. + +2. In the upper-right corner, click **...**, and then click **Manual Backup**. + +3. Confirm the operation. The backup is stored in TiDB Cloud and will appear in the Backup List. It can be restored directly through the UI without requiring external storage credentials. + ## Restore TiDB Cloud provides restore functionality to help recover data in case of accidental loss or corruption. You can restore from backups of active instances or from deleted instances in the Recycle Bin. @@ -75,11 +98,11 @@ TiDB Cloud provides restore functionality to help recover data in case of accide TiDB Cloud supports snapshot restore and point-in-time restore for your instance. -- **Snapshot Restore**: restores your instance from a specific backup snapshot. +- **Snapshot Restore**: restores your instance from a specific backup snapshot. Both automatic and manual backups can be restored this way. Manual backups are displayed in the Backup List with a "Manual" backup type and a "Permanent" expiration status. - **Point-in-Time Restore**: restores your instance to a specific point in time. - - Premium instances: can be restored to any time within the last 33 days, but not earlier than the instance creation time or later than one minute before the current time. + - Premium instances: can be restored to any time within the last 7 days, but not earlier than the instance creation time or later than one minute before the current time. (Note: PITR is not supported for manual backups) ### Restore destination @@ -194,9 +217,6 @@ To restore backups from cloud storage, do the following: 5. Click **Restore** to restore the backup. -## Limitations - -Currently, manual backups are not supported for {{{ .premium }}} instances. ## References From fdd5c155814233c3311fa63cf2e811ccde1ef2ef Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Tue, 24 Mar 2026 09:41:35 +0800 Subject: [PATCH 2/6] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/backup-and-restore-premium.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index a5438c3eadd07..e5dd94bfc4476 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -6,7 +6,7 @@ aliases: ['/tidbcloud/restore-deleted-tidb-cluster'] # Back Up and Restore {{{ .premium }}} Data -This document describes how to back up and restore your data on {{{ .premium }}} instances. {{{ .premium }}} supports both automatic backups and manual backups, and lets you restore backup data to a new instance as needed +This document describes how to back up and restore your data on {{{ .premium }}} instances. {{{ .premium }}} supports both automatic backups and manual backups, and lets you restore backup data to a new instance as needed. Backup files can originate from the following sources: @@ -88,7 +88,7 @@ In addition to automatic backups, {{{ .premium }}} supports manual backups. Manu 2. In the upper-right corner, click **...**, and then click **Manual Backup**. -3. Confirm the operation. The backup is stored in TiDB Cloud and will appear in the Backup List. It can be restored directly through the UI without requiring external storage credentials. +3. Confirm the operation. The backup is stored in TiDB Cloud and will appear in the **Backup List**. You can restore it directly through the UI without requiring external storage credentials. ## Restore @@ -102,7 +102,7 @@ TiDB Cloud supports snapshot restore and point-in-time restore for your instance - **Point-in-Time Restore**: restores your instance to a specific point in time. - - Premium instances: can be restored to any time within the last 7 days, but not earlier than the instance creation time or later than one minute before the current time. (Note: PITR is not supported for manual backups) + - Premium instances: can be restored to any time within the last 7 days, but not earlier than the instance creation time or later than one minute before the current time. Note that PITR is not supported for manual backups. ### Restore destination From df26b429fb9240483642a5a8b9b4780c769d3d62 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Tue, 24 Mar 2026 10:21:19 +0800 Subject: [PATCH 3/6] Apply suggestions from code review --- tidb-cloud/premium/backup-and-restore-premium.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index e5dd94bfc4476..1af3438f10859 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -68,19 +68,20 @@ To delete an existing backup file for your {{{ .premium }}} instance, perform th 2. Locate the corresponding backup file you want to delete, and click **...** > **Delete** in the **Action** column. ## Manual backups -In addition to automatic backups, {{{ .premium }}} supports manual backups. Manual backups provide a user-controlled, guaranteed restore point, which is highly recommended before performing high-risk actions such as system upgrades, critical data deletion, or irreversible schema/configuration changes. + +In addition to automatic backups, {{{ .premium }}} supports manual backups. Manual backups provide a user-controlled, guaranteed restore point, which is highly recommended before performing high-risk actions such as system upgrades, critical data deletion, and irreversible schema or configuration changes. ### Key characteristics of manual backups: -- **Retention and Deletion**: Unlike automatic backups, manual backups are not automatically deleted based on retention rules. They are retained indefinitely until you explicitly delete them. If the instance is deleted, its manual backups are moved to the Recycle Bin and will remain there permanently until manual deletion. +- **Retention and deletion**: unlike automatic backups, manual backups are not automatically deleted based on retention rules. They are retained indefinitely until you explicitly delete them. If the instance is deleted, its manual backups are moved to the Recycle Bin and will remain there permanently until manual deletion. -- **Storage Location**: Manual backups are stored in TiDB Managed Cloud Storage. +- **Storage location**: manual backups are stored in cloud storage managed by TiDB. -- **Cost**: Due to their long-term retention, manual backups are subject to additional charges. +- **Cost**: due to their long-term retention, manual backups are subject to additional charges. -- **Limitations**: Manual backups do not support Point-in-Time Recovery (PITR) or partial backups (e.g., table-level or database-level). Restoring a manual backup into an existing or running cluster is not supported; each restore requires a new cluster. +- **Limitations**: manual backups do not support Point-in-Time Recovery (PITR) or partial backups (for example, table-level or database-level). Restoring a manual backup into an existing or running instance is not supported. Each restore requires a new instance. -- **Permissions**: Both Organization owners and Instance managers can perform manual backups. However, only Organization owners can perform restore actions for system-managed manual backups. +- **Permissions**: both **Organization owners** and **Instance managers** can perform manual backups. However, only **Organization owners** can perform restore actions for system-managed manual backups. ### Create a manual backup @@ -98,7 +99,7 @@ TiDB Cloud provides restore functionality to help recover data in case of accide TiDB Cloud supports snapshot restore and point-in-time restore for your instance. -- **Snapshot Restore**: restores your instance from a specific backup snapshot. Both automatic and manual backups can be restored this way. Manual backups are displayed in the Backup List with a "Manual" backup type and a "Permanent" expiration status. +- **Snapshot Restore**: restores your instance from a specific backup snapshot. Both automatic and manual backups can be restored this way. Manual backups are displayed in the **Backup List** with a **Manual** backup type and a **Permanent** expiration status. - **Point-in-Time Restore**: restores your instance to a specific point in time. @@ -217,7 +218,6 @@ To restore backups from cloud storage, do the following: 5. Click **Restore** to restore the backup. - ## References This section describes how to configure access for Amazon S3 and Alibaba Cloud OSS. From 03a47b961f39224eeb94fc9677f30b7a9a1a3e6f Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Tue, 24 Mar 2026 11:23:43 +0800 Subject: [PATCH 4/6] Update tidb-cloud/premium/backup-and-restore-premium.md --- tidb-cloud/premium/backup-and-restore-premium.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 1af3438f10859..e102dfba7c42e 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -89,7 +89,9 @@ In addition to automatic backups, {{{ .premium }}} supports manual backups. Manu 2. In the upper-right corner, click **...**, and then click **Manual Backup**. -3. Confirm the operation. The backup is stored in TiDB Cloud and will appear in the **Backup List**. You can restore it directly through the UI without requiring external storage credentials. +3. Confirm the operation. The backup is stored in TiDB Cloud and will appear in the **Backup List**. + +You can restore the manual backup directly through the UI without requiring external storage credentials. ## Restore From f070954ad8d0ece2475b01899e2e67f078fb8597 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Tue, 24 Mar 2026 12:56:16 +0800 Subject: [PATCH 5/6] Apply suggestions from code review Co-authored-by: Aolin --- tidb-cloud/premium/backup-and-restore-premium.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index e102dfba7c42e..5276ff6672f16 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -69,19 +69,19 @@ To delete an existing backup file for your {{{ .premium }}} instance, perform th ## Manual backups -In addition to automatic backups, {{{ .premium }}} supports manual backups. Manual backups provide a user-controlled, guaranteed restore point, which is highly recommended before performing high-risk actions such as system upgrades, critical data deletion, and irreversible schema or configuration changes. +In addition to automatic backups, {{{ .premium }}} supports manual backups. A manual backup provides a controlled, guaranteed restore point. It is highly recommended that you create a manual backup before you perform high-risk operations such as system upgrades, critical data deletion, or irreversible schema or configuration changes. -### Key characteristics of manual backups: +### Key characteristics -- **Retention and deletion**: unlike automatic backups, manual backups are not automatically deleted based on retention rules. They are retained indefinitely until you explicitly delete them. If the instance is deleted, its manual backups are moved to the Recycle Bin and will remain there permanently until manual deletion. +- **Retention and deletion**: unlike automatic backups, manual backups are not automatically deleted based on retention policies. They are retained until you explicitly delete them. If you delete the instance, its manual backups move to the recycle bin and remain there until you manually delete them. - **Storage location**: manual backups are stored in cloud storage managed by TiDB. -- **Cost**: due to their long-term retention, manual backups are subject to additional charges. +- **Cost**: because manual backups are retained long term and incur additional charges. -- **Limitations**: manual backups do not support Point-in-Time Recovery (PITR) or partial backups (for example, table-level or database-level). Restoring a manual backup into an existing or running instance is not supported. Each restore requires a new instance. +- **Limitations**: manual backups do not support point-in-time recovery (PITR) or partial backups (for example, table-level or database-level backups). You cannot restore a manual backup to an existing instance. Each restore operation creates a new instance. -- **Permissions**: both **Organization owners** and **Instance managers** can perform manual backups. However, only **Organization owners** can perform restore actions for system-managed manual backups. +- **Permissions**: both `Organization Owner` and `Instance Manager` can create manual backups. Only `Organization Owner` can restore system-managed manual backups. ### Create a manual backup @@ -91,7 +91,7 @@ In addition to automatic backups, {{{ .premium }}} supports manual backups. Manu 3. Confirm the operation. The backup is stored in TiDB Cloud and will appear in the **Backup List**. -You can restore the manual backup directly through the UI without requiring external storage credentials. +You can restore a manual backup directly in the TiDB Cloud console without providing external storage credentials. ## Restore @@ -101,7 +101,7 @@ TiDB Cloud provides restore functionality to help recover data in case of accide TiDB Cloud supports snapshot restore and point-in-time restore for your instance. -- **Snapshot Restore**: restores your instance from a specific backup snapshot. Both automatic and manual backups can be restored this way. Manual backups are displayed in the **Backup List** with a **Manual** backup type and a **Permanent** expiration status. +- **Snapshot Restore**: restores your instance from a specific backup snapshot. You can use this method to restore both automatic and manual backups. In the **Backup List**, manual backups are labeled with the **Manual** type and a **Permanent** expiration status. - **Point-in-Time Restore**: restores your instance to a specific point in time. From 120659cf728546ada332b8f4bb888b2616caf1f8 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Wed, 25 Mar 2026 15:27:11 +0800 Subject: [PATCH 6/6] docs: add cross-account OSS bucket configuration for Alibaba Cloud audit logging Added documentation for configuring OSS bucket and RAM role when they are in different cloud accounts. Co-Authored-By: Claude Opus 4.6 --- .../premium/tidb-cloud-auditing-premium.md | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/tidb-cloud/premium/tidb-cloud-auditing-premium.md b/tidb-cloud/premium/tidb-cloud-auditing-premium.md index ff903b5cfe250..da01176f3cdc6 100644 --- a/tidb-cloud/premium/tidb-cloud-auditing-premium.md +++ b/tidb-cloud/premium/tidb-cloud-auditing-premium.md @@ -177,6 +177,51 @@ For more information, see [Create a bucket](https://www.alibabacloud.com/help/en 5. Copy the **Role ARN** (for example: `acs:ram:::role/tidb-cloud-audit-role`) for later use. + +**Cross-Account OSS Bucket Configuration** + +If the OSS bucket storing the audit logs and the role accessing the OSS bucket are in different cloud accounts, the configuration process is slightly different. + +**1. RAM Policy Configuration** +When creating the RAM policy, you need to add the information of User Account 2 in the Resource field. Define the policy using the following JSON script: + +```json +{ + "Version": "1", + "Statement": [ + { + "Effect": "Allow", + "Action": "oss:PutObject", + "Resource": "acs:oss:oss-::/*" + } + ] +} +``` + +**2. Bucket Policy Configuration** +In addition, you also need to configure a Bucket Policy on the destination OSS bucket to allow the assumed role from the different account to access it. Use the following configuration: + +```json +{ + "Version": "1", + "Statement": [ + { + "Action": [ + "oss:GetObject" + ], + "Effect": "Allow", + "Principal": [ + "arn:sts:::assumed-role//*" + ], + "Resource": [ + "acs:oss:*::/*" + ] + } + ] +} +``` + + #### Step 3. Enable audit logging In the TiDB Cloud console, go back to the **Database Audit Log Storage Configuration** dialog where you got the TiDB Cloud account ID, and then take the following steps: