Skip to main content

Commvault Cloud supports the protection of Amazon Aurora and Amazon RDS instances in single and multi-AZ configurations using native RDS automated backups, allowing for point-in-time recovery (PITR).  To enable the PITR for Amazon Aurora and Amazon RDS, additional permissions for RDS APIs are required to be added to a policy in the user account. These permissions allow for enabling the RDS automated snapshots with appropriate retention, thereby protecting the database transactional log files.

 

  1. What steps should be taken to enable the PITR for the Amazon RDS database?

The following steps should be followed in the AWS Console:

  • Sign into the AWS Management Console and Open the IAM (Identity and Access Management) console of the appropriate AWS user account at https://console.aws.amazon.com/iam/.
  • In the navigation pane, choose Policies.
  • Search for the policy named either MetallicRole-RDSPolicy or MetallicTenantRole-RDSPolicy
  • Choose the Permissions tab and click on Edit to add the set of permissions to the JSON file. Alternatively opt for the visual option under RDS and IAM and select the required actions one by one.

               rds:RestoreDBInstanceToPointInTime

               rds:RestoreDBClusterToPointInTime

               rds:CreateTenantDatabase

               rds:ModifyDBInstance 

               rds:ModifyDBCluster

               rds:DescribeDBInstanceAutomatedBackups

               rds:DescribeDBClusterAutomatedBackups   

               iam:PassRole

 

  1.  Is there downtime for enabling Amazon RDS automated backups?

When you enable Amazon RDS automated backups with a backup retention period from "0" to a nonzero value, client downtime will occur. Learn more: 

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.Enabling.html

 

 

  1.  What would happen if we disable (by changing the retention to zero) the automated backups?

If you disable automated backups in Amazon Aurora or RDS, RDS will delete all your previous automated backup jobs. This will also disable the PITR functionality.

 

For more information, refer to these Amazon resources:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.Enabling.html

https://aws.amazon.com/blogs/database/amazon-rds-snapshot-restore-and-recovery-demystified/

Your post suggests that there are no changes required on Commvault side. Is that correct? Does Commvault automatically verify if these AWS permissions are in place when configuring a new instance and which Commvault version is required to have this in place? 


Thanks ​@Onno van den Berg  for your question. This feature, available in the upcoming SaaS Jan release, requires the “metallic*” RDS policies of the user AWS account to be updated from the AWS console. There is no change from the Commvault side.

Once the API permissions are updated to these policies (as noted above), the user can then use this feature by setting an appropriate retention period from the Command Center.


Reply