Back Up and Restore Data on Amazon S3 Using BR
The Backup & Restore (BR) tool supports using Amazon S3 or other Amazon S3-compatible file storages as the external storage for backing up and restoring data.
Application scenarios
By using Amazon S3, you can quickly back up the data of a TiDB cluster deployed on Amazon EC2 to Amazon S3, or quickly restore a TiDB cluster from the backup data in Amazon S3.
Configure privileges to access S3
Before performing backup or restoration using S3, you need to configure the privileges required to access S3.
Configure access to the S3 directory
Before backup, configure the following privileges to access the backup directory on S3.
- Minimum privileges for TiKV and BR to access the backup directories of
s3:ListBucket
,s3:PutObject
, ands3:AbortMultipartUpload
during backup - Minimum privileges for TiKV and BR to access the backup directories of
s3:ListBucket
ands3:GetObject
during restoration
If you have not yet created a backup directory, refer to AWS Official Document to create an S3 bucket in the specified region. If necessary, you can also create a folder in the bucket by referring to AWS official documentation - Create Folder.
Configure a user to access S3
It is recommended that you configure access to S3 using either of the following ways:
Associate an IAM role that can access S3 with the EC2 instances where the TiKV and BR nodes run. After the association, BR can access the backup directories of S3.
br backup full --pd "${PDIP}:2379" --storage "s3://${Bucket}/${Folder}"Configure
access-key
andsecret-access-key
for accessing S3 in thebr
CLI, and set--send-credentials-to-tikv=true
to pass the access key from BR to each TiKV.br backup full --pd "${PDIP}:2379" --storage "s3://${Bucket}/${Folder}?access-key=${accessKey}&secret-access-key=${secretAccessKey}" --send-credentials-to-tikv=true
Because the access key in a command is vulnerable to leakage, you are recommended to associate an IAM role to EC2 instances to access S3.
Back up data to S3
br backup full \
--pd "${PDIP}:2379" \
--storage "s3://${Bucket}/${Folder}?access-key=${accessKey}&secret-access-key=${secretAccessKey}" \
--send-credentials-to-tikv=true \
--ratelimit 128 \
--log-file backuptable.log
In the preceding command:
--send-credentials-to-tikv
: specifies that access key is passed to the TiKV nodes.
Restore data from S3
br restore full \
--pd "${PDIP}:2379" \
--storage "s3://${Bucket}/${Folder}?access-key=${accessKey}&secret-access-key=${secretAccessKey}" \
--ratelimit 128 \
--send-credentials-to-tikv=true \
--log-file restorefull.log
See also
To know more information about external storages supported by BR, see External storages.