# rds-backup

Part of **RDS**

# ApsaraDB RDS Backup and Restore Troubleshooting Guide

## Problem Index

| Problem | Symptom | Severity | Solution Summary |
|--------|---------|----------|------------------|
| Backup Download Access Denied | Error message: `403` | High | Grant required RAM permissions for backup download |
| Backup File Not Found | Error message: `404` | Medium | Verify backup exists and is in downloadable state |
| Backup Storage Quota Exceeded | Error code: `BackupStorageExceeded` | High | Reduce retention period, disable log backups, or increase storage capacity |

## Problem Details

### Problem 1: Backup Download Access Denied

**Symptoms**
- Error message: `403`
- Behavior: User receives an access denied error when attempting to download a backup file
- Context: Occurs when using RAM roles without sufficient permissions to access backup files

**Root Cause**
- The RAM role or user lacks the necessary permissions to download backup files from ApsaraDB RDS. Backup download requires specific OSS and RDS permissions.

**Solution**
1. Assign the following RAM policy to the user or role:
```json
{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "rds:DescribeBackups",
        "rds:DescribeBackupPolicy",
        "rds:CreateBackupDownloadURL"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "oss:GetObject"
      ],
      "Resource": "acs:oss:*:*:rds-backup-*",
      "Effect": "Allow"
    }
  ]
}
```
2. Ensure the RAM user has been granted permissions through either a custom policy or built-in RDS management policies that include backup download capabilities.

**Verification**
- Attempt to generate a backup download URL again using the console or API
- Expected behavior: Successful generation of a pre-signed URL without 403 errors

### Problem 2: Backup File Not Found

**Symptoms**
- Error message: `404`
- Behavior: System reports that the requested backup file does not exist
- Context: Typically occurs when referencing a backup ID that has been deleted, expired, or was never created

**Root Cause**
- The specified backup file has been automatically deleted due to retention policy expiration, was manually deleted, or the backup job failed to complete successfully.

**Solution**
1. Navigate to the RDS console and verify the backup exists:
   - Go to **RDS Console** > **Instances** > select your instance > **Backup & Recovery**
2. Check the backup status in the **Data Backup List**:
   - Ensure the backup status shows **Success** (not Failed or In Progress)
3. Confirm the backup hasn't exceeded its retention period:
   - Default retention is 7 days; backups older than this are automatically deleted
4. If the backup is missing, create a new manual backup:
   - In the **Backup & Recovery** tab, click **Create Backup**

**Verification**
- The backup appears in the list with status **Success**
- You can generate a download URL for the backup without receiving a 404 error

### Problem 3: Backup Storage Quota Exceeded

**Symptoms**
- Error code: `BackupStorageExceeded`
- Behavior: System alerts that backup storage usage exceeds the free quota
- Context: Occurs when total backup size (data + logs) exceeds 50% of purchased instance storage capacity

**Root Cause**
- ApsaraDB RDS provides free backup storage equal to 50% of the purchased storage capacity. When total backup usage exceeds this limit, the system flags it as over-quota, which may incur additional charges.

**Solution**
1. Reduce backup retention period:
   - In **RDS Console** > **Instances** > select instance > **Backup & Recovery** > **Backup Settings**
   - Set **Retention Period** to 7 days or less (default is 7 days)
2. Reduce data backup frequency:
   - In the same **Backup Settings**, change **Data Backup Frequency** from "Twice daily" to "Daily" if possible
3. Disable log backups if point-in-time recovery is not required:
   - Toggle **Log Backup** to **Disabled** in **Backup Settings**
   - Note: Disabling log backups prevents point-in-time recovery
4. Increase instance storage capacity (if backups are essential):
   - Go to **Instance Details** > **Change Specifications**
   - Increasing storage also increases free backup quota proportionally (50% of new capacity)

**Verification**
- In the **Backup & Recovery** section, check **Backup Usage** metrics
- Confirm that total backup storage is now within the free quota (≤ 50% of instance storage)
- Monitor billing dashboard to ensure no excess backup storage charges accrue

## FAQ

**Q: How do I check my current backup storage usage?**  
A: In the RDS console, go to your instance > **Backup & Recovery** tab. The backup usage chart shows current consumption against your free quota (50% of purchased storage).

**Q: What permissions are required to download RDS backups?**  
A: You need `rds:DescribeBackups`, `rds:DescribeBackupPolicy`, and `rds:CreateBackupDownloadURL` permissions on RDS, plus `oss:GetObject` permission on the RDS backup OSS buckets (typically named `rds-backup-*`).

**Q: Why is my backup file smaller than my database size?**  
A: Physical backups use compression and only include actual data, not empty space. Logical backups may exclude certain metadata. Additionally, cloud disk-based instances store backups efficiently using snapshots, which may appear smaller than raw data size.

**Q: Can I restore only a single database or table from a backup?**  
A: For RDS MySQL 5.6 High-availability Edition in supported regions (e.g., Singapore), you can restore individual databases or tables if the feature is activated. Contact support via ticket to enable this capability, as it requires special backup format (xbstream) handling.

**Q: Are there charges for downloading backups after October 18, 2022?**  
A: Yes. For cloud disk-based RDS instances, backup downloads now incur charges for Internet traffic and backup set conversion. Consider using internal network downloads or subscription-based network plans to reduce costs.