Quickstart: Create a backup policy for Azure Database for PostgreSQL - Flexible Server using Azure CLI

This quickstart describes how to create a backup policy to protect Azure Database for PostgreSQL - Flexible Server using Azure CLI.

Azure Backup policy for Azure Database for PostgreSQL - Flexible Server defines how and when backups are created, the retention period for recovery points, and the rules for data protection and recovery. Azure Backup allows you to back up your Azure PostgreSQL - Flexible Server using multiple clients, such as Azure portal, PowerShell, CLI, Azure Resource Manager, Bicep, Terraform, and so on.

Prerequisites

Before you create a backup policy for Azure Database for PostgreSQL - Flexible Server, ensure that the following prerequisites are met:

• Review the supported scenarios and limitations for backing up Azure Database for PostgreSQL - Flexible Servers.
• Create a Backup vault to store the recovery points for the database.

Create a backup policy

To create a backup policy, follow these steps:

1. Understand PostgreSQL - Flexible Server backup policy
2. Retrieve the policy template
3. Modify the policy template
4. Create the policy

Understand PostgreSQL - Flexible Server backup policy

Disk backup offers multiple backups per day, and blob backup is a continuous backup with no trigger. Now, let's understand the backup policy object for PostgreSQL – Flexible Server.

• PolicyRule
  • BackupRule
    • BackupParameter
      • BackupType (A full database backup in this scenario)
      • Initial Datastore (Where the backups should land initially)
      • Trigger (How the backup is triggered)
        • Schedule based
        • Default tagging criteria (a default 'tag' for all the scheduled backups. This tag links the backups to the retention rule)
  • Default Retention Rule (A rule that is applied to all backups, by default, on the initial datastore)

So, this object defines:

• The type of backups triggered
• The way the policy are triggered (via a schedule)
• The tags implemented to the Backup policy
• The location where the data is stored (a datastore)
• The life cycle of the backup data in a datastore

The default PowerShell object for PostgreSQL – Flexible Server triggers a full backup every week and they reach the vault, where they're stored for three months.

Retrieve the policy template

To understand the inner components of a Backup policy for Azure PostgreSQL – Flexible Server database backup, retrieve the policy template using the az dataprotection backup-policy get-default-policy-template command. This command returns a default policy template for a given datasource type. Use this policy template to create a new policy.

az dataprotection backup-policy get-default-policy-template --datasource-type AzureDatabaseForPostgreSQLFlexibleServer

{
  "datasourceTypes": [
    "Microsoft.DBforPostgreSQL/flexibleServers"
  ],
  "name": "OssFlexiblePolicy1",
  "objectType": "BackupPolicy",
  "policyRules": [
    {
      "backupParameters": {
        "backupType": "Full",
        "objectType": "AzureBackupParams"
      },
      "dataStore": {
        "dataStoreType": "VaultStore",
        "objectType": "DataStoreInfoBase"
      },
      "name": "BackupWeekly",
      "objectType": "AzureBackupRule",
      "trigger": {
        "objectType": "ScheduleBasedTriggerContext",
        "schedule": {
          "repeatingTimeIntervals": [
            "R/2021-08-15T06:30:00+00:00/P1W"
          ],
          "timeZone": "UTC"
        },
        "taggingCriteria": [
          {
            "isDefault": true,
            "tagInfo": {
              "id": "Default_",
              "tagName": "Default"
            },
            "taggingPriority": 99
          }
        ]
      }
    },
    {
      "isDefault": true,
      "lifecycles": [
        {
          "deleteAfter": {
            "duration": "P3M",
            "objectType": "AbsoluteDeleteOption"
          },
          "sourceDataStore": {
            "dataStoreType": "VaultStore",
            "objectType": "DataStoreInfoBase"
          },
          "targetDataStoreCopySettings": []
        }
      ],
      "name": "Default",
      "objectType": "AzureRetentionRule"
    }
  ]
}

The policy template consists of a trigger (decides what triggers the backup) and a lifecycle (decides when to delete, copy, move the backup). In Azure PostgreSQL – Flexible Server database backup, the default value for trigger is a scheduled Weekly trigger (one backup every 7 days) and to retain each backup for three months.

Scheduled trigger:

"trigger": {
        "objectType": "ScheduleBasedTriggerContext",
        "schedule": {
          "repeatingTimeIntervals": [
            "R/2021-08-15T06:30:00+00:00/P1W"
          ],
          "timeZone": "UTC"
        }

Default retention rule lifecycle:

{
      "isDefault": true,
      "lifecycles": [
        {
          "deleteAfter": {
            "duration": "P3M",
            "objectType": "AbsoluteDeleteOption"
          },
          "sourceDataStore": {
            "dataStoreType": "VaultStore",
            "objectType": "DataStoreInfoBase"
          },
          "targetDataStoreCopySettings": []
        }
      ],
      "name": "Default",
      "objectType": "AzureRetentionRule"
    }

Modify the policy template

Important

In Azure PowerShell, Objects can be used as staging locations to perform all modifications. In Azure CLI, we have to use files, as there's no notion of Objects. Each edit operation should be redirected to a new file, where content is read from the input file and redirected to the output file. You can later rename the file as required while using in a script.

Modify the schedule

The default policy template offers a backup once per week. You can modify the schedule for the backup to happen multiple days per week. To modify the schedule, use the az dataprotection backup-policy trigger set command.

The following example modifies the weekly backup to back up happening on every Sunday, Wednesday, and Friday of every week. The schedule date array mentions the dates, and the days of the week of those dates are taken as days of the week. Also, specify that these schedules should repeat every week. So, the schedule interval is 1 and the interval type is Weekly.

az dataprotection backup-policy trigger create-schedule --interval-type Weekly --interval-count 1 --schedule-days 2021-08-15T22:00:00 2021-08-18T22:00:00 2021-08-20T22:00:00
[
  "R/2021-08-15T22:00:00+00:00/P1W",
  "R/2021-08-18T22:00:00+00:00/P1W",
  "R/2021-08-20T22:00:00+00:00/P1W"
]

az dataprotection backup-policy trigger set --policy .\OSSPolicy.json  --schedule R/2021-08-15T22:00:00+00:00/P1W R/2021-08-18T22:00:00+00:00/P1W R/2021-08-20T22:00:00+00:00/P1W > EditedOSSPolicy.json

Add a new retention rule

The default template has a lifecycle for the initial datastore under the default retention rule. In this scenario, the rule deletes the backup data after three months. Use the az dataprotection backup-policy retention-rule create-lifecycle command to create new lifecycles and use the az dataprotection backup-policy retention-rule set command to associate them with the new rules or to the existing rules.

The following example creates a new retention rule named Monthly, where the first successful backup of every month should be retained in vault for six months.

az dataprotection backup-policy retention-rule create-lifecycle --retention-duration-count 6 --retention-duration-type Months --source-datastore VaultStore > VaultLifeCycle.JSON

az dataprotection backup-policy retention-rule set --lifecycles .\VaultLifeCycle.JSON --name Monthly --policy .\EditedOSSPolicy.json > AddedRetentionRulePolicy.JSON

Add a tag and the relevant criteria

Once a retention rule is created, you have to create a corresponding tag in the Trigger property of the Backup policy. Use the az dataprotection backup-policy tag create-absolute-criteria command to create a new tagging criteria and use the az dataprotection backup-policy tag set command to update the existing tag or create a new tag.

The following example creates a new tag along with the criteria, the first successful backup of the month. The tag has the same name as the corresponding retention rule to be applied.

In this example, the tag criteria should be named Monthly.

az dataprotection backup-policy tag create-absolute-criteria --absolute-criteria FirstOfMonth > tagCriteria.JSON
az dataprotection backup-policy tag set --criteria .\tagCriteria.JSON --name Monthly --policy .\AddedRetentionRulePolicy.JSON > AddedRetentionRuleAndTag.JSON

For example, if the schedule is multiple backups per week (every Sunday, Wednesday, Thursday as specified in the example) and you want to archive the Sunday and Friday backups, then the tagging criteria can be changed as follows, using the az dataprotection backup-policy tag create-generic-criteria command.

az dataprotection backup-policy tag create-generic-criteria --days-of-week Sunday Friday > tagCriteria.JSON
az dataprotection backup-policy tag set --criteria .\tagCriteria.JSON --name Monthly --policy .\AddedRetentionRulePolicy.JSON > AddedRetentionRuleAndTag.JSON

Create the policy

Once the template is modified as per the requirements, use the az dataprotection backup-policy create command to create a policy using the modified template.

az dataprotection backup-policy create --backup-policy-name FinalOSSPolicy --policy AddedRetentionRuleAndTag.JSON --resource-group testBkpVaultRG --vault-name TestBkpVault

Next steps

Configure backup for Azure Database for PostgreSQL - flexible server using Azure CLI.