Cloud Backup:Tag-based automatic resource association and backup

Resource tags for backup policies support two types: all resources and specified tags.

• All resources: Cloud Backup automatically backs up all your resources based on the specified resource type in your backup policy.

• Specified tags: Cloud Backup automatically backs up resources that match the tags based on the specified resource type in your backup policy.

You can specify up to 30 tag rules. Cloud Backup automatically backs up the resources that meet all tag rules in your backup policy.

• For each tag rule, you must specify a tag key and a tag value, and define a rule to match the tag value. The following types of rules are supported: equal to a specified tag value, not equal to a specified tag value, and matches any value of a tag key.

Each time a backup policy is executed, Cloud Backup performs the following process to check tags and match resources:

• Automatically associate newly matched resources: When a new resource is associated with the tag or all resources are selected, the backup policy is automatically associated with the resource, and the resource will be backed up periodically from the next backup point in time.

• Automatically adjust associated resources: For resources that have been associated with the current backup policy, Cloud Backup checks whether the resources still meet the tag conditions of the backup policy. If a resource no longer matches the current tag, the backup policy is automatically dissociated from the resource, and the resource will no longer be backed up from the next backup point in time.

The Associate Resource Tag (Optional) feature is available only for Elastic Compute Service (ECS) instance backup, ECS file backup, Object Storage Service (OSS) backup, File Storage NAS (NAS) backup, and Tablestore backup.

You can specify up to 30 resource tags.

You can configure tags only on the Policy Center page in the Cloud Backup console. You can create or edit backup policies on other data source pages, but you cannot edit tags on these pages.

When a new resource is associated with the tag or all resources are selected, the backup policy is automatically associated with the resource, and the resource will be backed up periodically from the next backup point in time.

When a resource is disassociated from the tag, the backup policy is automatically dissociated from the resource, and the resource will no longer be backed up from the next backup point in time.

If you modify any parameter in the backup plan created based on the backup policy, the resources related to the backup plan are manually associated with the backup policy instead of being automatically associated with the backup policy based on tags. In addition, the resources are no longer affected by the changes of tag values in the backup policy.

You cannot specify backup content in a finer-grained manner when you set tags to associate resources in a backup policy. If you need to specify the backup content in a finer-grained manner, such as a specified directory on an ECS instance or a prefix in an OSS bucket, you can perform the settings in a backup plan.

ECS files are automatically associated with backup policies based on resource tags. A Cloud Backup client for ECS file backup is automatically installed during the backup. No manual operations are required. The automatically installed Cloud Backup client for ECS file backup is automatically uninstalled when the following conditions are met:

• The ECS files are disassociated from all backup policies.

• All backup points of ECS files are deleted or released upon expiration.

A backup policy can be manually associated with resources or automatically associated with resources based on resource tags.

• You can associate a resource with a backup policy only once.

• If you edit a backup plan, the association is changed from automatic association to manual association.

When you set tags to associate resources in a backup policy, the logical OR relation is used to connect different resources, and the logical AND relation is used between tags.

Each time a backup policy is executed, Cloud Backup queries all resources that match the resource tags and automatically associates the resources with the backup policy or disassociates the resources from the backup policy.

• If a resource matches a resource tag but the resource is not associated with the backup policy, Cloud Backup backs up the resource and automatically associates the resource with the backup policy in the current backup.

• If a resource matches a resource tag and the resource is associated with the backup policy, Cloud Backup backs up the resource in the current backup and retains the association between the resource and the backup policy.

• If a resource does not match a resource tag and is not associated with the backup policy, Cloud Backup does not back up the resource in the current backup.

• If a resource does not match a resource tag but is automatically associated with the backup policy, Cloud Backup does not back up the resource in the current backup and automatically disassociates the resource from the backup policy.

• If a resource does not match a resource tag but is manually associated with the backup policy, Cloud Backup backs up the resource in the current backup and retains the association between the resource and the backup policy.

Cloud Backup checks whether your resources match the resource tags specified in a backup policy by calling the resource query operation of the Resource service and the tag query operation of the Resource Management service. Cloud Backup automatically creates service-linked roles to obtain the permissions to access resources:

• Cloud Backup automatically creates the service-linked role AliyunServiceRoleForHbrEcsBackup to back up ECS files and ECS instances based on resource tags.

• Cloud Backup automatically creates the service-linked role AliyunServiceRoleForHbrOssBackup to back up OSS objects based on resource tags.

• Cloud Backup automatically creates the service-linked role AliyunServiceRoleForHbrNasBackup to back up NAS file systems based on resource tags.

• Cloud Backup automatically creates the service-linked role AliyunServiceRoleForHbrOtsBackup to back up Tablestore tables based on resource tags.

If a resource matches tags in multiple backup policies, Cloud Backup backs up the resource based on multiple backup policies.

A backup policy is automatically associated with resources based on resource tags. Cloud Backup backs up resources based on the default settings.

• ECS files: Cloud Backup backs up all files in an ECS instance except system directories and disables bandwidth throttling. The following part lists the system directories:

  Windows

  Windows\

  python27\

  Program Files (x86)\

  Program Files\

  ProgramData\

  Boot\

  $RECYCLE.BIN\

  System Volume Information\

  Users\Administrator\NTUSER.DAT

  pagefile.sys

  Users\Administrator\ntuser.dat.LOG1

  Linux

  /bin/

  /usr/bin/

  /sbin/

  /boot/

  /proc/

  /sys/

  /srv/

  /lib/

  /selinux/

  /usr/sbin/

  /run/

  /lib32/

  /lib64/

  /lost+found/

• OSS: Cloud Backup backs up all objects in an OSS bucket without using the OSS inventory feature.

• NAS: Cloud Backup backs up all files in the root directory of a NAS file system.

• Tablestore: Cloud Backup backs up all tables of a Tablestore instance and disables bandwidth throttling.

• ECS instance: Cloud Backup backs up all disks of an ECS instance and disables application consistency.

When you create or edit a backup policy, you can associate the backup policy with multiple resources by specifying tags. However, you cannot specify backup content in a finer-grained manner. To specify the backup content in a finer-grained manner, you can perform the settings in a backup plan. For more information, see Manage backup policies.

On the Policy Center page, you can click the icon on the left side of a backup policy to view the associated data sources.

You can remove resource tags from a backup policy. For more information, see Remove resource tags from the backup policy.