Share PolarDB Backup Sets Cross-Account via Resource Sharing - PolarDB

This feature is currently in beta. To enable it, submit a ticket.

The shared backup set feature lets you grant another Alibaba Cloud account read-only access to one of your PolarDB backup sets. The recipient can restore it to a new cluster in their own account — without you transferring or copying any data.

This feature is built on the Alibaba Cloud Resource Sharing service, which uses RAM for permission control.

How it works

Sharing a backup set does not copy data. You (the resource owner) grant read-only access to a backup set that stays in your account. The recipient (the resource user or principal) can see the shared backup set in their PolarDB console and restore it to a new cluster. They cannot delete, modify, or re-share it.

Benefits

Instant sharing: No data transfer required. Sharing is nearly instantaneous, regardless of backup size.
Data stays in your account: Access is controlled through RAM. No need to hand over account keys or export data.
Clear cost ownership: You pay for backup storage. The recipient pays only for the new cluster they create from the backup.
Full control: Share, view, and revoke access at any time from the console.

Prerequisites

Before you begin, ensure that you have:

A supported cluster type: not a Multi-master Cluster (Limitless) Edition cluster, not a High-availability Mode cluster with Three-zone deployment (hot standby storage cluster and logger node enabled), and not a cluster from the cluster recycle bin
At least one active backup set for the cluster
Both Transparent Data Encryption (TDE) and disk encryption disabled — encrypted backup sets cannot be shared
Both AliyunPolardbFullAccess (PolarDB) and AliyunResourceCenterFullAccess (Resource Sharing) permissions assigned to the RAM user or role performing the sharing operation

Limitations

Sharing quotas

Limit	Value
Accounts a single backup set can be shared with	64
Resources a single account can share (Resource Sharing service limit)	1,000
Backup sets a single account can share (PolarDB limit)	1,024

To increase the PolarDB-level limit beyond 1,024, apply for a quota increase.

Other limitations

Same region only: Cross-region backup sets (IDs starting with rp-xxx) cannot be shared. Sharing and restoration must happen within the same region. For example, a backup set from the China (Beijing) region can only be restored in China (Beijing).
Same site only: Sharing between the Aliyun website (aliyun.com) and the Alibaba Cloud international website (alibabacloud.com) is not supported.
No re-sharing: The recipient cannot share a received backup set with other accounts.
Tied to lifecycle: The recipient loses access if the resource owner releases the cluster, deletes the backup set, the backup set expires, or the owner cancels the share.

Revoking access follows the system task schedule and takes approximately 10 minutes. During this period, the backup set cannot be used to restore a cluster, even though the permissions temporarily still exist.

Billing

The shared backup set feature is free.

Resource owner: Pays for backup storage costs. See Billing rules for backup storage (beyond the free quota).
Resource user: No charge for accepting the share. When restoring from the shared backup, charges apply based on the new cluster's specifications.

Share a backup set

*Performed by: resource owner*

In the PolarDB console, go to the Clusters page and navigate to Settings and Management > Backup And Restoration for the target cluster.
On the Data Backups tab, find the backup set you want to share. In the Actions column, click Share Backups.
In the dialog box, choose a sharing method:
Create a new resource share
Use this method if you are sharing for the first time or want a separate resource share for this backup set.
1. Set Resource Share Name: Enter a name for the resource share.
2. Set Principal Scope: Choose who can be added as a principal.
  - All Accounts: Any Alibaba Cloud account can be added as a principal.
  - Objects Within Resource Directory: Only the management account, members, and folders within your resource directory can be added.
3. Set Principals: Add one or more Alibaba Cloud accounts as principals.
4. Click OK.
Select from existing resource shares
Use this method if you want to add this backup set to an existing resource share.
1. Select Resource Share: Choose an existing resource share from the drop-down list. The Shared Resource List shows the resources already in that share.
2. (Optional) Edit Principals: Add or remove principals as needed.
3. Click OK.
After sharing, the Attribute column for the backup set shows Sharing.

The Sharing status only appears after you set a principal. If no principal is set, the column shows -.

Accept a shared backup set

*Performed by: resource user (principal)*

After the resource owner shares a backup set, you must accept the sharing invitation before you can use it.

Go to the Resource Management console. In the left navigation pane, choose Resource Sharing > Shared To Me.
In the upper-left corner, select the region where the shared backup set resides.
Find the sharing invitation from the resource owner and click Accept.
After you accept, the status of the resource share changes to Enabled.

Use a shared backup set

*Performed by: resource user (principal)*

After accepting the invitation in the Resource Management console, switch to the PolarDB console to use the shared backup set.

In the left navigation pane, choose Shared Backups.
On the Shared Backups page, click the Shared With Me tab. Find the backup set and click Restore Data to New Cluster.

Manage shared backup sets

*Performed by: resource owner*

After sharing a backup set, manage it centrally in the PolarDB console.

If you did not set a principal when sharing, the backup set does not appear on the My Shares tab.

When a backup set is locked (for example, during restoration or during conversion from a level-1 backup to a level-2 backup), you cannot modify the sharing settings or cancel the share.

View the sharing relationship of a backup set

On the Shared Backups page, click the My Shares tab. Find the backup set and click Manage Sharing Relationship.
The Resource Sharing > My Shares page opens in the Resource Management console, where you can view the Resource Share and Principal for the backup set.

Modify sharing settings

On the Shared Backups page, click the My Shares tab. Find the backup set and click Share Backup.
In the dialog box, update the sharing settings as needed.

Cancel sharing

On the Shared Backups page, click the My Shares tab. Find the backup set and click Share Backup.
In the dialog box, remove the relevant principals by clicking Remove.

FAQ

After I share a backup set, can I still use it normally?

Yes. Sharing only grants read-only access to others. Your own use of the backup set — including restoration and cloning — is not affected.

Why can't I find the backup set shared with me on the Shared Backups page?

You likely have not accepted the sharing invitation yet. In the Resource Management console, choose Resource Sharing > Shared To Me, find the invitation, and click Accept. After accepting, switch to the PolarDB console and look for the backup set on the Shared With Me tab under Shared Backups.

Why is the Share Backup option unavailable in the Actions column?

This option is unavailable if TDE or disk encryption is enabled for the cluster. Disable encryption first, then share the backup set.

Why do I get an error when modifying sharing settings or canceling a share?

A locked backup set cannot be modified or unshared. A backup set is locked when it is being used for restoration or is being converted from a level-1 backup to a level-2 backup. Wait for the operation to complete and try again.

PolarDB:Share backup set