From dbdb6914392697d165bcd21b14ec62ad10fc4c54 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Fri, 19 Dec 2025 13:33:55 +0800 Subject: [PATCH 01/21] add restore from s3/oss --- .../premium/backup-and-restore-premium.md | 40 +++++++++++++++++-- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index ba925dda19a4a..798b92fe0dddd 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -154,11 +154,12 @@ To restore a deleted instance from the Recycle Bin, take the following steps: 3. On the **Restore** page, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to restore the backup to a new instance. -### Restore classic backups from a different plan type +### Restore backups from a different plan type -Currently, you can only restore classic backups from a {{{ .dedicated }}} cluster hosted on AWS to a new {{{ .premium }}} instance. -To restore a classic backup generated by a {{{ .dedicated }}} cluster, follow these steps: +Currently, you can only restore backups from a {{{ .dedicated }}} cluster hosted on AWS to a new {{{ .premium }}} instance. + +To restore a backup generated by a {{{ .dedicated }}} cluster, follow these steps: 1. Log in to the [TiDB Cloud console](https://tidbcloud.com), and then navigate to the [**TiDB Instances**](https://tidbcloud.com/tidbs) page. In the upper-right corner, click **...**, and then click **Restore from Another Plan**. @@ -171,6 +172,39 @@ To restore a classic backup generated by a {{{ .dedicated }}} cluster, follow th 3. On the **Restore** page, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to restore the backup to a new instance. + + +### Restore Backups from a Cloud Storage + +TiDB Cloud {{{ .premium }}} supports restoring backups from cloud object storage (such as AWS S3 or Alibaba Cloud OSS) to a new TiDB Cloud instance. This feature is compatible with backups generated from TiDB Cloud {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. + +#### Prerequisites + +Before you begin, ensure the following: + +- **Supported Cloud Providers**: Currently, only backups located in **AWS S3** and **Alibaba Cloud OSS** are supported. +- **Cloud Provider Consistency**: You can only restore to a new instance that uses the same cloud provider as your storage bucket. +- **Credentials**: You have the **Access Key** and **Secret Key** with sufficient permissions to access the backup files. + +#### Steps + +1. Log in to the [TiDB Cloud console](https://tidbcloud.com), and then navigate to the [**TiDB Instances**](https://tidbcloud.com/tidbs) page. In the upper-right corner, click **...** , and then click **Restore from Cloud storage**. + +2. On the **Select Backup Storage Location** page, provide the following information: + - **Cloud Provider**: Select the provider where your backup file is located + - **Backup Files URI**: Enter the URI of the top-level folder that contains your backup files + - **Authentication**: Enter your **Access Key** and **Secret Key** + and then click **Verify Backup and Next**. + +3. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup metadata information displayed at the top of the page: + - If the information is incorrect, click **Previous** at the bottom of the page to return to the storage configuration. + - If the information is correct, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to configure and create your new instance. + +Note + - You can only restore backups to an instance within the same cloud provider environment. + - If the region of the new instance differs from the region of the storage bucket, additional **cross-region data transfer fees** may apply. + + ## Limitations Currently, manual backups are not supported for {{{ .premium }}} instances. From 0e7e99e558f9bcf2c9bfba439814bd252d04f4a5 Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Fri, 19 Dec 2025 13:50:58 +0800 Subject: [PATCH 02/21] Update tidb-cloud/premium/backup-and-restore-premium.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/backup-and-restore-premium.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 798b92fe0dddd..7f3ec8915ed59 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -200,9 +200,9 @@ Before you begin, ensure the following: - If the information is incorrect, click **Previous** at the bottom of the page to return to the storage configuration. - If the information is correct, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to configure and create your new instance. -Note - - You can only restore backups to an instance within the same cloud provider environment. - - If the region of the new instance differs from the region of the storage bucket, additional **cross-region data transfer fees** may apply. +> **Note:** +> +> If the region of the new instance differs from the region of the storage bucket, additional **cross-region data transfer fees** may apply. ## Limitations From ccf92e71c043dfdaebcf9e591d14c2c3ea8c9d28 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 19 Dec 2025 14:43:58 +0800 Subject: [PATCH 03/21] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/premium/backup-and-restore-premium.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 7f3ec8915ed59..c992d91fde7aa 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -174,7 +174,7 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step -### Restore Backups from a Cloud Storage +### Restore backups from a cloud storage TiDB Cloud {{{ .premium }}} supports restoring backups from cloud object storage (such as AWS S3 or Alibaba Cloud OSS) to a new TiDB Cloud instance. This feature is compatible with backups generated from TiDB Cloud {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. @@ -184,17 +184,16 @@ Before you begin, ensure the following: - **Supported Cloud Providers**: Currently, only backups located in **AWS S3** and **Alibaba Cloud OSS** are supported. - **Cloud Provider Consistency**: You can only restore to a new instance that uses the same cloud provider as your storage bucket. -- **Credentials**: You have the **Access Key** and **Secret Key** with sufficient permissions to access the backup files. +- **Credentials**: You have the access key and secret key with sufficient permissions to access the backup files. #### Steps 1. Log in to the [TiDB Cloud console](https://tidbcloud.com), and then navigate to the [**TiDB Instances**](https://tidbcloud.com/tidbs) page. In the upper-right corner, click **...** , and then click **Restore from Cloud storage**. -2. On the **Select Backup Storage Location** page, provide the following information: - - **Cloud Provider**: Select the provider where your backup file is located - - **Backup Files URI**: Enter the URI of the top-level folder that contains your backup files - - **Authentication**: Enter your **Access Key** and **Secret Key** - and then click **Verify Backup and Next**. +2. On the **Select Backup Storage Location** page, provide the following information, and then click **Verify Backup and Next**: + - **Cloud Provider**: select the provider where your backup file is located + - **Backup Files URI**: enter the URI of the top-level folder that contains your backup files + - **Authentication**: enter your access key and secret key 3. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup metadata information displayed at the top of the page: - If the information is incorrect, click **Previous** at the bottom of the page to return to the storage configuration. From b4d0f9a78be72f0c03061c3ff42e2529b1071ad1 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Fri, 19 Dec 2025 14:47:31 +0800 Subject: [PATCH 04/21] Apply suggestions from code review --- tidb-cloud/premium/backup-and-restore-premium.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index c992d91fde7aa..a9797570db32b 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -172,8 +172,6 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step 3. On the **Restore** page, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to restore the backup to a new instance. - - ### Restore backups from a cloud storage TiDB Cloud {{{ .premium }}} supports restoring backups from cloud object storage (such as AWS S3 or Alibaba Cloud OSS) to a new TiDB Cloud instance. This feature is compatible with backups generated from TiDB Cloud {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. @@ -201,8 +199,7 @@ Before you begin, ensure the following: > **Note:** > -> If the region of the new instance differs from the region of the storage bucket, additional **cross-region data transfer fees** may apply. - +> If the instance and the storage bucket are located in different regions, additional cross-region data transfer fees might apply. ## Limitations From 1862cca6d7216f3f79e95acbb4ab4b8ab1b783cc Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 09:51:46 +0800 Subject: [PATCH 05/21] Update backup-and-restore-premium.md --- .../premium/backup-and-restore-premium.md | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index a9797570db32b..660250c7ad192 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -156,7 +156,6 @@ To restore a deleted instance from the Recycle Bin, take the following steps: ### Restore backups from a different plan type - Currently, you can only restore backups from a {{{ .dedicated }}} cluster hosted on AWS to a new {{{ .premium }}} instance. To restore a backup generated by a {{{ .dedicated }}} cluster, follow these steps: @@ -174,32 +173,36 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step ### Restore backups from a cloud storage -TiDB Cloud {{{ .premium }}} supports restoring backups from cloud object storage (such as AWS S3 or Alibaba Cloud OSS) to a new TiDB Cloud instance. This feature is compatible with backups generated from TiDB Cloud {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. +{{{ .premium }}} supports restoring backups from cloud object storage (such as AWS S3 or Alibaba Cloud OSS) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. + +> **Note:** +> +> If the instance and the storage bucket are located in different regions, additional cross-region data transfer fees might apply. #### Prerequisites Before you begin, ensure the following: -- **Supported Cloud Providers**: Currently, only backups located in **AWS S3** and **Alibaba Cloud OSS** are supported. -- **Cloud Provider Consistency**: You can only restore to a new instance that uses the same cloud provider as your storage bucket. -- **Credentials**: You have the access key and secret key with sufficient permissions to access the backup files. +- Supported cloud providers: currently, only backups located in **AWS S3** and **Alibaba Cloud OSS** are supported. +- Cloud provider consistency: you can only restore to a new instance that uses the same cloud provider as your storage bucket. +- Credentials: You have the access key and secret key with sufficient permissions to access the backup files. #### Steps +To restore backups from a cloud storage, do the following: + 1. Log in to the [TiDB Cloud console](https://tidbcloud.com), and then navigate to the [**TiDB Instances**](https://tidbcloud.com/tidbs) page. In the upper-right corner, click **...** , and then click **Restore from Cloud storage**. 2. On the **Select Backup Storage Location** page, provide the following information, and then click **Verify Backup and Next**: + - **Cloud Provider**: select the provider where your backup file is located - **Backup Files URI**: enter the URI of the top-level folder that contains your backup files - **Authentication**: enter your access key and secret key 3. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup metadata information displayed at the top of the page: - - If the information is incorrect, click **Previous** at the bottom of the page to return to the storage configuration. - - If the information is correct, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to configure and create your new instance. -> **Note:** -> -> If the instance and the storage bucket are located in different regions, additional cross-region data transfer fees might apply. + - If the information is correct, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to configure and create your new instance. + - If the information is not correct, click **Previous** at the bottom of the page to return to the storage configuration, and then enter the correct information. ## Limitations From a7e98f05d1c018a6e40c16b4d5d75b327f7d89f3 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 11:05:20 +0800 Subject: [PATCH 06/21] Update backup restore and instance creation steps Clarified and updated instructions for restoring backups from cloud storage, including revised authentication fields and step order. Added details about regional high availability for premium instances and adjusted step numbering for instance creation. --- .../premium/backup-and-restore-premium.md | 18 ++++++++++++------ .../premium/create-tidb-instance-premium.md | 4 +++- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 660250c7ad192..c09c363ef2ebf 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -191,19 +191,25 @@ Before you begin, ensure the following: To restore backups from a cloud storage, do the following: -1. Log in to the [TiDB Cloud console](https://tidbcloud.com), and then navigate to the [**TiDB Instances**](https://tidbcloud.com/tidbs) page. In the upper-right corner, click **...** , and then click **Restore from Cloud storage**. +1. Log in to the [TiDB Cloud console](https://tidbcloud.com), and then navigate to the [**TiDB Instances**](https://tidbcloud.com/tidbs) page. In the upper-right corner, click **...** , and then click **Restore from Cloud Storage**. -2. On the **Select Backup Storage Location** page, provide the following information, and then click **Verify Backup and Next**: +2. On the **Select Backup Storage Location** page, provide the following information: - **Cloud Provider**: select the provider where your backup file is located - **Backup Files URI**: enter the URI of the top-level folder that contains your backup files - - **Authentication**: enter your access key and secret key + - **Access Key ID**: enter your access key ID + - **Access Key Secret**: enter your access key secret -3. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup metadata information displayed at the top of the page: +3. Click **Verify Backup and Next**. - - If the information is correct, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to configure and create your new instance. - - If the information is not correct, click **Previous** at the bottom of the page to return to the storage configuration, and then enter the correct information. +4. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup metadata information displayed at the top of the page. Follow the same steps as [create a new TiDB instance](/tidb-cloud/premium/create-tidb-instance-premium.md) to restore the backup to a new instance. + + If the information is not correct, click **Previous** at the bottom of the page to return to the storage configuration, and then enter the correct information. + +5. Click **Restore** to restore the backup. ## Limitations Currently, manual backups are not supported for {{{ .premium }}} instances. + +5. Configure your new TiDB instance for restoration. The steps are the same as [creating a new TiDB instance](/tidb-cloud/premium/create-tidb-instance-premium.md). \ No newline at end of file diff --git a/tidb-cloud/premium/create-tidb-instance-premium.md b/tidb-cloud/premium/create-tidb-instance-premium.md index b1b91acefd958..5ffdd6823be2c 100644 --- a/tidb-cloud/premium/create-tidb-instance-premium.md +++ b/tidb-cloud/premium/create-tidb-instance-premium.md @@ -52,7 +52,9 @@ If you have the `Organization Owner` role, you can create a {{{ .premium }}} ins RCUs represent the compute resources provisioned for your workload. TiDB Cloud automatically scales your instance within this range based on demand. -6. Click **Create**. +6. For {{{ .premium }}} instances, only regional high availability is enabled, and it is not configurable. For more information, see [High Availability](/tidb-cloud/serverless-high-availability.md). + +7. Click **Create**. The instance creation process begins. If this is your first instance in the selected region, provisioning typically takes about 30 minutes. If the selected region already has existing instances, the process is faster and usually completes within about 1 minute. From 9dbf2afbb91987484fcab46340986308bcbe7df9 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 11:08:39 +0800 Subject: [PATCH 07/21] Update backup-and-restore-premium.md --- tidb-cloud/premium/backup-and-restore-premium.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index c09c363ef2ebf..2a90385198b30 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -211,5 +211,3 @@ To restore backups from a cloud storage, do the following: ## Limitations Currently, manual backups are not supported for {{{ .premium }}} instances. - -5. Configure your new TiDB instance for restoration. The steps are the same as [creating a new TiDB instance](/tidb-cloud/premium/create-tidb-instance-premium.md). \ No newline at end of file From 8a789152ce173fb5794c36fde73361a7c5cd6cfa Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 11:11:29 +0800 Subject: [PATCH 08/21] Update backup-and-restore-premium.md --- tidb-cloud/premium/backup-and-restore-premium.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 2a90385198b30..7779c7c1bca08 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -173,7 +173,7 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step ### Restore backups from a cloud storage -{{{ .premium }}} supports restoring backups from cloud object storage (such as AWS S3 or Alibaba Cloud OSS) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. +{{{ .premium }}} supports restoring backups from a cloud storage (such as AWS S3 or Alibaba Cloud OSS) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. > **Note:** > @@ -200,11 +200,11 @@ To restore backups from a cloud storage, do the following: - **Access Key ID**: enter your access key ID - **Access Key Secret**: enter your access key secret -3. Click **Verify Backup and Next**. +3. Click **Verify Backup and Next**. 4. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup metadata information displayed at the top of the page. Follow the same steps as [create a new TiDB instance](/tidb-cloud/premium/create-tidb-instance-premium.md) to restore the backup to a new instance. - If the information is not correct, click **Previous** at the bottom of the page to return to the storage configuration, and then enter the correct information. + If the information is not correct, click **Previous** to return to the previous page, and then enter the correct information. 5. Click **Restore** to restore the backup. From 4abb72f7297704d210e1f3c218285e5510e7721b Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 11:21:36 +0800 Subject: [PATCH 09/21] Update backup-and-restore-premium.md --- tidb-cloud/premium/backup-and-restore-premium.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 7779c7c1bca08..678385c25ba4c 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -173,7 +173,7 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step ### Restore backups from a cloud storage -{{{ .premium }}} supports restoring backups from a cloud storage (such as AWS S3 or Alibaba Cloud OSS) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. +{{{ .premium }}} supports restoring backups from a cloud storage (such as AWS S3 and Alibaba Cloud Object Storage Service (OSS)) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. > **Note:** > @@ -184,8 +184,8 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step Before you begin, ensure the following: - Supported cloud providers: currently, only backups located in **AWS S3** and **Alibaba Cloud OSS** are supported. -- Cloud provider consistency: you can only restore to a new instance that uses the same cloud provider as your storage bucket. -- Credentials: You have the access key and secret key with sufficient permissions to access the backup files. +- Cloud provider consistency: you can only restore backups to a new instance in the same cloud provider as your storage bucket. +- Credentials: you have the access key and secret key with sufficient permissions to access the backup files. #### Steps @@ -202,7 +202,7 @@ To restore backups from a cloud storage, do the following: 3. Click **Verify Backup and Next**. -4. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup metadata information displayed at the top of the page. Follow the same steps as [create a new TiDB instance](/tidb-cloud/premium/create-tidb-instance-premium.md) to restore the backup to a new instance. +4. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup information displayed at the top of the page. Follow the steps in [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md) to restore the backup to a new instance. If the information is not correct, click **Previous** to return to the previous page, and then enter the correct information. From fd5fb3ba0f1b83a07e1e7418629e8899fbe99ead Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 11:25:14 +0800 Subject: [PATCH 10/21] Update backup-and-restore-premium.md --- tidb-cloud/premium/backup-and-restore-premium.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 678385c25ba4c..18c3e79bf5a51 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -171,9 +171,9 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step 3. On the **Restore** page, follow the same steps as [Restore to a new instance](#restore-to-a-new-instance) to restore the backup to a new instance. -### Restore backups from a cloud storage +### Restore backups from cloud storage -{{{ .premium }}} supports restoring backups from a cloud storage (such as AWS S3 and Alibaba Cloud Object Storage Service (OSS)) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. +{{{ .premium }}} supports restoring backups from cloud storage (such as AWS S3 and Alibaba Cloud Object Storage Service (OSS)) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. > **Note:** > @@ -189,7 +189,7 @@ Before you begin, ensure the following: #### Steps -To restore backups from a cloud storage, do the following: +To restore backups from cloud storage, do the following: 1. Log in to the [TiDB Cloud console](https://tidbcloud.com), and then navigate to the [**TiDB Instances**](https://tidbcloud.com/tidbs) page. In the upper-right corner, click **...** , and then click **Restore from Cloud Storage**. From 3adebbb4b6efb76a38c75f6c9e23fd3f80b3ac5f Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 13:17:03 +0800 Subject: [PATCH 11/21] Refactor limitations and prerequisites in restore guide Moved and consolidated limitations for restoring backups to a dedicated section before the steps. Clarified supported cloud providers, manual backup support, and cross-region fees. Updated prerequisites to focus on required credentials. --- .../premium/backup-and-restore-premium.md | 21 +++++++------------ 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 18c3e79bf5a51..6d58ff46ba503 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -175,20 +175,17 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step {{{ .premium }}} supports restoring backups from cloud storage (such as AWS S3 and Alibaba Cloud Object Storage Service (OSS)) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. -> **Note:** -> -> If the instance and the storage bucket are located in different regions, additional cross-region data transfer fees might apply. - -#### Prerequisites - -Before you begin, ensure the following: +## Limitations -- Supported cloud providers: currently, only backups located in **AWS S3** and **Alibaba Cloud OSS** are supported. -- Cloud provider consistency: you can only restore backups to a new instance in the same cloud provider as your storage bucket. -- Credentials: you have the access key and secret key with sufficient permissions to access the backup files. +- Currently, manual backups are not supported for {{{ .premium }}} instances. +- Currently, only backups located in **AWS S3** and **Alibaba Cloud OSS** are supported. +- You can only restore backups to a new instance in the same cloud provider as your storage bucket. +- If the instance and the storage bucket are located in different regions, additional cross-region data transfer fees might apply. #### Steps +Before getting started, ensure that you have the access key and secret key with sufficient permissions to access the backup files. + To restore backups from cloud storage, do the following: 1. Log in to the [TiDB Cloud console](https://tidbcloud.com), and then navigate to the [**TiDB Instances**](https://tidbcloud.com/tidbs) page. In the upper-right corner, click **...** , and then click **Restore from Cloud Storage**. @@ -207,7 +204,3 @@ To restore backups from cloud storage, do the following: If the information is not correct, click **Previous** to return to the previous page, and then enter the correct information. 5. Click **Restore** to restore the backup. - -## Limitations - -Currently, manual backups are not supported for {{{ .premium }}} instances. From 1248d0238ece62bf429ab8346e3dbc337e2370b9 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Mon, 22 Dec 2025 14:24:06 +0800 Subject: [PATCH 12/21] Apply suggestions from code review Co-authored-by: Grace Cai --- .../premium/backup-and-restore-premium.md | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index 6d58ff46ba503..ddd29a56ec56d 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -173,18 +173,18 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step ### Restore backups from cloud storage -{{{ .premium }}} supports restoring backups from cloud storage (such as AWS S3 and Alibaba Cloud Object Storage Service (OSS)) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or self-managed (on-premises) clusters. +{{{ .premium }}} supports restoring backups from cloud storage (such as Amazon S3 and Alibaba Cloud Object Storage Service (OSS)) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or TiDB Self-Managed clusters. -## Limitations +#### Limitations - Currently, manual backups are not supported for {{{ .premium }}} instances. -- Currently, only backups located in **AWS S3** and **Alibaba Cloud OSS** are supported. -- You can only restore backups to a new instance in the same cloud provider as your storage bucket. +- Currently, only backups located in **Amazon S3** and **Alibaba Cloud OSS** are supported for restore. +- You can restore backups only to a new instance hosted by the same cloud provider as your storage bucket. - If the instance and the storage bucket are located in different regions, additional cross-region data transfer fees might apply. #### Steps -Before getting started, ensure that you have the access key and secret key with sufficient permissions to access the backup files. +Before you begin, ensure that you have an access key and secret key with sufficient permissions to access the backup files. To restore backups from cloud storage, do the following: @@ -192,15 +192,16 @@ To restore backups from cloud storage, do the following: 2. On the **Select Backup Storage Location** page, provide the following information: - - **Cloud Provider**: select the provider where your backup file is located - - **Backup Files URI**: enter the URI of the top-level folder that contains your backup files - - **Access Key ID**: enter your access key ID - - **Access Key Secret**: enter your access key secret + - **Cloud Provider**: select the cloud provider where your backup files are stored. + - **Region**: if your cloud provider is Alibaba Cloud OSS, select a Region. + - **Backup Files URI**: enter the URI of the top-level folder that contains your backup files. + - **Access Key ID**: enter your access key ID. + - **Access Key Secret**: enter your access key secret. 3. Click **Verify Backup and Next**. -4. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup information displayed at the top of the page. Follow the steps in [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md) to restore the backup to a new instance. +4. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup information displayed at the top of the page, and then follow the steps in [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md) to restore the backup to a new instance. - If the information is not correct, click **Previous** to return to the previous page, and then enter the correct information. + If the backup information is incorrect, click **Previous** to return to the previous page, and then enter the correct information. 5. Click **Restore** to restore the backup. From 97e95ab88d4100f68cbfb877678b637cfbaff4cd Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 14:27:45 +0800 Subject: [PATCH 13/21] Update serverless-high-availability.md --- tidb-cloud/serverless-high-availability.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/serverless-high-availability.md b/tidb-cloud/serverless-high-availability.md index 60d4823859523..733bc87b257e9 100644 --- a/tidb-cloud/serverless-high-availability.md +++ b/tidb-cloud/serverless-high-availability.md @@ -1,9 +1,9 @@ --- -title: High Availability in {{{ .starter }}} and Essential -summary: Learn about the high availability architecture of {{{ .starter }}} and Essential. Discover Zonal and Regional High Availability options, automated backups, failover processes, and how TiDB ensures data durability and business continuity. +title: High Availability in {{{ .starter }}}, Essential and {{{ .premium }}} +summary: Learn about the high availability architecture of {{{ .starter }}}, Essential and {{{ .premium }}}. Discover Zonal and Regional High Availability options, automated backups, failover processes, and how TiDB ensures data durability and business continuity. --- -# High Availability in {{{ .starter }}} and Essential +# High Availability in {{{ .starter }}}, Essential and {{{ .premium }}} TiDB Cloud is designed with robust mechanisms to maintain high availability and data durability by default, preventing single points of failure and ensuring continuous service even in the face of disruptions. As a fully managed service based on the battle-tested TiDB Open Source product, it inherits TiDB's core high availability (HA) features and augments them with additional cloud-native capabilities. @@ -16,6 +16,7 @@ TiDB Cloud extends these capabilities with zonal high availability and regional > **Note:** > > - For {{{ .starter }}} clusters, only zonal high availability is enabled, and it is not configurable. +> - For {{{ .premium }}} clusters, only regional high availability is enabled, and it is not configurable. > - For {{{ .essential }}} clusters hosted in the AWS Tokyo (ap-northeast-1) region or any Alibaba Cloud region, regional high availability is enabled by default. You can change it to zonal high availability as needed during cluster creation. For {{{ .essential }}} clusters hosted in other regions, only zonal high availability is enabled, and it is not configurable. - **Zonal high availability**: This option places all nodes within a single availability zone, reducing network latency. It ensures high availability without requiring application-level redundancy across zones, making it suitable for applications that prioritize low latency within a single zone. For more information, see [Zonal high availability architecture](#zonal-high-availability-architecture). From c539192b789d5d48a09d931f564a68e7a941ce1a Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 14:31:25 +0800 Subject: [PATCH 14/21] Update high availability references to include Premium Expanded documentation links to reference 'Premium' alongside 'Starter' and 'Essential' in high availability sections for clarity and completeness. --- tidb-cloud/architecture-concepts.md | 2 +- tidb-cloud/key-concepts.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/architecture-concepts.md b/tidb-cloud/architecture-concepts.md index e184dc82fd064..8af2d234555ea 100644 --- a/tidb-cloud/architecture-concepts.md +++ b/tidb-cloud/architecture-concepts.md @@ -60,7 +60,7 @@ For applications experiencing growing workloads and needing scalability in real - By default, clusters utilizing the Zonal High Availability option have all components located within the same availability zone, which results in lower network latency. - For applications that require maximum infrastructure isolation and redundancy, the Regional High Availability option distributes nodes across multiple availability zones. -For more information, see [High Availability in {{{ .starter }}} and Essential](/tidb-cloud/serverless-high-availability.md). +For more information, see [High Availability in {{{ .starter }}}, Essential and {{{ .premium }}}](/tidb-cloud/serverless-high-availability.md). ## TiDB Cloud Dedicated diff --git a/tidb-cloud/key-concepts.md b/tidb-cloud/key-concepts.md index e92067db3ca78..268837562a878 100644 --- a/tidb-cloud/key-concepts.md +++ b/tidb-cloud/key-concepts.md @@ -39,7 +39,7 @@ TiDB Cloud Dedicated lets you adjust its compute and storage resources separatel TiDB Cloud ensures high availability in {{{ .starter }}}, {{{ .essential }}}, and TiDB Cloud Dedicated clusters: -- [High Availability in {{{ .starter }}} and Essential](/tidb-cloud/serverless-high-availability.md) +- [High Availability in {{{ .starter }}}, Essential and {{{ .premium }}}](/tidb-cloud/serverless-high-availability.md) - [High Availability in TiDB Cloud Dedicated](/tidb-cloud/high-availability-with-multi-az.md) ## Monitoring From 34d8259aaa527f1f426d57bbccc33b9d1c8dd84b Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 14:53:32 +0800 Subject: [PATCH 15/21] Update serverless-high-availability.md --- tidb-cloud/serverless-high-availability.md | 23 +++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/serverless-high-availability.md b/tidb-cloud/serverless-high-availability.md index 733bc87b257e9..2ca85b8a4aad0 100644 --- a/tidb-cloud/serverless-high-availability.md +++ b/tidb-cloud/serverless-high-availability.md @@ -1,24 +1,41 @@ --- -title: High Availability in {{{ .starter }}}, Essential and {{{ .premium }}} -summary: Learn about the high availability architecture of {{{ .starter }}}, Essential and {{{ .premium }}}. Discover Zonal and Regional High Availability options, automated backups, failover processes, and how TiDB ensures data durability and business continuity. +title: High Availability in TiDB Cloud +summary: Learn about the high availability architecture of {{{ .starter }}} and {{{ .essential }}}{{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}. Discover Zonal and Regional High Availability options, automated backups, failover processes, and how TiDB ensures data durability and business continuity. --- -# High Availability in {{{ .starter }}}, Essential and {{{ .premium }}} +# High Availability in TiDB Cloud TiDB Cloud is designed with robust mechanisms to maintain high availability and data durability by default, preventing single points of failure and ensuring continuous service even in the face of disruptions. As a fully managed service based on the battle-tested TiDB Open Source product, it inherits TiDB's core high availability (HA) features and augments them with additional cloud-native capabilities. +> **Note:** +> +> This document is only applicable for {{{ .starter }}} and {{{ .essential }}}{{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}. + ## Overview TiDB ensures high availability and data durability using the Raft consensus algorithm. This algorithm consistently replicates data changes across multiple nodes, allowing TiDB to handle read and write requests even in the event of node failures or network partitions. This approach provides both high data durability and fault tolerance. TiDB Cloud extends these capabilities with zonal high availability and regional high availability to meet different operational requirements. + + +> **Note:** +> +> - For {{{ .starter }}} clusters, only zonal high availability is enabled, and it is not configurable. +> - For {{{ .essential }}} clusters hosted in the AWS Tokyo (ap-northeast-1) region or any Alibaba Cloud region, regional high availability is enabled by default. You can change it to zonal high availability as needed during cluster creation. For {{{ .essential }}} clusters hosted in other regions, only zonal high availability is enabled, and it is not configurable. + + + + + > **Note:** > > - For {{{ .starter }}} clusters, only zonal high availability is enabled, and it is not configurable. > - For {{{ .premium }}} clusters, only regional high availability is enabled, and it is not configurable. > - For {{{ .essential }}} clusters hosted in the AWS Tokyo (ap-northeast-1) region or any Alibaba Cloud region, regional high availability is enabled by default. You can change it to zonal high availability as needed during cluster creation. For {{{ .essential }}} clusters hosted in other regions, only zonal high availability is enabled, and it is not configurable. + + - **Zonal high availability**: This option places all nodes within a single availability zone, reducing network latency. It ensures high availability without requiring application-level redundancy across zones, making it suitable for applications that prioritize low latency within a single zone. For more information, see [Zonal high availability architecture](#zonal-high-availability-architecture). - **Regional high availability (beta)**: This option distributes nodes across multiple availability zones, offering maximum infrastructure isolation and redundancy. It provides the highest level of availability but requires application-level redundancy across zones. It is recommended to choose this option if you need maximum availability protection against infrastructure failures within a zone. Note that it increases latency and might incur cross-zone data transfer fees. This feature is available in regions with more than three availability zones and can only be enabled during cluster creation. For more information, see [Regional high availability architecture](#regional-high-availability-architecture). From 6ff8e53eba066e24f7dd69e9b7e036f050dd02c7 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Mon, 22 Dec 2025 15:05:45 +0800 Subject: [PATCH 16/21] Update high availability documentation links and notes Standardized references to high availability documentation in TiDB Cloud by updating link text in architecture-concepts.md and key-concepts.md. Added a note in serverless-high-availability.md to direct users to the dedicated high availability documentation for TiDB Cloud Dedicated. --- tidb-cloud/architecture-concepts.md | 2 +- tidb-cloud/key-concepts.md | 2 +- tidb-cloud/serverless-high-availability.md | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/architecture-concepts.md b/tidb-cloud/architecture-concepts.md index 8af2d234555ea..a6f5976542d6a 100644 --- a/tidb-cloud/architecture-concepts.md +++ b/tidb-cloud/architecture-concepts.md @@ -60,7 +60,7 @@ For applications experiencing growing workloads and needing scalability in real - By default, clusters utilizing the Zonal High Availability option have all components located within the same availability zone, which results in lower network latency. - For applications that require maximum infrastructure isolation and redundancy, the Regional High Availability option distributes nodes across multiple availability zones. -For more information, see [High Availability in {{{ .starter }}}, Essential and {{{ .premium }}}](/tidb-cloud/serverless-high-availability.md). +For more information, see [High Availability in TiDB Cloud](/tidb-cloud/serverless-high-availability.md). ## TiDB Cloud Dedicated diff --git a/tidb-cloud/key-concepts.md b/tidb-cloud/key-concepts.md index 268837562a878..505e12f245014 100644 --- a/tidb-cloud/key-concepts.md +++ b/tidb-cloud/key-concepts.md @@ -39,7 +39,7 @@ TiDB Cloud Dedicated lets you adjust its compute and storage resources separatel TiDB Cloud ensures high availability in {{{ .starter }}}, {{{ .essential }}}, and TiDB Cloud Dedicated clusters: -- [High Availability in {{{ .starter }}}, Essential and {{{ .premium }}}](/tidb-cloud/serverless-high-availability.md) +- [High Availability in TiDB Cloud](/tidb-cloud/serverless-high-availability.md) - [High Availability in TiDB Cloud Dedicated](/tidb-cloud/high-availability-with-multi-az.md) ## Monitoring diff --git a/tidb-cloud/serverless-high-availability.md b/tidb-cloud/serverless-high-availability.md index 2ca85b8a4aad0..a09d12b31748f 100644 --- a/tidb-cloud/serverless-high-availability.md +++ b/tidb-cloud/serverless-high-availability.md @@ -9,7 +9,8 @@ TiDB Cloud is designed with robust mechanisms to maintain high availability and > **Note:** > -> This document is only applicable for {{{ .starter }}} and {{{ .essential }}}{{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}. +> - This document is only applicable for {{{ .starter }}} and {{{ .essential }}}{{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}. +> - For high availability in TiDB Cloud Dedicated, see [High Availability in TiDB Cloud Dedicated](/tidb-cloud/high-availability-with-multi-az.md). ## Overview From 56a8077002cf26d0ce101d51d59ee24dad779a84 Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Mon, 22 Dec 2025 15:47:40 +0800 Subject: [PATCH 17/21] Apply suggestions from code review Co-authored-by: Grace Cai --- tidb-cloud/key-concepts.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tidb-cloud/key-concepts.md b/tidb-cloud/key-concepts.md index 505e12f245014..43b9e74ac201b 100644 --- a/tidb-cloud/key-concepts.md +++ b/tidb-cloud/key-concepts.md @@ -37,10 +37,10 @@ TiDB Cloud Dedicated lets you adjust its compute and storage resources separatel ## High availability -TiDB Cloud ensures high availability in {{{ .starter }}}, {{{ .essential }}}, and TiDB Cloud Dedicated clusters: +TiDB Cloud ensures high availability in all supported plans: -- [High Availability in TiDB Cloud](/tidb-cloud/serverless-high-availability.md) -- [High Availability in TiDB Cloud Dedicated](/tidb-cloud/high-availability-with-multi-az.md) +- For {{{ .starter }}} and {{{ .essential }}}{{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}, see [High Availability in TiDB Cloud](/tidb-cloud/serverless-high-availability.md). +- For TiDB Cloud Dedicated, see [High Availability in TiDB Cloud Dedicated](/tidb-cloud/high-availability-with-multi-az.md). ## Monitoring From ba0010549b0d9acb7f1e7eb8ad2f7148a5dd13b7 Mon Sep 17 00:00:00 2001 From: houfaxin Date: Tue, 23 Dec 2025 10:27:00 +0800 Subject: [PATCH 18/21] Update backup-and-restore-premium.md --- tidb-cloud/premium/backup-and-restore-premium.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index ddd29a56ec56d..fad03aa08df14 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -175,12 +175,11 @@ To restore a backup generated by a {{{ .dedicated }}} cluster, follow these step {{{ .premium }}} supports restoring backups from cloud storage (such as Amazon S3 and Alibaba Cloud Object Storage Service (OSS)) to a new instance. This feature is compatible with backups generated from {{{ .dedicated }}} clusters or TiDB Self-Managed clusters. -#### Limitations - -- Currently, manual backups are not supported for {{{ .premium }}} instances. -- Currently, only backups located in **Amazon S3** and **Alibaba Cloud OSS** are supported for restore. -- You can restore backups only to a new instance hosted by the same cloud provider as your storage bucket. -- If the instance and the storage bucket are located in different regions, additional cross-region data transfer fees might apply. +>**Note:** +> +> - Currently, only backups located in **Amazon S3** and **Alibaba Cloud OSS** are supported for restore. +> - You can restore backups only to a new instance hosted by the same cloud provider as your storage bucket. +> - If the instance and the storage bucket are located in different regions, additional cross-region data transfer fees might apply. #### Steps @@ -205,3 +204,7 @@ To restore backups from cloud storage, do the following: If the backup information is incorrect, click **Previous** to return to the previous page, and then enter the correct information. 5. Click **Restore** to restore the backup. + +## Limitations + +Currently, manual backups are not supported for {{{ .premium }}} instances. From 9887ef0cbbd14ec3992a41f638c9b1ef4d42b2de Mon Sep 17 00:00:00 2001 From: houfaxin Date: Tue, 23 Dec 2025 10:27:13 +0800 Subject: [PATCH 19/21] Update backup-and-restore-premium.md --- tidb-cloud/premium/backup-and-restore-premium.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index fad03aa08df14..39d0bfda18601 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -205,6 +205,6 @@ To restore backups from cloud storage, do the following: 5. Click **Restore** to restore the backup. -## Limitations +## Limitation Currently, manual backups are not supported for {{{ .premium }}} instances. From 2d12625e86b28d61b9e9826cf64a06bcf63b5b3f Mon Sep 17 00:00:00 2001 From: Cheng Weiwei <65707268+wildpcww@users.noreply.github.com> Date: Wed, 24 Dec 2025 16:19:05 +0800 Subject: [PATCH 20/21] add-restore-permissions --- .../configure-external-storage-access.md | 60 +++++++++++++++++-- 1 file changed, 55 insertions(+), 5 deletions(-) diff --git a/tidb-cloud/configure-external-storage-access.md b/tidb-cloud/configure-external-storage-access.md index 3796e472fbd11..3387c767c3f1e 100644 --- a/tidb-cloud/configure-external-storage-access.md +++ b/tidb-cloud/configure-external-storage-access.md @@ -179,12 +179,56 @@ It is recommended that you use an IAM user (instead of the AWS account root user Take the following steps to configure an access key: -1. Create an IAM user. For more information, see [creating an IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console). - -2. Use your AWS account ID or account alias, and your IAM user name and password to sign in to [the IAM console](https://console.aws.amazon.com/iam). +1. **Create an IAM user and access key.** + - Create an IAM user. For more information, see [creating an IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console). + - Use your AWS account ID or account alias, and your IAM user name and password to sign in to [the IAM console](https://console.aws.amazon.com/iam). + - Create an access key. For more information, see [creating an access key for an IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey). + +2. **Grant permissions to the IAM user.** + Create a policy and attach it to the IAM user. Ensure the policy includes the required permissions based on your task: + - **To import data** into a TiDB Cloud clusterinstance, grant `s3:GetObject`, `s3:GetObjectVersion`, and `s3:ListBucket` permissions. + - **To export data** from a TiDB Cloud clusterinstance, grant `s3:PutObject` and `s3:ListBucket` permissions. + + - **To restore data** to a TiDB Cloud instance, grant `s3:GetObject`,`s3:GetBucketLocation` and `s3:ListBucket` permissions. + + The following is an example policy that allows TiDB Cloud to **restore** data from a specific folder in your S3 bucket. + + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowGetBucketLocation", + "Effect": "Allow", + "Action": "s3:GetBucketLocation", + "Resource": "arn:aws:s3:::" + }, + { + "Sid": "AllowListPrefix", + "Effect": "Allow", + "Action": "s3:ListBucket", + "Resource": "arn:aws:s3:::", + "Condition": { + "StringLike": { + "s3:prefix": "/*" + } + } + }, + { + "Sid": "AllowReadObjectsInPrefix", + "Effect": "Allow", + "Action": "s3:GetObject", + "Resource": "arn:aws:s3::://*" + } + ] + } + ``` -3. Create an access key. For more information, see [creating an access key for an IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey). + > **Tip:** + > + > In the policy above, replace `` and `` with your actual bucket name and backup directory. This configuration follows the principle of least privilege by restricting access to only the necessary backup files. + > **Note:** > > TiDB Cloud does not store your access keys. It is recommended that you [delete the access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) after the import or export is complete. @@ -304,10 +348,16 @@ Take the following steps to configure an AccessKey pair: - In the **Service** section, select **Object Storage Service**. - In the **Action** section, select the permissions as needed. - To import data into a TiDB Cloud clusterinstance, grant **oss:GetObject**, **oss:GetBucketInfo**, and **oss:ListObjects** permissions. + To import data into a TiDB Cloud clusterinstance, grant `oss:GetObject`, `oss:GetBucketInfo`, and `oss:ListObjects` permissions. To export data from a TiDB Cloud clusterinstance, grant `oss:PutObject` and `oss:GetBucketInfo` permissions. + To restore a backup to a TiDB Cloud instance, grant `oss:ListObjects` and `oss:GetObject` permissions. + - In the **Resource** section, select the bucket and the objects in the bucket. + > **Tip** + > + > For restore operations, you can enhance security by restricting access to only the specific folder (prefix) where your backup files are stored, rather than granting access to the entire bucket. + 3. Attach the custom policies to the RAM user. For more information, see [Grant permissions to a RAM user](https://www.alibabacloud.com/help/en/ram/user-guide/grant-permissions-to-the-ram-user). From ceb4e054f24a6cd14aab8a648c7dc06cfaeb1cab Mon Sep 17 00:00:00 2001 From: xixirangrang Date: Wed, 24 Dec 2025 16:36:19 +0800 Subject: [PATCH 21/21] Apply suggestions from code review Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- tidb-cloud/configure-external-storage-access.md | 2 +- tidb-cloud/serverless-high-availability.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tidb-cloud/configure-external-storage-access.md b/tidb-cloud/configure-external-storage-access.md index 3387c767c3f1e..3a68360df099b 100644 --- a/tidb-cloud/configure-external-storage-access.md +++ b/tidb-cloud/configure-external-storage-access.md @@ -189,7 +189,7 @@ Take the following steps to configure an access key: - **To import data** into a TiDB Cloud clusterinstance, grant `s3:GetObject`, `s3:GetObjectVersion`, and `s3:ListBucket` permissions. - **To export data** from a TiDB Cloud clusterinstance, grant `s3:PutObject` and `s3:ListBucket` permissions. - - **To restore data** to a TiDB Cloud instance, grant `s3:GetObject`,`s3:GetBucketLocation` and `s3:ListBucket` permissions. + - **To restore data** to a TiDB Cloud instance, grant `s3:GetObject`, `s3:GetBucketLocation`, and `s3:ListBucket` permissions. The following is an example policy that allows TiDB Cloud to **restore** data from a specific folder in your S3 bucket. diff --git a/tidb-cloud/serverless-high-availability.md b/tidb-cloud/serverless-high-availability.md index c53ff50b7409b..be95f68373a4a 100644 --- a/tidb-cloud/serverless-high-availability.md +++ b/tidb-cloud/serverless-high-availability.md @@ -9,7 +9,7 @@ TiDB Cloud is designed with robust mechanisms to maintain high availability and > **Note:** > -> - This document is only applicable for {{{ .starter }}} and {{{ .essential }}} {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}. +> - This document is only applicable for {{{ .starter }}} and {{{ .essential }}}{{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}. > - For high availability in TiDB Cloud Dedicated, see [High Availability in TiDB Cloud Dedicated](/tidb-cloud/high-availability-with-multi-az.md). ## Overview