Take a backup or restore a backup from the UI
AWS
Taking backups to AWS
Steps to follow in AWS
Follow the steps below on your AWS account:
Create an S3 bucket
Create an AWS S3 bucket in your account where you want to export backups.
Create an IAM role
Create an IAM role that ClickHouse Cloud service will be able to assume into, to write to this bucket - for role-based authentication:
-
a. For this role, you will need to update the IAM role trust policy to include the following statement:
-
b. The ARN in this case is obtained from the ClickHouse Cloud service settings page which looks similar to this:
Update permissions for role
You will also need to update the permissions for this role so this ClickHouse Cloud service can write to the S3 bucket. This is done by including a JSON similar to this one in the role permissions:
Steps to follow in ClickHouse Cloud
Follow the steps below in the ClickHouse Cloud console to configure the external bucket:
Configure AWS IAM Role ARN and S3 bucket details
On the next screen provide the AWS IAM Role ARN and S3 bucket details:
Save changes
Click on “Save External Bucket” to save the settings
Changing the backup schedule from the default schedule
External Backups will now happen in your bucket on the default schedule. Alternatively, you can configure the backup schedule from the “Settings” page. If configured differently, the custom schedule is used to write backups to your bucket and the default schedule (backups every 24 hours) is used for backups in the ClickHouse cloud owned bucket.
View backups stored in your bucket
The Backups page should display these backups in your bucket in a separate table as shown below:
Restoring backups from AWS
Follow the steps below to restore backups from AWS:
Create a new service to restore to
Create a new service to restore the backup to. Currently, we only support restoring a backup into a new service.
Add service ARN
Add the newly created service’s ARN (from the service settings page in Clickhouse Cloud console) to the trust policy for the IAM role. This is the same as the second step in the AWS Steps section above. This is required so the new service can access the S3 bucket.
Get SQL command used to restore backup
Click on the “access or restore a backup” link above the list of backups in the UI to get the SQL command to restore the backup. The command should look like the one shown below, and you can pick the appropriate backup from the dropdown to get the restore command for that specific backup:
Run the restore command
Run the restore command from the SQL console in the newly created service to restore the backup.
GCP
Taking backups to GCP
Follow the steps below to take backups to GCP:
Steps to follow in GCP
Create a GCP storage bucket
Create a storage bucket in your GCP account to export backups.
Generate an HMAC Key and Secret
Generate an HMAC Key and Secret, which is required for password-based authentication. Follow the steps below to generate the keys:
-
a. Create a service account
- I. Navigate to the IAM & Admin section in the Google Cloud Console and select Service Accounts.
- II. Click Create Service Account, provide a name and ID, and click Create and Continue.
- III. Grant the necessary roles for Cloud Storage access (e.g., Storage Object Admin or more granular roles like Storage Object Creator and Storage Object Viewer) to this service account.
- IV. Click Done to finalize the service account creation.
-
b. Generate the HMAC key
- I. Go to Cloud Storage in the Google Cloud Console, and select
Settings - II Go to the Interoperability tab.
- III. In the
Service account HMACsection, click Create a key for a service account. - IV. Choose the service account you created in the previous step from the dropdown menu.
- V. Click Create key.
- I. Go to Cloud Storage in the Google Cloud Console, and select
-
c. Securely store the credentials:
- I. The system will display the Access ID (your HMAC key) and the Secret (your HMAC secret). Save these values, as the secret will not be displayed again after you close this window.
Steps to follow in ClickHouse Cloud
Follow the steps below in the ClickHouse Cloud console to configure the external bucket:
Configure GCP HMAC Key and Secret
On the next screen provide the GCP bucket path, HMAC key and Secret created in the previous section.
Save external bucket
Click on Save External Bucket to save the settings.
Changing the backup schedule from the default schedule
External Backups will now happen in your bucket on the default schedule.
Alternatively, you can configure the backup schedule from the Settings page.
If configured differently, the custom schedule is used to write backups to your
bucket and the default schedule (backups every 24 hours) is used for backups in
ClickHouse cloud owned bucket.
View backups stored in your bucket
The Backups page should display these backups in your bucket in a separate table as shown below
Restoring backups from GCP
Follow the steps below to restore backups from GCP:
Create a new service to restore to
Create a new service to restore the backup to. Currently, we only support restoring a backup into a new service.
Get SQL command used to restore backup
Click on the access or restore a backup link above the list of backups in the
UI to get the SQL command to restore the backup. The command should look like this,
and you can pick the appropriate backup from the dropdown to get the restore
command for that specific backup. You will need to add your secret access key
to the command.
Run SQL command to restore backup
Run the restore command from the SQL console in the newly created service to restore the backup.
Azure
Taking backups to Azure
Follow the steps below to take backups to Azure:
Steps to follow in Azure
Create a storage account
Create a storage account or select an existing storage account in the Azure portal where you want to store your backups.
Get connection string
- a. In your storage account overview, look for the section called
Security + networkingand click onAccess keys. - b. Here, you will see
key1andkey2. Under each key, you’ll find aConnection stringfield. - c. Click
Showto reveal the connection string. Copy the connection string to set up on ClickHouse Cloud.
Steps to follow in ClickHouse Cloud
Follow the steps below in the ClickHouse Cloud console to configure the external bucket:
Provide connection string and container name for your Azure storage account
On the next screen provide the Connection String and Container Name for your Azure storage account created in the previous section:
Save external bucket
Click on Save External Bucket to save the settings
Changing the backup schedule from the default schedule
External Backups will now happen in your bucket on the default schedule. Alternatively, you can configure the backup schedule from the “Settings” page. If configured differently, the custom schedule is used to write backups to your bucket and the default schedule (backups every 24 hours) is used for backups in ClickHouse cloud owned bucket.
View backups stored in your bucket
The Backups page should display these backups in your bucket in a separate table as shown below:
Restoring backups from Azure
To restore backups from Azure, follow the steps below:
Create a new service to restore to
Create a new service to restore the backup to. Currently, we only support restoring a backup into a new service.
Get SQL command used to restore backup
Click on the access or restore a backup link above the list of backups in the
UI to obtain the SQL command to restore the backup. The command should look like
this, and you can pick the appropriate backup from the dropdown to get the
restore command for that specific backup. You will need to add your Azure
storage account connection string to the command.
Run SQL command to restore backup
Run the restore command from the SQL console in the newly created service to restore the backup.
