Setting Backup Download Rules

Last updated:2026-03-04 11:45:45

Setting Backup Download Rules

Last updated: 2026-03-04 11:45:45

The backup files of TDSQL-C for MySQL clusters can be downloaded through the public or private network by default. Simultaneously, TDSQL-C for MySQL provides restrictions on backup download conditions. Set the backup download rules based on actual needs to enhance security and management efficiency.
Application Scenario
This feature takes effect in the cluster dimension. If you need to set backup download rules to restrict the conditions for downloading the backup files of a specific cluster, you can use this feature.
Feature Overview
Public network download is enabled by default. When it is enabled, backups can be downloaded through both the public and private networks.
When public network download is disabled, private network download conditions (IP and VPC) need to be set.
Setting Backup Download Rules
1. Log in to the TDSQL-C for MySQL console.
2. Select a region at the top of the page based on your actual console view mode and perform corresponding operations.
Tab View
List View
In the Cluster list on the left, click the target cluster to enter the cluster management page.
Find the target cluster in the cluster list on the left, and click Cluster ID or Operation column's Manage option to enter the cluster management page.
3. On the cluster management page, select Backup Management > Download Settings, and click Edit.
﻿
4. In the pop-up page, configure as needed and click OK.
﻿
Parameter
Description
Download from Public Network
Enable or Disable the public network download as needed.
Enable: When it is enabled, download conditions cannot be set.
Disable: When public network download is disabled, you can set the private network download conditions, which include IP and VPC.
Download Conditions
Set download conditions.
When the corresponding condition value is empty, it indicates that this condition is not used for restriction.
IP address conditions support taking IP addresses as condition values. You can choose the condition operator Includes or Excludes. Multiple IP addresses are separated by English commas.
VPC conditions support taking private networks under the current region as condition values, with the condition operator as Includes. Multiple private networks can be checked.
5. After the configuration is completed, the effective conditions can be viewed.
Authorizing Sub-accounts to Set Backup Download Rules
Sub-accounts do not have the permission to set database backup download rules by default. Therefore, users need to create policies to allow sub-accounts to set the rules.
1. Log in to the Cloud Access Management console.
2. In the left sidebar, click Policies.
3. Select Create a custom policy > Create by policy builder, configure the corresponding policy parameters, and click Next.
﻿
Resource-level API
Effect: Select Allow.
Service: Cloud Native Database TDSQL-C (TDSQL-C) (cynosdb).
Action: Select escribeBackupDownloadRestriction, DescribeBackupDownloadUrl, DescribeBinlogDownloadUrl, and ModifyBackupDownloadRestriction.
Resource: You can select specific instances or all resources.
Action-Level API
Effect: Select Allow.
Service: Cloud Native Database TDSQL-C (cynosdb).
Action: Select DescribeBackupDownloadUserRestriction and ModifyBackupDownloadUserRestriction.
Resource: Instances cannot be specified; select all resources.
4. Enter the basic information of the strategy, associate users/user groups/roles, and then click Completed.
Related APIs
API
Description
﻿Query user-level backup download limit.﻿
This API (DescribeBackupDownloadUserRestriction) is used to query the default backup download source restrictions configured at the user level for the current region.
﻿Query backup download limit.﻿
This API (DescribeBackupDownloadRestriction) is used to query the default backup download source restrictions configured for the current region by users.
﻿Modify cluster backup download limit.﻿
This API (ModifyBackupDownloadRestriction) is used to modify the backup file download source restrictions for users in the current region. It can be set to allow downloads via both public and private networks, only via the private network, or via specified VPCs or IPs on the private network.

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Feedback

Parameter	Description
Download from Public Network	Enable or Disable the public network download as needed. Enable: When it is enabled, download conditions cannot be set. Disable: When public network download is disabled, you can set the private network download conditions, which include IP and VPC.
Download Conditions	Set download conditions. When the corresponding condition value is empty, it indicates that this condition is not used for restriction. IP address conditions support taking IP addresses as condition values. You can choose the condition operator Includes or Excludes. Multiple IP addresses are separated by English commas. VPC conditions support taking private networks under the current region as condition values, with the condition operator as Includes. Multiple private networks can be checked.

API	Description
Query user-level backup download limit.	This API (DescribeBackupDownloadUserRestriction) is used to query the default backup download source restrictions configured at the user level for the current region.
Query backup download limit.	This API (DescribeBackupDownloadRestriction) is used to query the default backup download source restrictions configured for the current region by users.
Modify cluster backup download limit.	This API (ModifyBackupDownloadRestriction) is used to modify the backup file download source restrictions for users in the current region. It can be set to allow downloads via both public and private networks, only via the private network, or via specified VPCs or IPs on the private network.

tencent cloud

Application Scenario

Feature Overview

Setting Backup Download Rules

Authorizing Sub-accounts to Set Backup Download Rules

Related APIs