Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Creating a backup policy

Written by
Improved by
Updated at November 11, 2025

Creating a policy becomes available after you activate Cloud Backup.

You can create or update a policy using the Yandex Cloud management console, Terraform, or a JSON specification via the Yandex Cloud CLI or API.

Note

You cannot create backup policies with some advanced settings in the Yandex Cloud management console. Use the CLI, Terraform, or API to create such policies.

After activation, the system automatically creates the following backup policies:

  • Default daily: Daily incremental backup with the last 15 backups retained.
  • Default weekly: Weekly incremental backup with the last 15 backups retained.
  • Default monthly: Monthly incremental backup with the last 15 backups retained.

Note

Backups are created based on the VM's or Yandex BareMetal server's local time. There may be a slight delay in the schedule depending on the current service load.

  1. In the management console, select the folder where you want to create a backup policy.

  2. In the list of services, select Cloud Backup.

  3. In the left-hand panel, select Backup policies.

  4. Click Create policy.

  5. On the backup policy creation page:

    • Specify the policy name. Follow these naming requirements:

      • It must be from 2 to 63 characters long.
      • It can only contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    • Select the type of backup:

      • Incremental: Saves only data that is different from the previous backup. On the first run, a full backup of the resource will be made.
      • Always full: Saves all VM or BareMetal server data.

      Once the policy is created, you cannot change the type.

    • Under Launch settings, select the run schedule type:

      • Fixed schedule: Specify the backup frequency:

        • Every day. Either once a day at a specified time or several times a day at a particular interval within the specified time period.
        • Weekly. Select days of the week and time for backups on those days.
        • Monthly. Specify months, day of the month, and time for backups.

        For incremental backups, you can enable Create a full copy once a week and select the day of the week for a full backup. On the selected day, a full backup will be created instead of an incremental one.

      • Interval between backups: Specify the interval, in hours or days, between the end of the previous backup and the start of the new one.

      Backups are created based on the VM's or BareMetal server's local time. There may be a slight delay in the schedule depending on the current service load.

      Once the policy is created, you cannot change the type.

    • Under Retention settings, set the backup retention policy:

      • Retain all copies: All backups created under this backup policy will be retained.

      • Only the last: Specify the number of recent backups you want to retain or the number of days, weeks, or months for which to retain the backups. All other backups will be deleted automatically.

        Note

        If you created the policy via the management console, subsequent updates of backup retention settings will take effect only after a next backup is created. If the changes have not taken effect, disassociate the policy from the VM or BareMetal server and then reassociate it.

    • Expand the Additional section and, in the form that opens, proceed as follows:

      • Optionally, enable Run missed tasks after uploading to run all skipped backup jobs after the VM starts if the VM was Stopped during the scheduled backup. This is only supported for incremental backups.
      • Optionally, enable Fast backup to speed up incremental backups. Changes in the file will be determined by size, date, and last update time. If the option is disabled, Cloud Backup will compare the contents of all files with the backup contents. This option does not work for volumes with JFS, ReiserFS3, ReiserFS4, ReFS, or XFS file systems.
      • Optionally, enable Sector-by-sector backup to create an exact disk or volume backup at the physical level. Backs up all disk or volume sectors, including empty areas and unallocated space. If no compression level is selected, the backup size will be equal to the disk size. This mode is used automatically for disks with unsupported file systems. You cannot recover app data from a backup like that.
      • Optionally, enable Backup checks to make sure you will be able to restore data from the backup. During the check, a checksum is calculated for each section available for recovery. The check may take a long time because it scans all recoverable data.

      • Optionally, select a data Compression in the backup. The higher the compression level, the longer it takes to create a backup, but such a backup will be smaller in size. How efficient compression is depends on the type of data you are backing up: files that are already compressed, such as JPG, PDF, or MP3, are difficult to compress further, unlike, for example, DOC or XLS.

        Note

        You can only select a compression level when creating a policy. You cannot change it for an existing policy.

      • Optionally, enable Multivolume snapshot to create time-synchronized data backups spanning several volumes. This parameter decides whether snapshots of several volumes will be created simultaneously or one after another. Select your preferred method for creating snapshots:

        • Via Cloud Backup agent: Snapshot volumes using the Cloud Backup agent managed by LVM.
        • Via LVM: Snapshot volumes using the built-in LVM tools. If the snapshot cannot be created using LVM, it will be created using the Cloud Backup agent.

      • Optionally, under Commands before and after, set the actions Cloud Backup will perform before and after the backup. To do this, enable Run the command before backup and/or Run the command after backup, and specify the following settings:

        • Command or path to file: Command or path to the executable file that needs to be executed (run), e.g., /usr/bin/myapp.
        • Working folder: Working directory to execute the command (run the file) in, e.g., /etc/myapp/.
        • Arguments: Command line parameters that will be applied when executing the command (running the file), e.g., -d -rw.
        • Enable Terminate backup when a command fails to stop the backup if there is a command execution (file running) error.

        Note

        You can add to each policy not more than one command executed before the backup and not more than one executed after the backup.

      • Optionally, under Repeat operation on task failure, specify the backup settings in the event of failure:

        • Number of attempts: Maximum number of retry attempts. If reached, the operation is considered failed. Attempts will stop as soon as the operation succeeds or when the specified number of attempts is reached, whichever comes earlier.
          This setting does not apply if the backup was started manually.
        • Time between attempts: Interval between reattempts.

      • Optionally, under Error handling, configure the Cloud Backup behavior if errors occur:

        • Repeat operation on task failure: Reattempt settings in case of backup errors:

          • Number of attempts: Maximum number of retry attempts.
          • Time between attempts: Interval between reattempts.

        • Retry in case of an error while creating a snapshot: Reattempt settings in case of snapshot errors:

          • Number of attempts: Maximum number of retry attempts.
          • Time between attempts: Interval between reattempts.

      • Optionally, under File filters, you can use filters to exclude specific files and folders from your backups or do the opposite and back up only specific file system items:

        • Do not backup files that meet the following criteria.
        • Only backup files that meet the following criteria.

        Exclusion filters take precedence over inclusion filters.

        To include or exclude files, add some criteria, e.g., file names, paths, or masks. * and ? wildcards are supported. Use a new line for each criterion. Criteria are case-insensitive.

  6. Click Save.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

  1. See the description of the CLI command to create a backup policy:

    yc backup policy create --help

  2. Specify the configuration of the backup policy you are creating as a data schema in JSON format.

    Sample configuration file
    {
  "compression": "NORMAL",
  "format": "AUTO",
  "multiVolumeSnapshottingEnabled": true,
  "preserveFileSecuritySettings": true,
  "reattempts": {
    "enabled": true,
    "interval": {
      "type": "SECONDS",
      "count": "30"
    },
    "maxAttempts": "30"
  },
  "silentModeEnabled": true,
  "splitting": {
    "size": "1099511627776"
  },
  "vmSnapshotReattempts": {
    "enabled": true,
    "interval": {
      "type": "MINUTES",
      "count": "5"
    },
    "maxAttempts": "3"
  },
  "vss": {
    "enabled": true,
    "provider": "TARGET_SYSTEM_DEFINED"
  },
  "archive": {
    "name": "'[Machine Name]-[Plan ID]-[Unique ID]A'"
  },
  "performanceWindow": {
  },
  "retention": {
    "rules": [
      {
        "maxCount": "10"
      }
    ],
    "beforeBackup": true
  },
  "scheduling": {
    "backupSets": [
      {
        "time": {
          "weekdays": [
            "MONDAY"
          ],
          "repeatAt": [
            {
              "minute": "5"
            }
          ],
          "type": "WEEKLY"
        }
      }
    ],
    "enabled": true,
    "maxParallelBackups": "2",
    "randMaxDelay": {
      "type": "MINUTES",
      "count": "30"
    },
    "scheme": "ALWAYS_INCREMENTAL",
    "weeklyBackupDay": "MONDAY"
  },
  "cbt": "ENABLE_AND_USE",
  "fastBackupEnabled": true,
  "quiesceSnapshottingEnabled": true,
  "prePostCommands": [
    {
      "cmd": "/usr/bin/myapp",
      "args": "-d -rw",
      "enabled": true,
      "stopOnError": true,
      "type": "PRE_COMMAND",
      "wait": true,
      "workdir": "/etc/myapp/"
    }
  ]
}

    Note

    The preserveFileSecuritySettings and quiesceSnapshottingEnabled parameters are no longer supported.

    Save the configuration to a .json file.

    The example describes a configuration for a backup policy that will create incremental VM or BareMetal server backups every Monday at 00:05 (UTC+0). Only the last 10 backups will be stored.

    See the full backup policy specification for details.

  3. Create a backup policy:

    yc backup policy create \
  --name <policy_name> \
  --settings-from-file <path_to_configuration_file>

    Where:

    • --name: Name of the backup policy you are creating.
    • --settings-from-file: Path to the backup policy configuration file in JSON format.

    Result:

    id: cdgkoivuvtey********
name: sample-backup-policy
created_at: "2025-10-06T19:09:31Z"
updated_at: "2025-10-06T19:09:31Z"
enabled: true
settings:
  compression: NORMAL
  format: AUTO
  multi_volume_snapshotting_enabled: true
  reattempts:
    enabled: true
    interval:
      type: SECONDS
      count: "30"
    max_attempts: "30"
  silent_mode_enabled: true
  splitting:
    size: "1099511627776"
  vm_snapshot_reattempts:
    enabled: true
    interval:
      type: MINUTES
      count: "5"
    max_attempts: "3"
  vss:
    enabled: true
    provider: TARGET_SYSTEM_DEFINED
  archive:
    name: '''[Machine Name]-[Plan ID]-[Unique ID]A'''
  performance_window: {}
  retention:
    rules:
      - max_count: "10"
    before_backup: true
  scheduling:
    backup_sets:
      - time:
          weekdays:
            - MONDAY
          repeat_at:
            - minute: "5"
          type: WEEKLY
        type: TYPE_AUTO
    enabled: true
    max_parallel_backups: "2"
    rand_max_delay:
      type: MINUTES
      count: "30"
    scheme: ALWAYS_INCREMENTAL
    weekly_backup_day: MONDAY
  cbt: ENABLE_AND_USE
  fast_backup_enabled: true
  file_filters: {}
  pre_post_commands:
    - cmd: /usr/bin/myapp
      args: -d -rw
      enabled: true
      stop_on_error: true
      type: PRE_COMMAND
      wait: true
      workdir: /etc/myapp/
folder_id: b1gt6g8ht345********

    For more information about this command, see the CLI reference.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

To create a backup policy:

  1. In the Terraform configuration file, describe the backup policy parameters:

    resource "yandex_backup_policy" "my_policy" {
    archive_name                      = "[Machine Name]-[Plan ID]-[Unique ID]a"
    cbt                               = "USE_IF_ENABLED"
    compression                       = "NORMAL"
    fast_backup_enabled               = true
    format                            = "AUTO"
    multi_volume_snapshotting_enabled = true
    name                              = "<backup_policy_name>"
    performance_window_enabled        = true
    sector_by_sector                  = true
    run_later                         = true
    validation_enabled                = true
    lvm_snapshotting_enabled          = true
    silent_mode_enabled               = true
    splitting_bytes                   = "9223372036854775807"
    vss_provider                      = "NATIVE"

    reattempts {
        enabled      = true
        interval     = "1m"
        max_attempts = 10
    }

    retention {
        after_backup = false

        rules {
            max_age       = "365d"
            repeat_period = []
        }
    }

    scheduling {
        enabled              = false
        max_parallel_backups = 0
        random_max_delay     = "30m"
        scheme               = "ALWAYS_INCREMENTAL"
        weekly_backup_day    = "MONDAY"

        backup_sets {
            execute_by_time {
                type                      = "MONTHLY"
                include_last_day_of_month = true
                monthdays                 = []
                months                    = [1,2,3,4,5,6,7,8,9,10,11,12]
                repeat_at                 = ["04:10"]
                repeat_every              = "30m"
                weekdays                  = []
            }
        }
    }

    vm_snapshot_reattempts {
        enabled      = true
        interval     = "1m"
        max_attempts = 10
    }
}

    Where:

    • archive_name: Names of generated archives. This is an optional parameter. The parameter variables include:

      Make sure the last character in the generated archive name is not a variable.

    • cbt: Configuration for tracking backup contents. This is an optional parameter. The possible values include:

      • CHANGED_BLOCK_TRACKING_UNSPECIFIED: Not specified.
      • USE_IF_ENABLED: Use if enabled.
      • ENABLE_AND_USE: Enable and use.
      • DO_NOT_USE: Do not use.

      The default value is DO_NOT_USE.

    • compression: Backup compression ratio. This is an optional parameter. The possible values include:

      • NORMAL: Standard compression ratio.
      • HIGH: High compression ratio.
      • MAX: Maximum compression ratio.
      • OFF: Disabled.

      The default value is NORMAL.

    • fast_backup_enabled: Fast backup for tracking changes to files. When enabled, file changes are detected by the file size and its timestamp. When disabled, files are checked for changes by comparing their contents to backed up files. It can either be true or false.

    • format: Backup format. This is an optional parameter. The possible values include:

      • VERSION_11: Deprecated format, not recommended.
      • VERSION_12: Recommended format for high-speed backup and recovery.
      • AUTO: Automatic format selection. The default option is VERSION_12, unless you are creating incremental backups for the images created in other versions.

    • multi_volume_snapshotting_enabled: Creating backups for multiple volumes at the same time. This is an optional parameter. It can either be true or false.

    • name: Name of the backup policy.

    • performance_window_enabled: Time windows to limit backup performance. This is an optional parameter. It can either be true or false. The default value is false.

    • sector_by_sector: Sector-by-sector backup. Backs up all disk or volume sectors, including empty areas and unallocated space. If no compression level is selected, the backup size will be equal to the disk size. This mode is used automatically for disks with unsupported file systems. You cannot recover app data from a backup like that. It can either be true or false. The default value is false.

    • run_later: If the VM was Stopped during a scheduled backup, all skipped backup jobs will be executed after the VM starts. It can either be true or false. The default value is false.

    • validation_enabled: Checks the possibility of recovering data from the new backup. During the check, a checksum is calculated for each section available for recovery. The check may take a long time because it scans all recoverable data. It can either be true or false. The default value is false.

    • lvm_snapshotting_enabled: Uses LVM to create a volume snapshot. If the snapshot cannot be created using LVM, it will be created using the Cloud Backup agent. It can either be true or false. The default value is false.

    • silent_mode_enabled: Silent mode that assumes minimum interaction with users. This is an optional parameter. It can either be true or false. The default value is true.

    • splitting_bytes: Defines the size for splitting backups. This is an optional parameter. The default value is 9223372036854775807.

    • vss_provider: VSS settings. This is an optional parameter. It can either be NATIVE or TARGET_SYSTEM_DEFINED. The default value is NATIVE.

    • reattempts: Defines repeat attempts in case the backup operation fails:

      • enabled: Retry creating a backup if non-critical errors occur (e.g., when failing to connect to a target disk). This is an optional parameter. It can either be true or false. The default value is true.
      • interval: Interval between retries. This is an optional parameter. The default value is 5m.
      • max_attempts: Maximum number of retry attempts. If reached, the operation is considered failed. This is an optional parameter. The default value is 5.

    • retention: Backup retention options:

      • after_backup: Apply backup retention rules after the backup is completed. It can either be true or false.

      • rules: Backup retention rules:

        • max_age: Delete backups whose age exceeds max_age.
        • max_count: Delete backups if their number exceeds max_count.
        • repeat_period: Period for applying the rules.

        The max_age and max_count attributes are mutually exclusive, i.e., the use of one makes it impossible to use the other.

    • scheduling: Backup scheduling options:

      • enabled: Enable backup scheduling. This is an optional parameter. It can either be true or false. The default value is true.

      • max_parallel_backups: Maximum number of concurrent backups. This is an optional parameter. The default value is 0 (unlimited).

      • random_max_delay: Sets a random delay between concurrent jobs. This is an optional parameter. The default value is 30m.

      • scheme: Backup schedule scheme. This is an optional parameter. The possible values include:

        • ALWAYS_INCREMENTAL: Always incremental.
        • ALWAYS_FULL: Always full.
        • WEEKLY_FULL_DAILY_INCREMENTAL: Create an incremental backup every day and a full one weekly.
        • WEEKLY_INCREMENTAL: Create an incremental backup every week.

        The default value is ALWAYS_INCREMENTAL.

      • weekly_backup_day: Day of the week when the weekly backup is run. This is an optional parameter. The default value is MONDAY.

      • backup_sets: List of schedules with backup sets:

        • execute_by_time: Settings for backups at a specific time:
          • include_last_day_of_month: Running backups on the last day of each month. This is an optional parameter. It can either be true or false. The default value is false.
          • monthdays: List of days to to which the schedule applies. This is an optional parameter. It can be used for the MONTHLY format.
          • months: List of months to which the schedules applies. This is an optional parameter.
          • repeat_at: List of time values in HH:MM (24-hour) format to which the schedule applies. This is an optional parameter.
          • repeat_every: Frequency for repeat backups. This is an optional parameter.
          • type: Schedule type. The possible values are HOURLY, DAILY, WEEKLY, and MONTHLY.
          • weekdays: List of days of the week to which the schedule applies. It can be used for the WEEKLY format.

    • vm_snapshot_reattempts: Backup retries in case of failures:

      • enabled: Retry a backup if any errors occur. This is an optional parameter. It can either be true or false. The default value is true.
      • interval: Interval between retries. This is an optional parameter. The default value is 5m.
      • max_attempts: Maximum number of retry attempts. If reached, the operation is considered failed. This is an optional parameter. The default value is 5.

    Note

    The preserveFileSecuritySettings and quiesceSnapshottingEnabled parameters are no longer supported.

    For more information about yandex_backup_policy properties, see the relevant provider documentation.

  2. Create the resources:

    1. In the terminal, go to the directory where you edited the configuration file.

    2. Make sure the configuration file is correct using this command:

      terraform validate

      If the configuration is correct, you will get this message:

      Success! The configuration is valid.

    3. Run this command:

      terraform plan

      You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.

    4. Apply the changes:

      terraform apply

    5. Type yes and press Enter to confirm the changes.

    Terraform will create all the required resources. You can check the new resources using the management console or this CLI command:

    yc backup policy list

To create a backup policy, use the create REST API method for the Policy resource or the PolicyService/Create gRPC API call.

See also

Previous
Restoring the Cloud Backup agent
Next
Updating a policy