Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

How to get started with Yandex Cloud Backup on an existing VM

Written by
Updated at November 11, 2025

Before you get started with Cloud Backup, make sure you have a linked billing account and its status is ACTIVE or TRIAL_ACTIVE.

Make sure you have a Yandex Compute Cloud VM instance. In this tutorial, you will connect a Linux VM instance to Cloud Backup. If you have no suitable VM instance, follow Getting started with Yandex Cloud Backup on a new VM.

The cost of VM backup resources includes:

To get started with Cloud Backup:

  1. Set up the infrastructure.
  2. Activate Cloud Backup.
  3. Install the Cloud Backup agent.
  4. Link your VM to a backup policy.

If you no longer need the resources you created, delete them.

Set up the infrastructure

  1. In the cloud network hosting the VM you want to connect to Cloud Backup, create a security group with the following outgoing traffic rules:

    Port range Protocol Destination name CIDR blocks
    80 TCP CIDR 213.180.193.0/24
    80 TCP CIDR 213.180.204.0/24
    443 TCP CIDR 84.47.172.0/24
    443 TCP CIDR 84.201.181.0/24
    443 TCP CIDR 178.176.128.0/24
    443 TCP CIDR 213.180.193.0/24
    443 TCP CIDR 213.180.204.0/24
    7770-7800 TCP CIDR 84.47.172.0/24
    8443 TCP CIDR 84.47.172.0/24
    44445 TCP CIDR 51.250.1.0/24

    Tip

    When installing the Cloud Backup agent on your VM or BareMetal server, you might need to install missing software components from the internet. To do this, add the following outgoing traffic rule to the security group:

    • Port range: 0-65535.
    • Protocol: Any.
    • Destination name: CIDR.
    • CIDR blocks: 0.0.0.0/0.

    Once the Cloud Backup agent is installed, you can delete this rule.

  2. Assign the new security group to the VM you are connecting to Cloud Backup:

    1. In the management console, select the folder where you want to connect a VM to Cloud Backup.

    2. In the list of services, select Compute Cloud and then select the VM.

    3. Under Network interface, add a security group to the VM network interface:

      • In the top-right corner of the section, click and select Edit.
      • In the window that opens, select the previously created security group in the Security groups field.
      • Click Save.

    4. If the VM does not have a public IP address, then under Network, click in the top-right corner of the relevant network interface section and select Add public IP address. In the window that opens:

      • In the Public address field, select Auto to get an IP address automatically or List to choose a reserved address from the list.
      • Optionally, if you selected Auto in the Public address field, enable DDoS protection. For more information, see Yandex DDoS Protection in Virtual Private Cloud.
      • If you selected List in the Public address field, choose the IP address you want to assign to your VM. The IP address and the VM must be in the same availability zone.
      • Click Add.

      Instead of assigning a public IP address to your VM, you can associate the subnet hosting this VM with a route table allowing internet access via a NAT gateway or a custom router.

  3. Create a service account and assign the backup.editor role to it.

  4. Link the new service account to the VM you are connecting to Cloud Backup:

    Note

    You can only link one service account to a virtual machine.

    To link a service account to a VM, you need a permission to use this account. This permission comes with the iam.serviceAccounts.user and editor roles or higher.

    1. In the management console, select the folder where you want to connect a VM to Cloud Backup.
    2. In the list of services, select Compute Cloud and then a VM from the list that opens.
    3. In the top-right corner of the page, click Edit VM.
    4. Under Additional, select a service account with the backup.editor role.
    5. Click Save changes.

Activate Cloud Backup

To activate the service, you need at least the backup.editor role for the folder in which you want to create backups of VMs or BareMetal servers.

When you enable the service, the backup provider starts. For more information about the backup provider and data sent to it, see Service activation and backup provider.

  1. In the management console, select the folder where you want to connect a VM to Cloud Backup.

  2. In the list of services, select Cloud Backup.

  3. If you have not activated Cloud Backup yet, click Activate.

    If there is no Activate button, and you can create a VM connected to Cloud Backup, Cloud Backup has already been activated. Proceed to the next step.

Install the Cloud Backup agent

  1. Connect to the VM over SSH.

  2. Install the Cloud Backup agent on the VM by running this command in the Linux terminal:

    sudo apt update && \
sudo apt install -y jq && \
curl https://storage.yandexcloud.net/backup-distributions/agent_installer.sh | sudo bash

    Result:

    ...
Agent registered with id D9CA44FC-716A-4B3B-A702-C6**********

    sudo yum install epel-release -y && \
sudo yum update -y && \
sudo yum install jq -y && \
curl https://storage.yandexcloud.net/backup-distributions/agent_installer.sh | sudo bash

    Result:

    ...
Agent registered with id D9CA44FC-716A-4B3B-A702-C6**********

Link your VM to a backup policy

Once you install the agent, the VM will be added to Cloud Backup in the Virtual machines tab and you will be able to associate it with a Cloud Backup policy.

  1. Make sure the Cloud Backup agent has been installed:

    1. In the management console, select the folder where the service is activated.
    2. In the list of services, select Compute Cloud.
    3. Select the VM.
    4. Check that the value of the Backups field in the Cloud Backup section is No backup policy.

  2. Link your VM to a backup policy:

    1. In the management console, select the folder with the activated service and VM you need.
    2. In the list of services, select Cloud Backup.
    3. In the left-hand panel, select Backup policies.
    4. Select one of the policies created by default. Click Create policy to create a new policy, if required.
    5. Under Attached resources on the Virtual machines tab, click Attach a VM.
    6. In the window that opens, select the VM from the list and click Attach.

    As a result, the VM will be associated with the backup policy and the system will start taking its backups according to the policy schedule.

How to delete the resources you created

To stop paying for the resources you created:

  1. Delete VM backups, if any.
  2. Delete the VM from Cloud Backup.

What's next

See also

Previous
Getting started with Cloud Backup on a new VM
Next
All guides