yandex_backup_policy_bindings (Resource)
Written by
Updated at April 9, 2026
Allows management of Yandex Cloud Attach and Detach VM.
~> Cloud Backup Provider must be activated in order to manipulate with policies.
Example usage
//
// Create a new Cloud Backup Policy Binding
//
resource "yandex_iam_service_account" "test_sa" {
name = "sa-backup-editor"
}
resource "yandex_resourcemanager_folder_iam_member" "test_binding" {
folder_id = yandex_iam_service_account.test_sa.folder_id
role = "backup.editor"
member = "serviceAccount:${yandex_iam_service_account.test_sa.id}"
}
resource "yandex_vpc_network" "test_backup_network" {}
resource "yandex_vpc_subnet" "test_backup_subnet" {
zone = "ru-central1-a"
network_id = yandex_vpc_network.test_backup_network.id
v4_cidr_blocks = ["192.168.0.0/24"]
}
# https://yandex.cloud/ru/docs/backup/concepts/vm-connection#vm-network-access
resource "yandex_vpc_security_group" "test_backup_security_group" {
name = "cloud-backup"
network_id = yandex_vpc_network.test_backup_network.id
egress {
protocol = "TCP"
from_port = 7770
to_port = 7800
v4_cidr_blocks = ["84.47.172.0/24"]
}
egress {
protocol = "TCP"
port = 443
v4_cidr_blocks = ["213.180.204.0/24", "213.180.193.0/24", "178.176.128.0/24", "84.201.181.0/24", "84.47.172.0/24"]
}
egress {
protocol = "TCP"
port = 80
v4_cidr_blocks = ["213.180.204.0/24", "213.180.193.0/24"]
}
egress {
protocol = "TCP"
port = 8443
v4_cidr_blocks = ["84.47.172.0/24"]
}
egress {
protocol = "TCP"
port = 44445
v4_cidr_blocks = ["51.250.1.0/24"]
}
}
data "yandex_compute_image" "ubuntu" {
family = "ubuntu-2004-lts"
}
resource "yandex_compute_instance" "test_backup_compute" {
name = "test-backup-compute"
platform_id = "standard-v1"
zone = "ru-central1-a"
service_account_id = yandex_iam_service_account.test_sa.id
network_interface {
subnet_id = yandex_vpc_subnet.test_backup_subnet.id
security_group_ids = [yandex_vpc_security_group.test_backup_security_group.id]
nat = true
}
boot_disk {
initialize_params {
image_id = data.yandex_compute_image.ubuntu.id
}
}
resources {
cores = 2
memory = 4
}
metadata = {
user-data = "#cloud-config\npackages:\n - curl\n - perl\n - jq\nruncmd:\n - curl https://storage.yandexcloud.net/backup-distributions/agent_installer.sh | sudo bash\n"
}
}
data "yandex_backup_policy" "test_backup_policy" {
name = "Default daily"
}
resource "yandex_backup_policy_bindings" "test_backup_binding" {
instance_id = yandex_compute_instance.test_backup_compute.id
policy_id = data.yandex_backup_policy.test_backup_policy.id
}
Arguments & Attributes Reference
created_at(Read-Only) (String). The creation timestamp of the resource.enabled(Read-Only) (Bool). Flag is specifies whether the policy application is enabled. May befalseif Processing flag istrue.id(String).instance_id(Required)(String). Compute Cloud instance ID.policy_id(Required)(String). Backup Policy ID.processing(Read-Only) (Bool). Flag that specifies whether the policy is in the process of binding to an instance.timeouts[Block].create(String).delete(String).read(String).update(String).
Import
The resource can be imported by using their resource ID. For getting it you can use Yandex Cloud Web Console or Yandex Cloud CLI.
# terraform import yandex_backup_policy_bindings.<resource Name> <resource Id>
terraform import yandex_backup_policy_bindings.test_backup_binding ...