Database Backup Shipping

The Database Backup Shipping feature makes it possible to automatically ship database backups for an application’s production environment at regular intervals to an assigned AWS S3 bucket.

The shipped database backups are useful for internal security policies, to automate regular data ingestion for analysis systems, and can be imported to local development environments.

Backup SQL database files are shipped in a gzip-compressed plain text format with the file extension *.sql.gz.
Files from more than one of an organization’s applications and environments can be shipped to a single S3 bucket.

Prerequisite

Only customers with an Enhanced, Signature, or Premier Support package, and some customers on legacy contracts can enable Database Backup Shipping.
To enable Database Backup Shipping, a user must have at minimum an Org admin role or an App admin role for that application.
Review the AWS S3 bucket requirements before enabling this feature.

Enable Database Backup Shipping

Database Backup Shipping can only be enabled for an application’s production environment.

Configure S3

Navigate to the VIP Dashboard for an application.
Select an environment from the environment dropdown located at the upper left of the VIP Dashboard.
Select “Database” from the sidebar navigation at the left of the screen.
Select “Database Backup Shipping” from the submenu.
Select the “Configuration” tab.
Enter the “AWS Account ID” (How to find your AWS Account ID), “Bucket Name”, and “Bucket Region” values for the S3 bucket that will receive the shipped database backups from VIP.
Select “Daily” or “Hourly” as the Schedule Option for Database Backup Shipping.
If “Daily” is selected, an additional option will appear for the user to select a specific hour of day for backups to be shipped. If no hour is specified, backups will be shipped daily at a default hour set by the system.
Select “Continue“.

Test Configuration

Based on the values entered in the “Configure S3” step, a CloudFormation Template will populate the field labeled “Generated CloudFormation Template“. To continue the process of enabling Database Backup Shipping:

Download the CloudFormation Template JSON file by selecting the button labeled “Download Template“.
Use the CloudFormation Template JSON file to create a stack in AWS CloudFormation by following the instructions for Creating a stack on the AWS CloudFormation console.
Select the button labeled “Test and Enable“ to test the configuration on the S3 bucket. A test file named vip-go-test-file.txt will be uploaded to the S3 bucket as part of the verification process. This file will always be present in a site’s configured S3 bucket and path, alongside the dated folders that contain the logs themselves.

Complete

If the configuration test is successful, the enablement tool will advance to the step labeled “Complete”. Database Backup Shipping will begin sending files to the configured S3 Bucket at the time interval that was selected in Step 5.

Screenshot of the configuration fields for Database Backup Shipping

Disable Database Backup Shipping

Navigate to the VIP Dashboard for an application.
Select an environment from the environment dropdown located at the upper left of the VIP Dashboard.
Select “Database” from the sidebar navigation at the left of the screen.
Select “Database Backup Shipping” from the submenu.
Select “Disable Sync“.

Restricting access by IP range

To restrict access to an AWS S3 bucket via IP range, ensure your bucket access policy accounts for the VIP Platform’s dynamic IP range. A system to auto-update the access policy will need to be implemented, as the IP ranges are subject to change.

Last updated: April 19, 2024