Skip to content

Enable Database Backup Shipping

VIP’s Database Backup Shipping feature makes it possible to ship backups at regular intervals to an AWS S3 bucket managed by your organization. The shipped database backups are useful for internal security policies, to automate regular data ingestion for analysis systems, and can be imported to local development environments.

  • Backup SQL database files are shipped in a gzip-compressed plain text format with the file extension *.sql.gz.
  • Files are encrypted in-transit using TLS between VIP and the AWS S3 bucket.
  • To ensure files are encrypted at-rest, please ensure that encryption is configured for the AWS S3 bucket.

Prerequisite

  • Database Backup Shipping can only be enabled for an application’s production environment.
  • To enable Database Backup Shipping, a user must have at minimum an App admin role for that application.
  • The AWS S3 bucket name and region are required for configuration.
  • User must have access to modify the AWS Bucket Policy to complete the setup.

AWS S3 bucket requirements

Bucket Name

  • The AWS S3 bucket name can only include lowercase letters (a-z), numbers (0-9) and hyphens (-). Review the AWS bucket naming requirements for additional information.
  • Note: The inclusion of periods (.) in an AWS S3 bucket name is likely to cause Log Shipping failures.

Path

  • Note: Custom paths are currently not supported for Database Backup Shipping.

Encryption

  • The S3 bucket must not use KMS encryption; SSE-S3 is the preferred encryption option.

Enable Database Backup Shipping

  1. Navigate to the VIP Dashboard and select the “Settings” panel option at the left.
  2. Below “Add-ons” select “Database Backup Shipping“.
  3. Select the “Configuration” tab.
  4. Enter the “Bucket Name” and “Bucket Region” values for the S3 bucket that will receive the shipped database backups from VIP.
  5. Select “Daily” or “Hourly” as the Schedule Option for Database Backup Shipping.
    If “Daily” is selected, an additional option will appear for the user to select a specific hour of day for backups to be shipped. If no hour is specified, backups will be shipped daily at a default hour set by the system.
  6. Select “Continue“.
Screenshot of the configuration fields for Database Backup Shipping
  1. Copy the contents of the JSON-formatted “Generated Access Policy” config file. Add the Generated Access Policy content to the S3 bucket by following the instructions for Granting AWS Config access to the Amazon S3 Bucket.
  2. Test Configuration” by selecting “Test and Enable“. A test file named vip-go-test-file.txt will be uploaded to the S3 bucket as part of the verification process. This file will always be present in a site’s configured S3 bucket and path, alongside the dated folders that contain the logs themselves.
  3. If the configuration test is successful, the backup shipping will begin sending files to the configured S3 Bucket at.

Disable Database Backup Shipping

  1. Navigate to the VIP Dashboard and select the “Settings” panel option at the left.
  2. Below “Add-ons” select “Database Backup Shipping“.
  3. Select “Disable Sync“.

Restricting access by IP range

To restrict access to an AWS S3 bucket via IP range, ensure your bucket access policy accounts for the dynamic IP range accessible at https://go-vip.net/ip-ranges.json. A system to auto-update the access policy will need to be implemented, as the IP ranges are subject to change.

Last updated: April 12, 2022