Creating a Cloud Database Instance for Amazon DocumentDB

To back up the Amazon Aurora database, create an instance for the database.

Procedure

From the navigation pane, go to Protect > Databases.

The Instances page appears.
Click Add Instance, and then click Cloud DB.

The Add Cloud DB instance page appears.
From the Select vendor list, select Amazon.
From the Database engine list, select DocumentDB.
For Cloud account, select an existing AWS account or create a new account.

Account option	Steps
Use an existing AWS account	To select an existing cloud account for the instance, from the Cloud account list, select the cloud account name.
Define a new AWS account	To add a new account, click Add. The Add cloud account dialog box appears. In the Name box, type a name for the new cloud account. In the Regions box, type the region names that you want to back up, separated by commas. For example, enter us-east-1,us-west-1. By default, clusters or instances from all regions are backed up. Choose the regions to back up if any of the following conditions are true: The cloud account does not have access to all the AWS regions due to organizational restrictions. You want to restrict the backups to certain regions. Enter the host or account authentication information: To use IAM role authentication, click IAM role. Note If you select IAM role authentication, but an access node that is not associated with the IAM role is used for a backup or restore, the operation fails. Define custom permissions to access AWS resources to enable support for DocumentDB backups and restores. Download the amazon_documentdb_backup_restore_permissions.json file and use it on the AWS command line to apply the required permissions. To use an access key and secret key pair to access the AWS account, click Access and secret key, and then enter the following information for your Amazon account: Access key: Type the access key ID. Secret key: Type the secret access key. Use service account resources: This toggle key does not apply to cloud databases. To use an STS assume role with IAM policy to access the AWS account, click STS assume role with IAM policy, and then enter the AWS ARN for using the STS Assume Role. To select access nodes that have the necessary permissions associated with them in the AWS Console, from the Access nodes list, select access nodes to use for the backup and restore operations. Click Save.

Account option

Steps

Use an existing AWS account

To select an existing cloud account for the instance, from the Cloud account list, select the cloud account name.

Define a new AWS account

To add a new account, click Add.

The Add cloud account dialog box appears.
In the Name box, type a name for the new cloud account.
In the Regions box, type the region names that you want to back up, separated by commas. For example, enter us-east-1,us-west-1.

By default, clusters or instances from all regions are backed up. Choose the regions to back up if any of the following conditions are true:
- The cloud account does not have access to all the AWS regions due to organizational restrictions.
- You want to restrict the backups to certain regions.
Enter the host or account authentication information:
- To use IAM role authentication, click IAM role.
  
  Note
  
  If you select IAM role authentication, but an access node that is not associated with the IAM role is used for a backup or restore, the operation fails.
  
  Define custom permissions to access AWS resources to enable support for DocumentDB backups and restores. Download the amazon_documentdb_backup_restore_permissions.json file and use it on the AWS command line to apply the required permissions.
- To use an access key and secret key pair to access the AWS account, click Access and secret key, and then enter the following information for your Amazon account:
  - Access key: Type the access key ID.
  - Secret key: Type the secret access key.
  - Use service account resources: This toggle key does not apply to cloud databases.
- To use an STS assume role with IAM policy to access the AWS account, click STS assume role with IAM policy, and then enter the AWS ARN for using the STS Assume Role.
To select access nodes that have the necessary permissions associated with them in the AWS Console, from the Access nodes list, select access nodes to use for the backup and restore operations.
Click Save.

From the Plan list, select the server plan that you want to use for the backup operations.
To filter the content that is backed up, click Edit, and then select or clear the regions to include or exclude from the backups.
Click Add.

Result

After you create the cloud database instance, a default cluster group is automatically created for the instance.