Restore data from cloud storage with absctl restore
Use absctl restore to restore backups directly from the following cloud storage providers:
To restore from cloud storage, specify the relevant flags for your provider.
Amazon S3
To restore from Amazon S3, use the following flags:
--s3-bucket-name: The name of the S3 bucket.--s3-region: The AWS region when using the default AWS endpoint. You can also provide it via your AWS profile or environment.
Then choose one authentication method:
- AWS profile:
--s3-profile - Static credentials:
--s3-access-key-idand--s3-secret-access-key - Environment credentials: Set
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYenvironment variables
Example
absctl restore -d BACKUP_DIRECTORY --s3-bucket-name BUCKET_NAME --s3-region REGION_NAMERequired S3 permissions for absctl restore
absctl restore requires certain permissions to restore from Amazon S3.
In the following IAM JSON policy, include the elements listed and replace BACKUP_BUCKET with the name of the S3 bucket you are using for the restore.
{ "Statement": [ { "Action": [ "s3:ListBucket", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::BACKUP_BUCKET" ] }, { "Action": [ "s3:GetObject", "s3:RestoreObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::BACKUP_BUCKET/*" ] } ], "Version": "2012-10-17"}Include s3:RestoreObject if you use --s3-tier to temporarily restore archived data and make it available.
Google Cloud Storage (GCS)
To restore from Google Cloud Storage, use the following flags:
--gcp-bucket-name: The name of the GCS bucket.--gcp-key-path: Path to the service account key file (JSON) for authenticated access.--gcp-endpoint-override: (Optional) Override the GCS endpoint.
Required GCS permissions for absctl restore
The service account requires the following IAM role or equivalent permissions:
- Role:
roles/storage.objectVieweron the bucket, or custom permissions:storage.objects.getstorage.objects.list
Example
absctl restore -d BACKUP_DIRECTORY --gcp-bucket-name BUCKET_NAME --gcp-key-path /path/to/key.jsonAzure Blob Storage
To restore from Azure Blob Storage, use the following required flags:
--azure-container-name: The name of the Azure container.--azure-endpoint: Azure Blob service endpoint URL (required).
Then choose one authentication method:
- Shared key:
--azure-account-nameand--azure-account-key - Azure AD:
--azure-tenant-id,--azure-client-id, and--azure-client-secret - SAS: include the SAS token in the
--azure-endpointURL
Required Azure permissions for absctl restore
The identity or SAS token requires the following permissions on the container:
-
Azure RBAC role:
Storage Blob Data Reader, or custom permissions:Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
-
SAS token permissions: Read (
r), List (l)
Example
absctl restore -d BACKUP_DIRECTORY --azure-container-name CONTAINER_NAME --azure-endpoint https://ACCOUNT_NAME.blob.core.windows.net/ --azure-account-name ACCOUNT_NAME --azure-account-key ACCOUNT_KEYCloud storage options reference
The following options are available for restoring from cloud storage, grouped by provider. For required permissions, see the previous provider-specific sections.
| Option | Default | Description |
|---|---|---|
| S3 | ||
--s3-bucket-name | - | Name of the S3 bucket. |
--s3-region | - | AWS region for the default AWS endpoint. You can also provide it via your AWS profile or environment. |
--s3-access-key-id | - | AWS access key ID. |
--s3-secret-access-key | - | AWS secret access key. |
--s3-endpoint-override | - | Override the S3 endpoint for MinIO or other S3-compatible storage. |
--s3-profile | - | AWS profile to use. |
--s3-tier | - | S3 storage tier for temporarily restoring archived data to make it available. Valid values: Standard, Bulk, Expedited. |
--s3-restore-poll-duration | 60000 | Polling duration in ms for S3 restore operations. |
--s3-retry-read-backoff | 1000 | Backoff interval for read retries (ms). |
--s3-retry-read-multiplier | 2 | Multiplier for read retry backoff. |
--s3-retry-read-max-attempts | 3 | Max read retry attempts. |
--s3-retry-max-attempts | 10 | Max retry attempts. |
--s3-retry-max-backoff | 90000 | Max retry backoff in ms. |
--s3-max-conns-per-host | 0 | Max connections per host. |
--s3-request-timeout | 600000 | S3 request timeout in ms. |
| GCP | ||
--gcp-bucket-name | - | Name of the GCS bucket. |
--gcp-key-path | - | Path to the service account key file (JSON) for authenticated access. |
--gcp-endpoint-override | - | Override the GCS endpoint. |
--gcp-retry-read-backoff | 1000 | Backoff interval for read retries (ms). |
--gcp-retry-read-multiplier | 2 | Multiplier for read retry backoff. |
--gcp-retry-read-max-attempts | 3 | Max read retry attempts. |
--gcp-retry-max-attempts | 10 | Max retry attempts. |
--gcp-retry-max-backoff | 90000 | Max retry backoff in ms. |
--gcp-retry-init-backoff | 60000 | Initial retry backoff in ms. |
--gcp-retry-backoff-multiplier | 2 | Retry backoff multiplier. |
--gcp-max-conns-per-host | 0 | Max connections per host. |
--gcp-request-timeout | 600000 | GCS request timeout in ms. |
| Azure | ||
--azure-container-name | - | Name of the Azure container. |
--azure-account-name | - | Azure account name. |
--azure-account-key | - | Azure account key. |
--azure-tenant-id | - | Azure tenant ID. |
--azure-client-id | - | Azure client ID. |
--azure-client-secret | - | Azure client secret. |
--azure-endpoint | - | Azure Blob service endpoint URL (Required). |
--azure-access-tier | - | Azure access tier for temporarily restoring archived data to make it available. Valid values: Cold, Cool, Hot. |
--azure-rehydrate-poll-duration | 60000 | Polling duration in ms for checking archived data availability. |
--azure-retry-read-backoff | 1000 | Backoff interval for read retries (ms). |
--azure-retry-read-multiplier | 2 | Multiplier for read retry backoff. |
--azure-retry-read-max-attempts | 3 | Max read retry attempts. |
--azure-retry-max-attempts | 10 | Max retry attempts. |
--azure-retry-max-delay | 90000 | Max retry delay in ms. |
--azure-retry-delay | 60000 | Retry delay in ms. |
--azure-max-conns-per-host | 0 | Max connections per host. |
--azure-request-timeout | 600000 | Azure request timeout in ms. |
Use --s3-tier and --azure-access-tier to temporarily restore archived data and make it available at a specific tier, and the --s3-restore-poll-duration and --azure-rehydrate-poll-duration options to control how often absctl restore checks availability when restoring from cold storage tiers.