Stay organized with collections
Save and categorize content based on your preferences.
This document explains how to apply a Backup and DR Service backup plan to your
Compute Engine instance when you create the instance using the
Google Cloud console.
Use Backup and DR Service backup plans to create rule-based and indelible backups
of your Compute Engine instances and then store those backups in a
secure and isolated storage locations.
Backup and DR backup plans let you define advanced backup strategies
to store your Compute Engine instances in secure storage locations
called backup vaults. Using the backup plan applied to your instance,
you can create scheduled or on-demand backups of your instance in a
backup vault.
Before you begin
Enable the Backup and DR Service API where the Compute Engine instances are
located.
Set up Log Analytics on your bucket to monitor
Backup and DR backup jobs.
Required roles
To get the permissions that
you need to create an instance and apply a backup plan during its
creation,
ask your administrator to grant you the
following IAM roles:
To create the instance:
Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)
on the project for the Compute Engine instance
To configure scheduled backups or run on-demand backups:
If you want to back up a Compute Engine instance to a
backup vault that is in a different project than the instance, then
make sure the
Backup and DR Vault Service Agent for the backup vault has been
granted permission to access the instances in that project. (If the
backup vault and instance are in the same project, then this
permission is already granted by default.)
To ensure that Backup and DR Vault Service Agent has the necessary
permissions to back up a Compute Engine instance to a
backup vault,
ask your administrator to grant Backup and DR Vault Service Agent the
Backup and DR Compute Engine Operator (roles/backupdr.computeEngineOperator)
IAM role on the project for the Compute Engine instance.
Create an instance that has a backup plan applied
To create an instance that has a backup plan applied, follow these steps in the
Google Cloud console:
In the Google Cloud console, go to the Create an instance page.
If prompted, select your project and click Continue.
The Create an instance page appears and displays the
Machine configuration pane.
In the Name field, specify a name for your instance. For more
information, see
Resource naming convention.
In the Region field, specify the region where you want your instance.
Optional: In the Zone field, select a zone for this instance.
The default selection is Any. If you don't change this default
selection, then Google automatically chooses a zone for you based on
machine type and availability.
To specify a backup plan for this instance, do the following:
In the navigation menu, click OS and storage. The
Operating system and storage pane appears.
In the Backup plan section, click Select a plan.
In the Select a backup plan pane that appears, do the following:
Verify that the Project field has the same project name where
your backup plans exist. If not, select the correct project.
In the Backup plan name column, click the name of the back plan
that you want to use.
To confirm your choice of backup plan and return to the
Operating system and storage pane, click Apply.
Optional. Specify any other configuration parameters of your choice. For
more information about custom configuration options, see
Create and start an instance.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-26 UTC."],[[["\u003cp\u003eThis guide outlines the process of applying a Backup and DR Service backup plan to a new Compute Engine instance during its creation using the Google Cloud console.\u003c/p\u003e\n"],["\u003cp\u003eBackup and DR backup plans define rules for backing up Compute Engine instances, including frequency, retention, and replication, storing them in secure backup vaults.\u003c/p\u003e\n"],["\u003cp\u003eTo apply a backup plan during instance creation, you must have the required IAM roles and have previously created a backup vault and a backup plan in the same region.\u003c/p\u003e\n"],["\u003cp\u003eCertain Compute Engine instance configurations are not supported for Backup and DR Service backups, including those with extreme or Hyperdisk volumes, specific machine types, CMEK/CSEK encryption, no attached disks, or those larger than 200 TB.\u003c/p\u003e\n"],["\u003cp\u003eThe Google Cloud console is required to apply a backup plan when creating an instance, with the option located in the "OS and storage" or "Data protection" section of the instance creation process.\u003c/p\u003e\n"]]],[],null,["# Apply a backup plan during instance creation\n\n*** ** * ** ***\n\nThis document explains how to apply a Backup and DR Service backup plan to your\nCompute Engine instance when you create the instance using the\nGoogle Cloud console.\n\nUse Backup and DR Service backup plans to create rule-based and indelible backups\nof your Compute Engine instances and then store those backups in a\nsecure and isolated storage locations.\n\nBackup and DR backup plans let you define advanced backup strategies\nto store your Compute Engine instances in secure storage locations\ncalled backup vaults. Using the backup plan applied to your instance,\nyou can create scheduled or on-demand backups of your instance in a\nbackup vault.\n\nBefore you begin\n----------------\n\n- Enable the Backup and DR Service API where the Compute Engine instances are located.\n [Enable the API](https://console.cloud.google.com/flows/enableapi?apiid=backupdr.googleapis.com&_ga=2.145630134.30427899.1640890668-1982243420.1634228058)\n\n- [Create a backup vault](/backup-disaster-recovery/docs/cloud-console/backup-vault-create)\n- [Create a backup plan](/backup-disaster-recovery/docs/cloud-console/backup-plan-create)\n- Set up Log Analytics on your bucket to monitor Backup and DR backup jobs.\n\n### Required roles\n\n-\n\n To get the permissions that\n you need to create an instance and apply a backup plan during its\n creation,\n\n ask your administrator to grant you the\n following IAM roles:\n\n - To create the instance: [Compute Instance Admin (v1)](/iam/docs/roles-permissions/compute#compute.instanceAdmin.v1) (`roles/compute.instanceAdmin.v1`) on the project for the Compute Engine instance\n - To configure scheduled backups or run on-demand backups:\n - [Backup and DR Backup User](/iam/docs/roles-permissions/backupdr#backupdr.backupUser) (`roles/backupdr.backupUser`) on the project for the backup vault\n - [Viewer](/iam/docs/roles-overview#basic) (`roles/viewer`) on the project for the backup vault\n\n\n For more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\n You might also be able to get\n the required permissions through [custom\n roles](/iam/docs/creating-custom-roles) or other [predefined\n roles](/iam/docs/roles-overview#predefined).\n- If you want to back up a Compute Engine instance to a\n backup vault that is in a different project than the instance, then\n make sure the\n [Backup and DR Vault Service Agent](/iam/docs/service-agents#backup-and-dr-vault-service-agent) for the backup vault has been\n granted permission to access the instances in that project. (If the\n backup vault and instance are in the same project, then this\n permission is already granted by default.)\n\n-\n\n To ensure that Backup and DR Vault Service Agent has the necessary\n permissions to back up a Compute Engine instance to a\n backup vault,\n\n ask your administrator to grant Backup and DR Vault Service Agent the\n\n\n [Backup and DR Compute Engine Operator](/iam/docs/roles-permissions/backupdr#backupdr.computeEngineOperator) (`roles/backupdr.computeEngineOperator`)\n IAM role on the project for the Compute Engine instance.\n\n\n | **Important:** You must grant this role to Backup and DR Vault Service Agent, *not* to your user account. Failure to grant the role to the correct principal might result in permission errors.\n\n \u003cbr /\u003e\n\nCreate an instance that has a backup plan applied\n-------------------------------------------------\n\nTo create an instance that has a backup plan applied, follow these steps in the\nGoogle Cloud console:\n\n1. In the Google Cloud console, go to the **Create an instance** page.\n\n [Go to Create an instance](https://console.cloud.google.com/compute/instancesAdd)\n\n If prompted, select your project and click **Continue**.\n\n The **Create an instance** page appears and displays the\n **Machine configuration** pane.\n2. In the **Name** field, specify a name for your instance. For more\n information, see\n [Resource naming convention](/compute/docs/naming-resources#resource-name-format).\n\n3. In the **Region** field, specify the region where you want your instance.\n\n4. Optional: In the **Zone** field, select a zone for this instance.\n\n The default selection is **Any**. If you don't change this default\n selection, then Google automatically chooses a zone for you based on\n machine type and availability.\n5. To specify a backup plan for this instance, do the following:\n\n 1. In the navigation menu, click **OS and storage** . The\n **Operating system and storage** pane appears.\n\n | **Important:** If you see a **Data protection** pane in the navigation menu, click **Data protection** instead of **OS and storage** and then continue with the remaining steps. For more information, see the [February 14, 2025 release note](/compute/docs/release-notes#February_14_2025).\n 2. In the **Backup plan** section, click **Select a plan**.\n\n 3. In the **Select a backup plan** pane that appears, do the following:\n\n 1. Verify that the **Project** field has the same project name where your backup plans exist. If not, select the correct project.\n 2. In the **Backup plan name** column, click the name of the back plan that you want to use.\n 3. To confirm your choice of backup plan and return to the **Operating system and storage** pane, click **Apply**.\n6. Optional. Specify any other configuration parameters of your choice. For\n more information about custom configuration options, see\n [Create and start an instance](/compute/docs/instances/create-start-instance).\n\n7. To create and start the VM, click **Create**.\n\nWhat's next\n-----------\n\n- Learn how to use your instance's backup plan to [schedule or create backups in a backup vault](/backup-disaster-recovery/docs/cloud-console/compute/compute-instance-backup).\n- Learn how to [restore an instance from a backup vault](/backup-disaster-recovery/docs/cloud-console/compute/compute-instance-restore).\n- Learn how to [change the backup plan that's applied to an instance](/compute/docs/instances/change-backup-plan-for-instance) ([Preview](/products#product-launch-stages))."]]
