diff --git a/br/backup-and-restore-storages.md b/br/backup-and-restore-storages.md index 5e090a468ba06..6ff0d932f6c59 100644 --- a/br/backup-and-restore-storages.md +++ b/br/backup-and-restore-storages.md @@ -149,9 +149,14 @@ When storing backup data in a cloud storage system, you need to configure authen Before backup, configure the following privileges to access the backup directory on S3. +<<<<<<< HEAD - Minimum privileges for TiKV and Backup & Restore (BR) to access the backup directories during backup: `s3:ListBucket`, `s3:GetObject`, `s3:PutObject`, and `s3:AbortMultipartUpload` - Minimum privileges for TiKV and BR to access the backup directories during snapshot restore: `s3:ListBucket` and `s3:GetObject` - Minimum privileges for TiKV and BR to access the backup directories during log restore: `s3:ListBucket`, `s3:GetObject`, and `s3:PutObject`. When restoring log backup data, BR writes the database and table to be restored to the backup directory. +======= +- Minimum privileges for TiKV and Backup & Restore (BR) to access the backup directories during backup: `s3:ListBucket`, `s3:GetObject`, `s3:DeleteObject`, `s3:PutObject`, and `s3:AbortMultipartUpload` +- Minimum privileges for TiKV and BR to access the backup directories during restore: `s3:ListBucket`, `s3:GetObject`, `s3:DeleteObject`, and `s3:PutObject`. BR writes checkpoint information to the `./checkpoints` subdirectory under the backup directory. When restoring log backup data, BR writes the table ID mapping relationship of the restored cluster to the `./pitr_id_maps` subdirectory under the backup directory. +>>>>>>> 5ca91297a9 (TiDB 7.1+ checkpoint restore requires `s3:DeleteObject` permission (#17111) (#17159)) If you have not yet created a backup directory, refer to [Create a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html) to create an S3 bucket in the specified region. If necessary, you can also create a folder in the bucket by referring to [Create a folder](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-folders.html). diff --git a/br/backup-and-restore-use-cases.md b/br/backup-and-restore-use-cases.md index ea7a928562482..5901bd8c92d13 100644 --- a/br/backup-and-restore-use-cases.md +++ b/br/backup-and-restore-use-cases.md @@ -70,9 +70,14 @@ The detailed steps are as follows: 2. Configure permissions for BR and TiKV to access the S3 directory. It is recommended to grant permissions using the IAM method, which is the most secure way to access the S3 bucket. For detailed steps, refer to [AWS documentation: Controlling access to a bucket with user policies](https://docs.aws.amazon.com/AmazonS3/latest/userguide/walkthrough1.html). The required permissions are as follows: +<<<<<<< HEAD - TiKV and BR in the backup cluster need `s3:ListBucket`, `s3:GetObject`, `s3:PutObject`, and `s3:AbortMultipartUpload` permissions of the `s3://tidb-pitr-bucket/backup-data` directory. - Snapshot restore: TiKV and BR in the restore cluster need `s3:ListBucket` and `s3:GetObject` permissions of the `s3://tidb-pitr-bucket/backup-data` directory. - Log restore: TiKV and BR in the restore cluster need `s3:ListBucket`, `s3:GetObject`, and `s3:PutObject` permissions of the `s3://tidb-pitr-bucket/backup-data` directory. +======= + - TiKV and BR in the backup cluster need `s3:ListBucket`, `s3:GetObject`, `s3:DeleteObject`, `s3:PutObject`, and `s3:AbortMultipartUpload` permissions of the `s3://tidb-pitr-bucket/backup-data` directory. + - TiKV and BR in the restore cluster need `s3:ListBucket`, `s3:GetObject`, `s3:DeleteObject`, and `s3:PutObject` permissions of the `s3://tidb-pitr-bucket/backup-data` directory. +>>>>>>> 5ca91297a9 (TiDB 7.1+ checkpoint restore requires `s3:DeleteObject` permission (#17111) (#17159)) 3. Plan the directory structure that stores the backup data, including the snapshot (full) backup and the log backup.