Update periodic backup storage redundancy for Azure Cosmos DB

APPLIES TO: NoSQL MongoDB Cassandra Gremlin Table

By default, Azure Cosmos DB stores periodic mode backup data in geo-redundant blob storage that is replicated to a paired region. You can override the default backup storage redundancy. This article explains how to update the backup storage redundancy using Azure CLI and PowerShell. It also shows how to configure an Azure policy on your accounts to enforce the required storage redundancy.

Prerequisites

• An existing Azure Cosmos DB account.
  • If you have an Azure subscription, create a new account.
  • If you don't have an Azure subscription, create a free account before you begin.
  • Alternatively, you can try Azure Cosmos DB free before you commit.

Update storage redundancy

Use the following steps to update backup storage redundancy.

Azure portal

1. Sign in to the Azure portal and navigate to your Azure Cosmos DB account.

2. Open the Backup & Restore pane, update the backup storage redundancy and select Submit. It takes few minutes for the operation to complete.

   

Azure CLI

1. Ensure you have the latest version of Azure CLI or a version higher than or equal to 2.30.0. If you have the cosmosdb-preview extension installed, make sure to remove it.

2. Use the az cosmosdb locations show command to get the backup redundancy options available in the regions where your account exists.

   az cosmosdb locations show \
         --location <region-name>
   

   The output should include JSON similar to this example:

   {
     "id": "subscriptionId/<Subscription_ID>/providers/Microsoft.DocumentDB/locations/eastus/",
     "name": "East US",
     "properties": {
       "backupStorageRedundancies": [
         "Geo",
         "Zone",
         "Local"
       ],
       "isResidencyRestricted": false,
       "supportsAvailabilityZone": true
     },
     "type": "Microsoft.DocumentDB/locations"
   }
   

   Note

   The previous command shows a list of backup redundancies available in the specific region. Supported values are displayed in the backupStorageRedundancies property. For example some regions may support up to three redundancy options: Geo, Zone, and Local. Other regions may support a subset of these options. Before updating, choose the backup storage redundancy option that is supported in all the regions your Azure Cosmos DB account uses.

3. Use the az cosmosdb update command with the chosen backup redundancy option to update the backup redundancy on an existing account.

   az cosmosdb update \
       --resource-group <resource-group-name> \
       --name <account_name> \
       --backup-redundancy Zone
   

4. Alternatively, use the az cosmosdb create command to create a new account with the chosen backup redundancy option.

   az cosmosdb create \
       --resource-group <resource-group-name> \
       --name <account-name> \
       --backup-redundancy Geo \
       --locations regionName=<azure-region>
   

Azure PowerShell

1. Install the latest version of Azure PowerShell or a version higher than or equal to 1.4.0.

   $parameters = @{
       Name = "Az.CosmosDB"
       RequiredVersion = "1.4.0"
   }
   Install-Module @parameters
   

2. Use the Get-AzCosmosDBLocation cmdlet to get the backup redundancy options available in the regions where your account exists.

   $parameters = @{
       Location = "<azure-region>"
   }
   (Get-AzCosmosDBLocation @parameters).Properties
   

   The output should include content similar to this example:

   SupportsAvailabilityZone IsResidencyRestricted BackupStorageRedundancies
   ------------------------ --------------------- -------------------------
                       True                 False {Geo, Zone, Local}
   

   Note

   The previous command shows a list of backup redundancies available in the specific region. Supported values are displayed in the BackupStorageRedundancies property. For example some regions may support up to three redundancy options: Geo, Zone, and Local. Other regions may support a subset of these options. Before updating, choose the backup storage redundancy option that is supported in all the regions your Azure Cosmos DB account uses.

3. Use the Update-AzCosmosDBAccount cmdlet with the chosen backup redundancy option to update the backup redundancy on an existing account:

   $parameters = @{
       ResourceGroupName "<resource-group-name>"
       Name = "<account-name>"
       BackupStorageRedundancy = "Zone"
   }
   Update-AzCosmosDBAccount @parameters
   

4. Alternatively, use the New-AzCosmosDBAccount cmdlet to create a new account with the chosen backup redundancy option:

   $parameters = @{
       ResourceGroupName = "<resource-group-name>"
       Name = "<account-name>"
       Location = "<azure-region>"
       BackupPolicyType = "Periodic"
       BackupStorageRedundancy = "Geo"
   }
   New-AzCosmosDBAccount @parameters
   

Add an Azure Policy for backup storage redundancy

Azure Policy helps you to enforce organizational standards and to assess compliance at-scale. For more information, see what is Azure Policy?.

The following sample shows how to add an Azure policy for Azure Cosmos DB accounts to validate (using audit) that they have their backup redundancy configured to Local.

"parameters": {},
"policyRule": {
  "if": {
    "allOf": [
      {
        "field": "Microsoft.DocumentDB/databaseAccounts/backupPolicy.periodicModeProperties.backupStorageRedundancy",
        "match": "Local"
      }
    ]
  },
  "then": {
    "effect": "audit"
  }
}

Next steps

Modify the backup interval and retention period