Docs Menu
Docs Home
/
MongoDB Atlas
/ /

Configure a Backup Compliance Policy

On this page

  • Prohibited Actions
  • Considerations
  • Required Access
  • Prerequisites
  • Procedure
  • View Projects that have a Backup Compliance Policy Enabled
  • View Backup Details for Dedicated Clusters
  • Extra Snapshot Retention

If you have strict data protection requirements, you can enable a Backup Compliance Policy to protect your backup data.

Important

You Can't Disable a Backup Compliance Policy

After you enable a Backup Compliance Policy, only MongoDB support can disable it with a request from the security or legal representative specified for the Backup Compliance Policy. Only the security or legal representative specified for the Backup Compliance Policy can make this request.

To disable a Backup Compliance Policy, the security or legal representative specified for the Backup Compliance Policy must request support and complete an extensive verification process.

Before you enable a Backup Compliance Policy, carefully review the prohibited actions and considerations. You can re-enable a Backup Compliance Policy at any time.

If you enable a Backup Compliance Policy, no user, regardless of role, can do the following actions:

After you enable a Backup Compliance Policy, the following behaviors apply:

  • A Backup Compliance Policy limits your ability to reduce backup storage costs. You can't adjust the retention or delete a backup to reduce the backup storage costs. To learn more, see Manage Billing.

  • All new and existing clusters have Cloud Backup automatically enabled and use the project-level Backup Compliance Policy. Atlas augments any preexisting cluster-level backup policies to meet the minimum requirements of the Backup Compliance Policy. All new clusters use the Backup Compliance Policy unless the mininum requirements of the cluster-level backup policy expand beyond the mininum requirements of the Backup Compliance Policy.

  • You can modify the cluster-level backup policies at any time. If you reduce the frequency of a cluster-level backup policy, the change applies only to future backups. Any existing oplog remains for the original window. The minimum requirements of the Backup Compliance Policy apply.

  • If the Backup Compliance Policy has the Keep all snapshots when removing additional snapshot regions option set to On and you enable, modify, or delete multi-region snapshots, any snapshots already taken remain.

  • When you resume a cluster, Atlas automatically enables Cloud Backup. If the Backup Compliance Policy has the Require Point in Time Restore to all clusters option set to On, Atlas automatically enables Continuous Cloud Backup and adjusts the restore window according to the Backup Compliance Policy. Atlas automatically modifies the backup to meet the minimum requirements of the Backup Compliance Policy.

  • If you terminate a cluster, Atlas maintains all existing snapshots after the termination according to your backup policy. Atlas retains the oplog for restoring a point in time with continuous cloud backup in a static state until Atlas can no longer use them for continuous cloud backup.

  • If you terminate a cluster, you can't create another cluster with the same name because Atlas uses the name to identify snapshots.

  • Whenever a user enables, modifies, or disables a Backup Compliance Policy, Atlas reflects the event in the Project Activity Feed.

To configure a Backup Compliance Policy, you must have Project Owner access to the project. Users with Organization Owner access must add themselves as a Project Owner to the project before configuring a Backup Compliance Policy.

  • Only MongoDB Support can do the following actions:

  • Only the specified security or legal representative can request support.

  • You can apply a Backup Compliance Policy to M10+ dedicated clusters only.

    Note

    You can't convert a dedicated cluster to a M0 free clusters, an M2 or M5 shared cluster, or a serverless instance.

To enable the backup compliance policy for your project using the Atlas CLI, run the following command:

atlas backups compliancePolicy enable [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas backups compliancePolicy enable.

Tip

See: Related Links

The Atlas Administration API provides the endpoint in the Cloud Backups resource to update or enable the Backup Compliance Policy settings for the project.

1
  1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. Next to the Projects menu, expand the Options menu, then click Project Settings.

    The Project Settings page displays.

2

Important

You Can't Disable a Backup Compliance Policy

After you enable a Backup Compliance Policy, only MongoDB support can disable it with a request from the security or legal representative specified for the Backup Compliance Policy. Only the security or legal representative specified for the Backup Compliance Policy can make this request.

To disable a Backup Compliance Policy, the security or legal representative specified for the Backup Compliance Policy must request support and complete an extensive verification process.

Before you enable a Backup Compliance Policy, carefully review the prohibited actions and considerations. You can re-enable a Backup Compliance Policy at any time.

Toggle Backup Compliance Policy to On.

The Edit Backup Compliance Policy dialog box opens.

Note

This Backup Compliance Policy applies as the minimum backup policy to all clusters in the project. The Backup Compliance Policy protects all existing snapshots. The Backup Compliance Policy prevents any user, regardless of role, from modifying or deleting existing snapshots prior to their expiration. Changes made to this Backup Compliance Policy apply only to future snapshots. If you enable a Backup Compliance Policy, the Backup Compliance Policy limits your ability to reduce backup storage costs. You can't adjust the retention or delete a backup to reduce the backup storage costs.

3

Each row in the Backup Policy Frequency and Retention table represents a backup policy item.

Important

After you save the Backup Compliance Policy, you can't delete policy items specified in the Backup Compliance Policy without MongoDB Support. To delete policy items specified in the Backup Compliance Policy, the security or legal representative specified for the Backup Compliance Policy must request support and complete an extensive verification process. Ensure that you have the correct policy items before you save the Backup Compliance Policy.

  1. Do one of the following steps:

    • Select the frequency unit from Frequency Unit for a policy item.

    • Click Add Frequency Unit to add a new policy item to your backup policy.

  2. Select the frequency for the frequency unit from the Every column.

  3. Specify the retention time for the policy item in the Retention Time column and the units for the retention time in the column to the right.

4
  1. Toggle Require Point in Time Restore to all clusters to On.

  2. Specify a Restore Window.

    Important

    You can't configure a restore window that is longer than the Hourly Snapshot Retention Time. After you save this Backup Compliance Policy, you can't change this setting without MongoDB support. To change this setting, the security or legal representative specified for the Backup Compliance Policy must request support and complete an extensive verification process.

5

Toggle Require Encryption at Rest using Customer Key Management for all clusters to On.

Note

To enable this option, you must Enable Encryption at Rest for all current clusters. You can't enable this option on paused clusters that don't have Encryption at Rest enabled.

6

You can prevent cluster users from deleting backups copied to other regions even if you change the Copy to other regions option to Off. To learn more, see Configure Atlas to Automatically Copy Snapshots to Other Regions.

Toggle Keep all snapshots when removing additional snapshot regions to On.

7
  1. Click Next.

    Important

    You Can't Disable a Backup Compliance Policy

    After you enable a Backup Compliance Policy, only MongoDB support can disable it with a request from the security or legal representative specified for the Backup Compliance Policy. Only the security or legal representative specified for the Backup Compliance Policy can make this request.

    To disable a Backup Compliance Policy, the security or legal representative specified for the Backup Compliance Policy must request support and complete an extensive verification process.

    Before you enable a Backup Compliance Policy, carefully review the prohibited actions and considerations. You can re-enable a Backup Compliance Policy at any time.

  2. Specify the First Name and Last Name of a security or legal representative.

  3. Specify the Email address of a representative.

    Important

    An invalid or incorrect email address prevents you from modifying or enabling this Backup Compliance Policy until you correct it with MongoDB Support. Specify the email address that the representative uses to sign into the Support portal.

  4. If you are sure that you want to save the Backup Compliance Policy, specify the project name to continue.

  5. Click the checkbox to confirm that you understand that when you enable a Backup Compliance Policy, no user, regardless of role, can modify or delete backup snapshots. If you enable a Backup Compliance Policy, the Backup Compliance Policy limits your ability to reduce backup storage costs and you can not adjust the retention or delete a backup to reduce backup storage costs. Only MongoDB Support can disable a Backup Compliance Policy. Only the specified security or legal representative can request support to disable a Backup Compliance Policy.

  6. Click Confirm and Save.

To return the backup compliance policy for your project using the Atlas CLI, run the following command:

atlas backups compliancePolicy describe [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas backups compliancePolicy describe.

The Atlas Administration API provides the endpoint in the Cloud Backups resource to retrieve the Backup Compliance Policy settings for the project.

A Backup Compliance Policy icon appears next to each project name that has a Backup Compliance Policy enabled.

1
  1. If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.

  2. Do one of the following steps:

    • Click the Leaf icon in the upper left corner of the page.

    • Click the Organization Settings icon next to the Organizations menu, then click Projects in the sidebar.

    • Expand the Projects menu in the navigation bar, then click View All Projects.

    The Projects page displays.

You can view backup details for all M10+ dedicated clusters including deleted clusters with retained snapshots.

To view backup details:

1
  1. If it's not already displayed, select the organization that contains your project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your project from the Projects menu in the navigation bar.

  3. In the sidebar, click Backup under the Security heading.

    The Backup details display.

2

When a Backup Compliance Policy is enabled for your project, you can also configure extra snapshot retention to retain snapshots beyond the Backup Compliance Policy protection period. Your snapshots remain fully protected and users can't delete them during the Backup Compliance Policy period. During the extra snapshot retention period, snapshots are unprotected again and any user with the appropriate role can delete them. When the extra snapshot retention period ends, Atlas deletes the snapshots automatically. Any changes apply to all existing and future snapshots for that frequency unit. The extra snapshot retention time remains the same even if the Backup Compliance Policy changes.

To learn more, see Configure Extra Snapshot Retention.

Back

Copy to Region