Docs Menu
Docs Home
/
MongoDB Atlas
/ /

Configure a Backup Compliance Policy

On this page

  • Prohibited Actions
  • Considerations
  • Required Access
  • Prerequisites
  • Procedure
  • View Projects that have a Backup Compliance Policy Enabled
  • View Backup Details for Dedicated Clusters
  • Extra Snapshot Retention

If you have strict data protection requirements, you can enable a Backup Compliance Policy to protect your backup data.

Important

You Can't Disable a Backup Compliance Policy

After you enable a Backup Compliance Policy, you can't disable it without MongoDB support. To disable a Backup Compliance Policy, the security or legal representative specified for the Backup Compliance Policy must request support and complete an extensive verification process. Before you enable a Backup Compliance Policy, carefully review the prohibited actions and considerations. You can re-enable a Backup Compliance Policy at any time.

If you enable a Backup Compliance Policy, no user, regardless of role, can do the following actions:

After you enable a Backup Compliance Policy, the following behaviors apply:

  • A Backup Compliance Policy limits your ability to reduce backup storage costs. You can't adjust the retention or delete a backup to reduce the backup storage costs. To learn more, see Manage Billing.

  • All new and existing clusters have Cloud Backup automatically enabled and use the project-level Backup Compliance Policy. Atlas augments any preexisting cluster-level backup policies to meet the minimum requirements of the Backup Compliance Policy. All new clusters use the Backup Compliance Policy unless the mininum requirements of the cluster-level backup policy expand beyond the mininum requirements of the Backup Compliance Policy.

  • You can modify the cluster-level backup policies at any time. If you reduce the frequency of a cluster-level backup policy, the change applies only to future backups. Any existing oplog remains for the original window. The minimum requirements of the Backup Compliance Policy apply.

  • If the Backup Compliance Policy has the Keep all snapshots when removing additional snapshot regions option set to On and you enable, modify, or delete multi-region snapshots, any snapshots already taken remain.

  • When you resume a cluster, Atlas automatically enables Cloud Backup. If the Backup Compliance Policy has the Require Point in Time Restore to all clusters option set to On, Atlas automatically enables Continuous Cloud Backup and adjusts the restore window according to the Backup Compliance Policy. Atlas automatically modifies the backup to meet the minimum requirements of the Backup Compliance Policy.

  • If you terminate a cluster, Atlas maintains all existing snapshots after the termination according to your backup policy. Atlas retains the oplog for restoring a point in time with continuous cloud backup in a static state until Atlas can no longer use them for continuous cloud backup.

  • If you terminate a cluster, you can't create another cluster with the same name because Atlas uses the name to identify snapshots.

  • Whenever a user enables, modifies, or disables a Backup Compliance Policy, Atlas reflects the event in the Project Activity Feed.

To configure a Backup Compliance Policy, you must have Project Owner access to the project. Users with Organization Owner access must add themselves as a Project Owner to the project before configuring a Backup Compliance Policy.

  • Only MongoDB Support can do the following actions:

  • Only the specified security or legal representative can request support.

  • You can apply a Backup Compliance Policy to M10+ dedicated clusters only.

    Note

    You can't convert a dedicated cluster to a M0 free clusters, an M2 or M5 shared cluster, or a serverless instance.

To enable the backup compliance policy for your project using the Atlas CLI, run the following command:

atlas backups compliancePolicy enable [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas backups compliancePolicy enable.

Tip

The Atlas Administration API provides the endpoint in the Cloud Backups resource to update or enable the Backup Compliance Policy settings for the project.

1

Important

You Can't Disable a Backup Compliance Policy

After you enable a Backup Compliance Policy, you can't disable it without MongoDB support. To disable a Backup Compliance Policy, the security or legal representative specified for the Backup Compliance Policy must request support and complete an extensive verification process. Before you enable a Backup Compliance Policy, carefully review the prohibited actions and considerations. You can re-enable a Backup Compliance Policy at any time.

  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it is not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. Next to the Projects menu, expand the Options menu, then click Project Settings.

  4. Toggle Data Protection Policy to On.

    The Edit Data Protection Policy dialog box opens.

    Note

    This Backup Compliance Policy applies as the minimum backup policy to all clusters in the project. The Backup Compliance Policy protects all existing snapshots. The Backup Compliance Policy prevents any user, regardless of role, from modifying or deleting existing snapshots prior to their expiration. Changes made to this Backup Compliance Policy apply only to future snapshots. If you enable a Backup Compliance Policy, the Backup Compliance Policy limits your ability to reduce backup storage costs. You can't adjust the retention or delete a backup to reduce the backup storage costs.

2

Each row in the Backup Policy Frequency and Retention table represents a backup policy item.

Important

After you save the Backup Compliance Policy, you can't delete policy items specified in the Backup Compliance Policy without MongoDB Support. To delete policy items specified in the Backup Compliance Policy, the security or legal representative specified for the Backup Compliance Policy must request support and complete an extensive verification process. Ensure that you have the correct policy items before you save the Backup Compliance Policy.

  1. Do one of the following steps:

    • Select the frequency unit from Frequency Unit for a policy item.

    • Click Add Frequency Unit to add a new policy item to your backup policy.

  2. Select the frequency for the frequency unit from the Every column.

  3. Specify the retention time for the policy item in the Retention Time column and the units for the retention time in the column to the right.

To return the backup compliance policy for your project using the Atlas CLI, run the following command:

atlas backups compliancePolicy describe [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas backups compliancePolicy describe.

The Atlas Administration API provides the endpoint in the Cloud Backups resource to retrieve the Backup Compliance Policy settings for the project.

A Backup Compliance Policy icon appears next to each project name that has a Backup Compliance Policy enabled.

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. Click the Leaf icon in the upper left corner of the page. You can also expand the Projects menu in the navigation bar, then click View All Projects.

You can view backup details for all M10+ dedicated clusters including deleted clusters with retained snapshots.

To view backup details:

1
  1. If it's not already displayed, select the organization that contains your project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your project from the Projects menu in the navigation bar.

  3. In the sidebar, click Backup under the Security heading.

2

When a Backup Compliance Policy is enabled for your project, you can also configure extra snapshot retention to retain snapshots beyond the Backup Compliance Policy protection period. Your snapshots remain fully protected and users can't delete them during the Backup Compliance Policy period. During the extra snapshot retention period, snapshots are unprotected again and any user with the appropriate role can delete them. When the extra snapshot retention period ends, Atlas deletes the snapshots automatically. Any changes apply to all existing and future snapshots for that frequency unit. The extra snapshot retention time remains the same even if the Backup Compliance Policy changes.

To learn more, see Configure Extra Snapshot Retention.

Back

Copy to Region

Next

Encryption