Oracle Cloud Infrastructure Documentation

Prerequisites

This topic explains the prerequisites to backup and restore your databases in Oracle Database@AWS.

Oracle Database Autonomous Recovery Service

This topic explains how to enable Autonomous Recovery Service for Exadata Database(s).

Note

  • You must complete the following steps before proceeding to Backup Exadata Database for Automatic Database Backups using Autonomous Recovery Service.

Ensure Tenancy Resource Limits Are Sufficient for Recovery Service

  1. From the OCI console, navigate to Governance & Administration.
  2. From the Tenancy Management section, select the Limits, Quotas and Usage link.
  3. Use the Service, Scope, Resource, Subscription and Compartment fields to filter the limits.
    1. From the Service dropdown list, select the Autonomous Recovery Service option.
    2. From the Subscription dropdown list, select XXXXX-ORACLEDBATAWS.
    3. From the Scope dropdown list, select your region.
  4. Check the service limits of the following:
    1. Protected Database Count
    2. Space Used for Recovery Window (GB)
    This screenshot shows how to check limits, quotas and usage.
  5. If you want to increase your service limit, you can create a Service Limit Request.
For more information, see Recovery Service Resource Limits.
Note

Oracle Database Autonomous Recovery Service at AWS is generally available (GA) as of October 16, 2025.

Verify Required Group and Set OCI Policies

  • If Oracle Database@AWS subscription is activated in your buyer account before Autonomous Recovery Service GA date, then you must edit the IAM policies as described below.
    1. Use the existing Oracle Database@AWS groups which are created as a part of onboarding or create new group(s) to administer Autonomous Recovery Service.
    2. Create the required IAM policies for the recovery services at root compartment.
    3. From the OCI console, navigate to Identity & Security, and then select the Identity.
    4. From the left menu, select the Policies section.
    5. To create an IAM policy for Oracle Database@AWS for Autonomous Recovery Service usage, complete the following substeps.
      1. To allow Oracle Database@AWS to use the Autonomous Recovery Service for backup:
        Allow service database to use organizations-assigned-subscription in tenancy where ALL 
{ 
    target.subscription.serviceName = 'ORACLEDBATAWS'
    ANY
    {
        request.operation='CreateProtectedDatabase',
        request.operation='ChangeProtectedDatabaseSubscription'
    }
}
      2. Apply the following policies to grant users in the following groups permission to manage or use Autonomous Recovery Service:
        allow group aws-db-family-administrators to manage recovery-service-family in tenancy
allow group aws-db-family-administrators to use recovery-service-family in tenancy
    Note

    The manage permission allows editing Autonomous Recovery Service policies in addition to configuring database backups with Autonomous Recovery Service, whereas the use permission only allows configuring database backups.
  • If Oracle Database@AWS subscription is activated in your buyer account after Autonomous Recovery Service GA date, then IAM policies are configured automatically and do not require manual setup.
    • Apply the following policies to grant users in the following groups permission to manage or use Autonomous Recovery Service:
      allow group aws-db-family-administrators to manage recovery-service-family in tenancy
allow group aws-db-family-administrators to use recovery-service-family in tenancy
    Note

    The manage permission allows editing Autonomous Recovery Service policies in addition to configuring database backups with Autonomous Recovery Service, whereas the user permission only allows configuring database backups.

Configure Network Resources for Recovery Service

  • If your ODB network is created before Autonomous Recovery Service GA date, then configure network resources for recovery service .

    1. From the OCI console, navigate to Exadata VM Clusters, and then select your Exadata VM Cluster.
    2. Select the VM Cluster information tab, and then ensure the VM Cluster name on the OCI console matches the intended name.This screenshot shows the VM Cluster details.
    3. From the VM Cluster information page, make a note of the names of the Virtual cloud network, Backup subnet, and Backup network security groups.
    4. In the VM Cluster Information tab, right-click the link next to Virtual Cloud Network and open it in a new browser tab.
      1. Navigate to the Subnets tab.
      2. Make sure the IPv4 CIDR block of the backup subnet is at least /24 (256 IP addresses). If it is not, you must create a new subnet with a CIDR block of at least /24.
      This screenshot shows the VCN details.
    5. Navigate to Oracle Database, and then select Database Backups.
    6. From the Recovery Service Subnets section, and then select the Register Recovery Service subnet button.
      1. Enter a descriptive Name for your recovery service subnet.
      2. From the dropdown list, select the Compartment where the recovery service subnet will be created.
      3. Select the Virtual cloud network in compartment from the list.
      4. Select Virtual cloud network used by the VM Cluster and the Backup Subnet.
      5. Expand the Advanced options section, and then enable the Use network security groups to control traffic option.
      6. Select the Backup network security group of the VM cluster that you are using.
      7. Once you complete, select the Register button.This screenshot shows how to register Recovery Service subnet.
      8. If it is successful, the State of Recovery Service subnet will change to Active. This screenshot shows the status of Recovery Service Subnet.
    7. In the VM Cluster Information tab, right-click the link next to Backup network security groups, and open it in a new browser tab.
      1. Navigate to the Security rules tab.
      2. Add stateful ingress rules to allow access from the entire CIDR range of the VCN where the database resides, permitting all source ports to destination ports 2484 and 8005.
      3. Add egress rules to allow access to destination ports 2484 and 8005 from the full CIDR range of the VCN where the database resides.This screenshot shows how to add egress rules.

    For more information, see Configuring Network Resources for Recovery Service.

  • If your ODB network is created after Autonomous Recovery Service GA date, then the automation generates the Autonomous Recovery Service network configuration requirements.
    Note

    In existing tenancies, newly created ODB Networks are automated

Create Autonomous Recovery Service Protection Policy(s) with locality enforcement

  1. Navigate to Oracle Database, select Database Backups, and then select the Protection policies.
  2. To create protection policies, select the Create protection policy, and then complete the following substeps.
    1. Enter a descriptive Name for your protection policy.
    2. Select the Create in compartment from the list.
    3. Select your desired backup retention period from the Backup retention period ( in days) list.
    4. Enable the retention lock option if it is required.
    5. Enable the Store backups in the same cloud provider as the database option if you want to store the backups in AWS.
    This screenshot shows how to create Autonomous Recovery Service protection policy.

For more information, see Protection Policy(s) with locality enforcement.