Using Amazon Backup and Oracle RMAN for backup/restore of Oracle databases on Amazon EC2: Part 1

{"value":"Customers running Oracle databases on [Amazon Elastic Compute Cloud (Amazon EC2)](https://aws.amazon.com/ec2/) often take database and schema backups using Oracle native tools, like [Data Pump](https://docs.oracle.com/en/database/oracle/oracle-database/19/sutil/oracle-data-pump-overview.html) andRecovery Manager [Recovery Manager](https://docs.oracle.com/en/database/oracle/oracle-database/19/bradv/getting-started-rman.html) (RMAN), to satisfy data protection, disaster recovery (DR), and compliance requirements. A priority is to reduce backup time as the data grows exponentially and recover sooner in case of failure/disaster.\n\nIn situations where RMAN backup is used as a DR solution, using [AWS Backup](https://aws.amazon.com/backup/) to backup the file system and using RMAN to backup the archive logs are an efficient method to perform Oracle database point-in-time recovery in the event of a disaster.\n\n##### **Sample use cases:**\n\n1. Quickly build a copy of production database to test bug fixes or for a tuning exercise.\n2. Recover from a user error that removes data or corrupts existing data.\n3. A complete database recovery after a media failure.\n\n##### **There are two options to backup the archive logs using RMAN:**\n\n1. Using [Oracle Secure Backup (OSB)](https://docs.oracle.com/cd/E16926_01/doc.121/e16563/intro.htm#OBINS101) and an [Amazon Simple Storage Service](https://aws.amazon.com/cn/s3/?trk=cndc-detail) ([Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail)) bucket as the storage for archive logs\n2. Using [Amazon Elastic File System](https://aws.amazon.com/cn/efs/?trk=cndc-detail) ([Amazon EFS](https://aws.amazon.com/cn/efs/?trk=cndc-detail)) as the storage for archive logs\n\ninstance, including the OS image, Oracle binaries, logs, and data files. In this post, we will use Oracle RMAN to perform archived redo log backup to an [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) bucket. Then, we demonstrate the steps to restore a database to a specific point-in-time using [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) and Oracle RMAN.\n\n\n### **Solution overview**\n\n\nFigure 1 demonstrates the workflow:\n\n1. Oracle database on [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)configured with Oracle Secure Backup (OSB)\n2. [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) service to backup EC2 instance at regular intervals.\n3. [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/) role for EC2 instance that grants permission to write archive log backups to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail)\n4. S3 bucket for storing Oracle RMAN archive log backups\n\n\n\nFigure 1. Oracle Database in [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)using [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) and S3 for backup and restore\n\n\n### **Prerequisites**\n\n\nFor this solution, the following prerequisites are required:\n\n1. An AWS account\n2. Oracle database and AWS CLI in an EC2 instance\n3. Access to configure [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail)\n4. Acces to S3 bucket to store the RMAN archive log backup\n\n##### **1. Configure [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail)**\n\nYou can choose [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) to schedule daily backups of the EC2 instance. [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) efficiently stores your periodic backups [using backup plans](https://docs.aws.amazon.com/aws-backup/latest/devguide/about-backup-plans.html). Only the first EBS snapshot performs a full copy from Amazon Elastic Block Storage ([Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail)) to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail). All subsequent snapshots are incremental snapshots, copying just the changed blocks from [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail), thus, reducing backup duration and storage costs. Oracle supports [Storage Snapshot Optimization](https://docs.oracle.com/database/121/BRADV/osrecvry.htm#BRADV727), which takes third-party snapshots of the database without placing the database in backup mode. By default, [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) now creates crash-consistent backups of [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) volumes that are attached to an EC2 instance. Customers no longer have to stop their instance or coordinate between multiple [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) volumes attached to the same EC2 instance to ensure crash-consistency of their application state.\n\nYou can [create daily scheduled backup](https://docs.aws.amazon.com/aws-backup/latest/devguide/create-a-scheduled-backup.html) of EC2 instances. Figures 2, 3, and 4 are sample screenshots of the backup plan, associating an EC2 instance with the backup plan.\n\nhttps://d2908q01vomqb2.cloudfront.net/fc074d501302eb2b93e2554793fcaf50b3bf7291/2022/06/29/Figure-2.-Configure-backup-rule-using-AWS-Backup-Service.png\n\nFigure 2. Configure backup rule using [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail)\n\n\n\nFigure 3. Select EC2 instance containing Oracle Database for backup\n\n\n\nFigure 4. Summary screen showing the backup rule and resources managed by [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail)\n\n*Oracle RMAN archive log backup*\n\nOracle RMAN archive log backup\n\nWhile [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) is now creating a daily backup of the EC2 instance, we also want to make sure we backup the archived log files to a protected location. This will let us do point-in-time restores and restore to other recent times than just the last daily EC2 backup. Here, we provide the steps to backup archive log using RMAN to S3 bucket.\n\n*Backup/restore archive logs to/from [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) using OSB*\n\nBacking-up the [Oracle archive](https://www.oracle.com/cloud/storage/archive-storage/) logs is an important part of the process. In this section, we will describe how you can backup their Oracle Archive logs to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) using OSB. Note: OSB is a separately licensed product from Oracle Corporation, so you will need to be properly licensed for OSB if you use this approach.\n\n##### **2. Setup S3 bucket and IAM role**\n\nOracle Archive log backups can be scheduled using ```cron ```script to run at regular interval (for example, every 15 minutes). These backups are stored in an S3 bucket.\n\na. [Create an S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html) with [lifecycle policy](https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html) to transition the objects to S3 Standard-Infrequent Access.\nb. Attach the following policy to the IAM Role of EC2 containing Oracle database or [create an IAM role](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role)(```ec2access```\n) with the following policy and attach it to the EC2 instance. Update ```bucket-name``` with the bucket created in previous step.\n\nJSON\n\n```\\n {\\n \\"Sid\\": \\"S3BucketAccess\\",\\n \\"Effect\\": \\"Allow\\",\\n \\"Action\\": [\\n \\"s3:PutObject\\",\\n \\"s3:GetObjectAcl\\",\\n \\"s3:GetObject\\",\\n \\"s3:ListBucket\\",\\n \\"s3:DeleteObject\\"\\n ],\\n \\"Resource\\": [\\n \\"arn:aws:s3:::bucket-name\\",\\n \\"arn:aws:s3:::bucket-name/*\\"\\n ]\\n }\\n```\n\n##### **3. Setup OSB**\n\nAfter we have configured the backup of EC2 instance using [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail), we setup OSB in the EC2 instance. In these steps, we show the mechanism to configure OSB.\n\na. [Verify hardware and software prerequisites](https://docs.oracle.com/database/121/RCMRF/web_services.htm#GUID-692AA33C-C6C9-4F03-AD68-5DC9DC2B416D) for OSB Cloud Module.\nb. Login to the EC2 instance with User ID owning the Oracle Binaries.\nc. Download [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) backup installer file ([osbws_install.zip](https://www.oracle.com/database/technologies/secure-backup-s3.html))\nd. Create Oracle wallet directory.\n\nBash\n\n```\\nmkdir \$ORACLE_HOME/dbs/osbws_wallet\\n```\n\ne. Create a file (osbws.sh) in the EC2 instance with the following commands. Update IAM role with the one created/updated in Step 2b.\n\nBash\n\n```\\njava -jar osbws_install.jar —IAMRole ec2access walletDir \$ORACLE_HOME/dbs/osbws_wallet -libDir \$ORACLE_HOME/lib/\\n```\n\nf. Change permission and run the file.\n\nBash\n\n```\\nchmod 700 osbws.sh\\n./osbws.sh\\n\\nSample output: AWS credentials are valid.\\nOracle Secure Backup Web Service wallet created in directory /u01/app/oracle/product/19.3.0.0/db_1/dbs/osbws_wallet.\\nOracle Secure Backup Web Service initialization file /u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora created.\\nDownloading Oracle Secure Backup Web Service Software Library from file osbws_linux64.zip.\\nDownload complete.\\n```\n\ng. Set ORACLE_SID by executing below command:\n\n```\\n. oraenv\\n\\nh. Running the script – osbws.sh installs OSB libraries and creates a file called osbws<ORACLE_SID>.ora.\\ni. Add/modify below with S3 bucket(bucket-name) and region(ex:us-west-2) created in Step 2a.\\n```\n\nBash\n\n```\\nOSB_WS_HOST=http://s3.us-west-2.amazonaws.com\\nOSB_WS_BUCKET=bucket-name\\nOSB_WS_LOCATION=us-west-2\\n```\n\n##### **4. Configure RMAN backup to S3 bucket**\n\nWith OSB installed in the EC2 instance, you can backup Oracle archive logs to S3 bucket. These backups can be used to perform database point-in-time recovery in case of database crash/corruption. oratst is used as an example in below commands.\n\na. Configure RMAN repository. Example below uses Oracle 19c and Oracle Sid – ```oratst```.\n\nBash\n\n```\\nRMAN> configure channel device type sbt parms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)';\\n```\n\nb. Create a script (for example, ```rman_archive.sh```\n) with below commands, and schedule using crontab (example entry: ```*/5 * * * * rman_archive.sh```) to run every 5 minutes. This will makes sure Oracle Archive logs are backed up to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) frequently, thus ensuring an recovery point objective (RPO) of 5 minutes.\n\nBash\n\n```\\ndt=`date +%Y%m%d_%H%M%S`\\n\\nrman target / log=rman_arch_bkup_oratst_\${dt}.log <<EOF\\n\\nRUN\\n{\\n\\tallocate channel c1_s3 device type sbt\\n\\tparms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)' MAXPIECESIZE 10G;\\n\\n\\tBACKUP ARCHIVELOG ALL delete all input;\\n\\tBackup CURRENT CONTROLFILE;\\n\\nrelease channel c1_s3;\\n\\t\\n}\\n\\nEOF\\n```\n\nc. Copy RMAN logs to S3 bucket. These logs contain the database identifier (DBID) that is required when we have to restore the database using Oracle RMAN.\n\nBash\n\n```\\naws s3 cp rman_arch_bkup_oratst_\${dt}.log s3://bucket-name\\n\\n```\n\n##### **5. Perform database point-in-time recovery**\n\nIn the event of a database crash/corruption, we can use [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) service and Oracle RMAN Archive log backup to recover database to a specific point-in-time.\n\na. Typically, you would pick the most recent recovery point completed before the time you wish to recover. Using [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail), identify the recovery point ID to restore by following the steps on[ restoring an Amazon EC2 instance](https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-ec2.html). Note: when following the steps, be sure to set the “User data” settings as described in the next bullet item.\n\nAfter the EBS volumes are created from the snapshot, there is no need to wait for all of the data to transfer from [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) to your EBS volume before your attached instance can start accessing the volume. [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) snapshots implement lazy loading, so that you can begin using them right away.\n\nb. Be sure the database does not start automatically after restoring the EC2 instance, by renaming ```/etc/oratab```\n. Use the following command in “User data” section while restoring EC2 instance. After database recovery, we can rename it back to ```/etc/oratab```.\n\nBash\n\n```\\n#!/usr/bin/sh\\nsudo su - \\nmv /etc/oratab /etc/oratab_bk\\n```\n\nc. Login to the EC2 instance once it is up, and execute the RMAN recovery commands mentioned. Identify the ```DBID```from RMAN logs saved in the S3 bucket. These commands use database ```oratst ```as an example:\n\nBash\n\n```\\nrman target /\\n\\nRMAN> startup nomount\\n\\nRMAN> set dbid DBID\\n\\n# Below command is to restore the controlfile from autobackup\\n\\nRMAN> RUN\\n{\\n allocate channel c1_s3 device type sbt\\n\\tparms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)';\\n\\n RESTORE CONTROLFILE FROM AUTOBACKUP;\\n alter database mount;\\n\\n release channel c1_s3;\\n}\\n```\n\nIn Figure 5, the most recent archive log backed up is 380, so you can use this sequence number in the next set of RMAN commands.\n\n\n\nFigure 5. Sample output of Oracle RMAN “list backup” command\n\nBash\n\n```\\nRMAN> RUN\\n{\\n allocate channel c1_s3 device type sbt\\n\\tparms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)';\\n\\n recover database until sequence sequence_number;\\n ALTER DATABASE OPEN RESETLOGS;\\n release channel c1_s3;\\n}\\n```\n\nd. To avoid performance issues due to lazy loading, after the database is open, run the following command to force a faster restoration of the blocks from S3 bucket to EBS volumes (this example allocates two channels and [validates ](https://docs.oracle.com/database/121/BRADV/rcmvalid.htm#BRADV90063)the entire database).\n\nBash\n\n```\\nRMAN> RUN\\n{\\n ALLOCATE CHANNEL c1 DEVICE TYPE DISK;\\n ALLOCATE CHANNEL c2 DEVICE TYPE DISK;\\n VALIDATE database section size 1200M;\\n}\\n```\n\ne. This completes the recovery of database, and we can let the database automatically start by renaming file back to ```/etc/oratab```.\n\nBash\n\n```\\nmv /etc/oratab_bk /etc/oratab\\n```\n\n##### **6. Backup retention**\n\nEnsure that the [AWS Backup lifecycle policy](https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-backup-plan.html#plan-options-and-configuration) matches the Oracle Archive log backup retention. Also, follow documentation to configure Oracle backup [retention ](https://docs.oracle.com/en/database/oracle/oracle-database/19/admqs/performing-backup-and-recovery.html#GUID-48AD8DE1-B7F4-4909-939E-A0951C118AE8)and delete [expired ](https://docs.oracle.com/en/database/oracle/oracle-database/19/admqs/performing-backup-and-recovery.html#GUID-83CED39F-DC23-4539-9668-32C89676904E)backups. This is a sample command for Oracle backup retention:\n\nBash\n\n```\\nCONFIGURE BACKUP OPTIMIZATION ON;\\nCONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 31 DAYS; \\n\\nRMAN> RUN\\n{\\n allocate channel c1_s3 device type sbt\\n\\tparms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)';\\n\\n crosscheck backup;\\n delete noprompt obsolete;\\n delete noprompt expired backup;\\n\\n release channel c1_s3;\\n}\\n```\n\n### **Cleanup**\n\nFollow below instructions to remove or cleanup the setup:\n\n1. [Delete the backup plan](https://docs.aws.amazon.com/aws-backup/latest/devguide/deleting-a-backup-plan.html) created in Step 1.\n2. [Uninstall Oracle Secure Backup](https://docs.oracle.com/en/database/oracle/secure-backup/18/obins/uninstall.html) from the EC2 instance.\n3. [Delete/Update IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html) (```ec2access```) to remove access from the S3 bucket used to store archive logs.\n4. Remove the cron entry from the EC2 instance configured in Step 4b.\n5. [Delete the S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-bucket.html) that was created in Step 2a to store Oracle RMAN archive log backups.\n\n### **Conclusion**\n\nIn this post, we demonstrate how to use [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) and Oracle RMAN Archive log backup of Oracle databases running on [Amazon EC2 ](https://aws.amazon.com/cn/ec2/?trk=cndc-detail)can restore and recover efficiently to a point-in-time, without requiring an extra-step of restoring data files. Data files are restored as part of the [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) EC2 instance restoration. You can leverage this solution to facilitate restoring copies of your production database for development or testing purposes, plus recover from a user error that removes data or corrupts existing data.\n\nTo learn more about [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail), refer to the [AWS Backup AWS Backup Documentation.](https://docs.aws.amazon.com/aws-backup/)\n\n\n\n### **Jeevan Shetty**\n\nJeevan Shetty is a Consultant with the AWS Proserve Team. He has been supporting and enabling customers to migrate their database from OnPrem data center to AWS cloud and also in migration from commercial database engines to open source database in Amazon.\n\n\n\n### **Bhanu Ganesh Gudivada**\n\nBhanu Ganesh Gudivada is a Database Consultant with the Professional Services team at AWS and specializes in database migrations. He has been supporting and enabling customers to build high-available, cost-effective database solutions and migrate their commercial engines to AWS cloud. Bhanu is curious to learn and implement new technologies around the databases and orchestrate migrations through automation.\n\n\n\n### **Santhosh Kumar Adapa**\n\nSanthosh Kumar Adapa is a Database Consultant with the Professional Services team at AWS. He works as a database migration specialist to help Amazon customers in design and implementing scalable, secure, performant, and robust database solutions on the cloud.\n\n\n\n\n### **Srini Ramaswamy**\n\nSrini Ramaswamy is a Consultant with the AWS Proserve Team. He has been supporting and enabling customers to migrate their database from OnPrem data center to AWS cloud and also in migration from commercial database engines to open source database in Amazon.","render":"<p>Customers running Oracle databases on <a href=\\"https://aws.amazon.com/ec2/\\" target=\\"_blank\\">Amazon Elastic Compute Cloud (Amazon EC2)</a> often take database and schema backups using Oracle native tools, like <a href=\\"https://docs.oracle.com/en/database/oracle/oracle-database/19/sutil/oracle-data-pump-overview.html\\" target=\\"_blank\\">Data Pump</a> andRecovery Manager <a href=\\"https://docs.oracle.com/en/database/oracle/oracle-database/19/bradv/getting-started-rman.html\\" target=\\"_blank\\">Recovery Manager</a> (RMAN), to satisfy data protection, disaster recovery (DR), and compliance requirements. A priority is to reduce backup time as the data grows exponentially and recover sooner in case of failure/disaster.</p>\\n<p>In situations where RMAN backup is used as a DR solution, using <a href=\\"https://aws.amazon.com/backup/\\" target=\\"_blank\\">AWS Backup</a> to backup the file system and using RMAN to backup the archive logs are an efficient method to perform Oracle database point-in-time recovery in the event of a disaster.</p>\\n<h5><a id=\\"Sample_use_cases_4\\"></a><strong>Sample use cases:</strong></h5>\\n<ol>\\n<li>Quickly build a copy of production database to test bug fixes or for a tuning exercise.</li>\n<li>Recover from a user error that removes data or corrupts existing data.</li>\n<li>A complete database recovery after a media failure.</li>\n</ol>\\n<h5><a id=\\"There_are_two_options_to_backup_the_archive_logs_using_RMAN_10\\"></a><strong>There are two options to backup the archive logs using RMAN:</strong></h5>\\n<ol>\\n<li>Using <a href=\\"https://docs.oracle.com/cd/E16926_01/doc.121/e16563/intro.htm#OBINS101\\" target=\\"_blank\\">Oracle Secure Backup (OSB)</a> and an [Amazon Simple Storage Service](https://aws.amazon.com/cn/s3/?trk=cndc-detail) ([Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail)) bucket as the storage for archive logs</li>\\n<li>Using Amazon Elastic File System (Amazon EFS) as the storage for archive logs</li>\n</ol>\\n<p>instance, including the OS image, Oracle binaries, logs, and data files. In this post, we will use Oracle RMAN to perform archived redo log backup to an Amazon S3 bucket. Then, we demonstrate the steps to restore a database to a specific point-in-time using AWS Backup and Oracle RMAN.</p>\n<h3><a id=\\"Solution_overview_18\\"></a><strong>Solution overview</strong></h3>\\n<p>Figure 1 demonstrates the workflow:</p>\n<ol>\\n<li>Oracle database on Amazon EC2 configured with Oracle Secure Backup (OSB)</li>\n<li>AWS Backup service to backup EC2 instance at regular intervals.</li>\n<li><a href=\\"https://aws.amazon.com/iam/\\" target=\\"_blank\\">AWS Identity and Access Management (IAM)</a> role for EC2 instance that grants permission to write archive log backups to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail)</li>\\n<li>S3 bucket for storing Oracle RMAN archive log backups</li>\n</ol>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/037fdbb1141d478792ad047c27e8b01e_image.png\\" alt=\\"image.png\\" /></p>\n<p>Figure 1. Oracle Database in Amazon EC2 using AWS Backup and S3 for backup and restore</p>\n<h3><a id=\\"Prerequisites_33\\"></a><strong>Prerequisites</strong></h3>\\n<p>For this solution, the following prerequisites are required:</p>\n<ol>\\n<li>An AWS account</li>\n<li>Oracle database and AWS CLI in an EC2 instance</li>\n<li>Access to configure AWS Backup</li>\n<li>Acces to S3 bucket to store the RMAN archive log backup</li>\n</ol>\\n<h5><a id=\\"1_Configure_AWS_Backup_43\\"></a><strong>1. Configure AWS Backup</strong></h5>\\n<p>You can choose AWS Backup to schedule daily backups of the EC2 instance. AWS Backup efficiently stores your periodic backups <a href=\\"https://docs.aws.amazon.com/aws-backup/latest/devguide/about-backup-plans.html\\" target=\\"_blank\\">using backup plans</a>. Only the first EBS snapshot performs a full copy from Amazon Elastic Block Storage ([Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail)) to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail). All subsequent snapshots are incremental snapshots, copying just the changed blocks from [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail), thus, reducing backup duration and storage costs. Oracle supports <a href=\\"https://docs.oracle.com/database/121/BRADV/osrecvry.htm#BRADV727\\" target=\\"_blank\\">Storage Snapshot Optimization</a>, which takes third-party snapshots of the database without placing the database in backup mode. By default, [AWS Backup](https://aws.amazon.com/cn/backup/?trk=cndc-detail) now creates crash-consistent backups of [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) volumes that are attached to an EC2 instance. Customers no longer have to stop their instance or coordinate between multiple [Amazon EBS](https://aws.amazon.com/cn/ebs/?trk=cndc-detail) volumes attached to the same EC2 instance to ensure crash-consistency of their application state.</p>\\n<p>You can <a href=\\"https://docs.aws.amazon.com/aws-backup/latest/devguide/create-a-scheduled-backup.html\\" target=\\"_blank\\">create daily scheduled backup</a> of EC2 instances. Figures 2, 3, and 4 are sample screenshots of the backup plan, associating an EC2 instance with the backup plan.</p>\\n<p>https://d2908q01vomqb2.cloudfront.net/fc074d501302eb2b93e2554793fcaf50b3bf7291/2022/06/29/Figure-2.-Configure-backup-rule-using-AWS-Backup-Service.png</p>\n<p>Figure 2. Configure backup rule using AWS Backup</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/c2d55d86cfc343019dd91b819a322257_image.png\\" alt=\\"image.png\\" /></p>\n<p>Figure 3. Select EC2 instance containing Oracle Database for backup</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/c534c4935d7b4ae88df04c36f098c17a_image.png\\" alt=\\"image.png\\" /></p>\n<p>Figure 4. Summary screen showing the backup rule and resources managed by AWS Backup</p>\n<p><em>Oracle RMAN archive log backup</em></p>\\n<p>Oracle RMAN archive log backup</p>\n<p>While AWS Backup is now creating a daily backup of the EC2 instance, we also want to make sure we backup the archived log files to a protected location. This will let us do point-in-time restores and restore to other recent times than just the last daily EC2 backup. Here, we provide the steps to backup archive log using RMAN to S3 bucket.</p>\n<p><em>Backup/restore archive logs to/from Amazon S3 using OSB</em></p>\\n<p>Backing-up the <a href=\\"https://www.oracle.com/cloud/storage/archive-storage/\\" target=\\"_blank\\">Oracle archive</a> logs is an important part of the process. In this section, we will describe how you can backup their Oracle Archive logs to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) using OSB. Note: OSB is a separately licensed product from Oracle Corporation, so you will need to be properly licensed for OSB if you use this approach.</p>\\n<h5><a id=\\"2_Setup_S3_bucket_and_IAM_role_71\\"></a><strong>2. Setup S3 bucket and IAM role</strong></h5>\\n<p>Oracle Archive log backups can be scheduled using <code>cron </code>script to run at regular interval (for example, every 15 minutes). These backups are stored in an S3 bucket.</p>\\n<p>a. <a href=\\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html\\" target=\\"_blank\\">Create an S3 bucket</a> with <a href=\\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/how-to-set-lifecycle-configuration-intro.html\\" target=\\"_blank\\">lifecycle policy</a> to transition the objects to S3 Standard-Infrequent Access.<br />\\nb. Attach the following policy to the IAM Role of EC2 containing Oracle database or <a href=\\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role\\" target=\\"_blank\\">create an IAM role</a>(<code>ec2access</code><br />\\n) with the following policy and attach it to the EC2 instance. Update <code>bucket-name</code> with the bucket created in previous step.</p>\\n<p>JSON</p>\n<pre><code class=\\"lang-\\"> {\\n &quot;Sid&quot;: &quot;S3BucketAccess&quot;,\\n &quot;Effect&quot;: &quot;Allow&quot;,\\n &quot;Action&quot;: [\\n &quot;s3:PutObject&quot;,\\n &quot;s3:GetObjectAcl&quot;,\\n &quot;s3:GetObject&quot;,\\n &quot;s3:ListBucket&quot;,\\n &quot;s3:DeleteObject&quot;\\n ],\\n &quot;Resource&quot;: [\\n &quot;arn:aws:s3:::bucket-name&quot;,\\n &quot;arn:aws:s3:::bucket-name/*&quot;\\n ]\\n }\\n</code></pre>\\n<h5><a id=\\"3_Setup_OSB_99\\"></a><strong>3. Setup OSB</strong></h5>\\n<p>After we have configured the backup of EC2 instance using AWS Backup, we setup OSB in the EC2 instance. In these steps, we show the mechanism to configure OSB.</p>\n<p>a. <a href=\\"https://docs.oracle.com/database/121/RCMRF/web_services.htm#GUID-692AA33C-C6C9-4F03-AD68-5DC9DC2B416D\\" target=\\"_blank\\">Verify hardware and software prerequisites</a> for OSB Cloud Module.<br />\\nb. Login to the EC2 instance with User ID owning the Oracle Binaries.<br />\\nc. Download Amazon S3 backup installer file (<a href=\\"https://www.oracle.com/database/technologies/secure-backup-s3.html\\" target=\\"_blank\\">osbws_install.zip</a>)<br />\\nd. Create Oracle wallet directory.</p>\n<p>Bash</p>\n<pre><code class=\\"lang-\\">mkdir \$ORACLE_HOME/dbs/osbws_wallet\\n</code></pre>\\n<p>e. Create a file (osbws.sh) in the EC2 instance with the following commands. Update IAM role with the one created/updated in Step 2b.</p>\n<p>Bash</p>\n<pre><code class=\\"lang-\\">java -jar osbws_install.jar —IAMRole ec2access walletDir \$ORACLE_HOME/dbs/osbws_wallet -libDir \$ORACLE_HOME/lib/\\n</code></pre>\\n<p>f. Change permission and run the file.</p>\n<p>Bash</p>\n<pre><code class=\\"lang-\\">chmod 700 osbws.sh\\n./osbws.sh\\n\\nSample output: AWS credentials are valid.\\nOracle Secure Backup Web Service wallet created in directory /u01/app/oracle/product/19.3.0.0/db_1/dbs/osbws_wallet.\\nOracle Secure Backup Web Service initialization file /u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora created.\\nDownloading Oracle Secure Backup Web Service Software Library from file osbws_linux64.zip.\\nDownload complete.\\n</code></pre>\\n<p>g. Set ORACLE_SID by executing below command:</p>\n<pre><code class=\\"lang-\\">. oraenv\\n\\nh. Running the script – osbws.sh installs OSB libraries and creates a file called osbws&lt;ORACLE_SID&gt;.ora.\\ni. Add/modify below with S3 bucket(bucket-name) and region(ex:us-west-2) created in Step 2a.\\n</code></pre>\\n<p>Bash</p>\n<pre><code class=\\"lang-\\">OSB_WS_HOST=http://s3.us-west-2.amazonaws.com\\nOSB_WS_BUCKET=bucket-name\\nOSB_WS_LOCATION=us-west-2\\n</code></pre>\\n<h5><a id=\\"4_Configure_RMAN_backup_to_S3_bucket_154\\"></a><strong>4. Configure RMAN backup to S3 bucket</strong></h5>\\n<p>With OSB installed in the EC2 instance, you can backup Oracle archive logs to S3 bucket. These backups can be used to perform database point-in-time recovery in case of database crash/corruption. oratst is used as an example in below commands.</p>\n<p>a. Configure RMAN repository. Example below uses Oracle 19c and Oracle Sid – <code>oratst</code>.</p>\\n<p>Bash</p>\n<pre><code class=\\"lang-\\">RMAN&gt; configure channel device type sbt parms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)';\\n</code></pre>\\n<p>b. Create a script (for example, <code>rman_archive.sh</code><br />\\n) with below commands, and schedule using crontab (example entry: <code>*/5 * * * * rman_archive.sh</code>) to run every 5 minutes. This will makes sure Oracle Archive logs are backed up to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) frequently, thus ensuring an recovery point objective (RPO) of 5 minutes.</p>\\n<p>Bash</p>\n<pre><code class=\\"lang-\\">dt=`date +%Y%m%d_%H%M%S`\\n\\nrman target / log=rman_arch_bkup_oratst_\${dt}.log &lt;&lt;EOF\\n\\nRUN\\n{\\n\\tallocate channel c1_s3 device type sbt\\n\\tparms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)' MAXPIECESIZE 10G;\\n\\n\\tBACKUP ARCHIVELOG ALL delete all input;\\n\\tBackup CURRENT CONTROLFILE;\\n\\nrelease channel c1_s3;\\n\\t\\n}\\n\\nEOF\\n</code></pre>\\n<p>c. Copy RMAN logs to S3 bucket. These logs contain the database identifier (DBID) that is required when we have to restore the database using Oracle RMAN.</p>\n<p>Bash</p>\n<pre><code class=\\"lang-\\">aws s3 cp rman_arch_bkup_oratst_\${dt}.log s3://bucket-name\\n\\n</code></pre>\\n<h5><a id=\\"5_Perform_database_pointintime_recovery_200\\"></a><strong>5. Perform database point-in-time recovery</strong></h5>\\n<p>In the event of a database crash/corruption, we can use AWS Backup service and Oracle RMAN Archive log backup to recover database to a specific point-in-time.</p>\n<p>a. Typically, you would pick the most recent recovery point completed before the time you wish to recover. Using AWS Backup, identify the recovery point ID to restore by following the steps on<a href=\\"https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-ec2.html\\" target=\\"_blank\\"> restoring an Amazon EC2 instance</a>. Note: when following the steps, be sure to set the “User data” settings as described in the next bullet item.</p>\\n<p>After the EBS volumes are created from the snapshot, there is no need to wait for all of the data to transfer from Amazon S3 to your EBS volume before your attached instance can start accessing the volume. Amazon EBS snapshots implement lazy loading, so that you can begin using them right away.</p>\n<p>b. Be sure the database does not start automatically after restoring the EC2 instance, by renaming <code>/etc/oratab</code><br />\\n. Use the following command in “User data” section while restoring EC2 instance. After database recovery, we can rename it back to <code>/etc/oratab</code>.</p>\\n<p>Bash</p>\n<pre><code class=\\"lang-\\">#!/usr/bin/sh\\nsudo su - \\nmv /etc/oratab /etc/oratab_bk\\n</code></pre>\\n<p>c. Login to the EC2 instance once it is up, and execute the RMAN recovery commands mentioned. Identify the <code>DBID</code>from RMAN logs saved in the S3 bucket. These commands use database <code>oratst </code>as an example:</p>\\n<p>Bash</p>\n<pre><code class=\\"lang-\\">rman target /\\n\\nRMAN&gt; startup nomount\\n\\nRMAN&gt; set dbid DBID\\n\\n# Below command is to restore the controlfile from autobackup\\n\\nRMAN&gt; RUN\\n{\\n allocate channel c1_s3 device type sbt\\n\\tparms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)';\\n\\n RESTORE CONTROLFILE FROM AUTOBACKUP;\\n alter database mount;\\n\\n release channel c1_s3;\\n}\\n</code></pre>\\n<p>In Figure 5, the most recent archive log backed up is 380, so you can use this sequence number in the next set of RMAN commands.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/0e5180bace52476bbe60dc11d1632220_image.png\\" alt=\\"image.png\\" /></p>\n<p>Figure 5. Sample output of Oracle RMAN “list backup” command</p>\n<p>Bash</p>\n<pre><code class=\\"lang-\\">RMAN&gt; RUN\\n{\\n allocate channel c1_s3 device type sbt\\n\\tparms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)';\\n\\n recover database until sequence sequence_number;\\n ALTER DATABASE OPEN RESETLOGS;\\n release channel c1_s3;\\n}\\n</code></pre>\\n<p>d. To avoid performance issues due to lazy loading, after the database is open, run the following command to force a faster restoration of the blocks from S3 bucket to EBS volumes (this example allocates two channels and <a href=\\"https://docs.oracle.com/database/121/BRADV/rcmvalid.htm#BRADV90063\\" target=\\"_blank\\">validates </a>the entire database).</p>\\n<p>Bash</p>\n<pre><code class=\\"lang-\\">RMAN&gt; RUN\\n{\\n ALLOCATE CHANNEL c1 DEVICE TYPE DISK;\\n ALLOCATE CHANNEL c2 DEVICE TYPE DISK;\\n VALIDATE database section size 1200M;\\n}\\n</code></pre>\\n<p>e. This completes the recovery of database, and we can let the database automatically start by renaming file back to <code>/etc/oratab</code>.</p>\\n<p>Bash</p>\n<pre><code class=\\"lang-\\">mv /etc/oratab_bk /etc/oratab\\n</code></pre>\\n<h5><a id=\\"6_Backup_retention_285\\"></a><strong>6. Backup retention</strong></h5>\\n<p>Ensure that the <a href=\\"https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-backup-plan.html#plan-options-and-configuration\\" target=\\"_blank\\">AWS Backup lifecycle policy</a> matches the Oracle Archive log backup retention. Also, follow documentation to configure Oracle backup <a href=\\"https://docs.oracle.com/en/database/oracle/oracle-database/19/admqs/performing-backup-and-recovery.html#GUID-48AD8DE1-B7F4-4909-939E-A0951C118AE8\\" target=\\"_blank\\">retention </a>and delete <a href=\\"https://docs.oracle.com/en/database/oracle/oracle-database/19/admqs/performing-backup-and-recovery.html#GUID-83CED39F-DC23-4539-9668-32C89676904E\\" target=\\"_blank\\">expired </a>backups. This is a sample command for Oracle backup retention:</p>\\n<p>Bash</p>\n<pre><code class=\\"lang-\\">CONFIGURE BACKUP OPTIMIZATION ON;\\nCONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 31 DAYS; \\n\\nRMAN&gt; RUN\\n{\\n allocate channel c1_s3 device type sbt\\n\\tparms='SBT_LIBRARY=/u01/app/oracle/product/19.3.0.0/db_1/lib/libosbws.so,SBT_PARMS=(OSB_WS_PFILE=/u01/app/oracle/product/19.3.0.0/db_1/dbs/osbwsoratst.ora)';\\n\\n crosscheck backup;\\n delete noprompt obsolete;\\n delete noprompt expired backup;\\n\\n release channel c1_s3;\\n}\\n</code></pre>\\n<h3><a id=\\"Cleanup_308\\"></a><strong>Cleanup</strong></h3>\\n<p>Follow below instructions to remove or cleanup the setup:</p>\n<ol>\\n<li><a href=\\"https://docs.aws.amazon.com/aws-backup/latest/devguide/deleting-a-backup-plan.html\\" target=\\"_blank\\">Delete the backup plan</a> created in Step 1.</li>\\n<li><a href=\\"https://docs.oracle.com/en/database/oracle/secure-backup/18/obins/uninstall.html\\" target=\\"_blank\\">Uninstall Oracle Secure Backup</a> from the EC2 instance.</li>\\n<li><a href=\\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_delete.html\\" target=\\"_blank\\">Delete/Update IAM role</a> (<code>ec2access</code>) to remove access from the S3 bucket used to store archive logs.</li>\\n<li>Remove the cron entry from the EC2 instance configured in Step 4b.</li>\n<li><a href=\\"https://docs.aws.amazon.com/AmazonS3/latest/userguide/delete-bucket.html\\" target=\\"_blank\\">Delete the S3 bucket</a> that was created in Step 2a to store Oracle RMAN archive log backups.</li>\\n</ol>\n<h3><a id=\\"Conclusion_318\\"></a><strong>Conclusion</strong></h3>\\n<p>In this post, we demonstrate how to use AWS Backup and Oracle RMAN Archive log backup of Oracle databases running on Amazon EC2 can restore and recover efficiently to a point-in-time, without requiring an extra-step of restoring data files. Data files are restored as part of the AWS Backup EC2 instance restoration. You can leverage this solution to facilitate restoring copies of your production database for development or testing purposes, plus recover from a user error that removes data or corrupts existing data.</p>\n<p>To learn more about AWS Backup, refer to the <a href=\\"https://docs.aws.amazon.com/aws-backup/\\" target=\\"_blank\\">AWS Backup AWS Backup Documentation.</a></p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/10a21b2ea02f4a74813c22fe17d42a6c_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Jeevan_Shetty_326\\"></a><strong>Jeevan Shetty</strong></h3>\\n<p>Jeevan Shetty is a Consultant with the AWS Proserve Team. He has been supporting and enabling customers to migrate their database from OnPrem data center to AWS cloud and also in migration from commercial database engines to open source database in Amazon.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/7a30267b013b4314bad49077818dfc7d_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Bhanu_Ganesh_Gudivada_332\\"></a><strong>Bhanu Ganesh Gudivada</strong></h3>\\n<p>Bhanu Ganesh Gudivada is a Database Consultant with the Professional Services team at AWS and specializes in database migrations. He has been supporting and enabling customers to build high-available, cost-effective database solutions and migrate their commercial engines to AWS cloud. Bhanu is curious to learn and implement new technologies around the databases and orchestrate migrations through automation.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/9de92915ba884b05b3872da3f6374409_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Santhosh_Kumar_Adapa_338\\"></a><strong>Santhosh Kumar Adapa</strong></h3>\\n<p>Santhosh Kumar Adapa is a Database Consultant with the Professional Services team at AWS. He works as a database migration specialist to help Amazon customers in design and implementing scalable, secure, performant, and robust database solutions on the cloud.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/8007f383ea17463cab18598c6aa693ba_image.png\\" alt=\\"image.png\\" /></p>\n<h3><a id=\\"Srini_Ramaswamy_345\\"></a><strong>Srini Ramaswamy</strong></h3>\\n<p>Srini Ramaswamy is a Consultant with the AWS Proserve Team. He has been supporting and enabling customers to migrate their database from OnPrem data center to AWS cloud and also in migration from commercial database engines to open source database in Amazon.</p>\n"}