diff --git a/identify-slow-queries.md b/identify-slow-queries.md index 2015f622c55cf..ce2dc0e10778a 100644 --- a/identify-slow-queries.md +++ b/identify-slow-queries.md @@ -167,6 +167,11 @@ Fields related to Resource Control: * `Request_unit_write`: the total write RUs consumed by the statement. * `Time_queued_by_rc`: the total time that the statement waits for available resources. +Fields related to storage engines: + +- `Storage_from_kv`: introduced in v8.5.5, indicates whether this statement read data from TiKV. +- `Storage_from_mpp`: introduced in v8.5.5, indicates whether this statement read data from TiFlash. + ## Related system variables * [`tidb_slow_log_threshold`](/system-variables.md#tidb_slow_log_threshold): Sets the threshold for the slow log. The SQL statement whose execution time exceeds this threshold is recorded in the slow log. The default value is 300 (ms). diff --git a/statement-summary-tables.md b/statement-summary-tables.md index ca7ff75e0a609..80d4a0d0b6d01 100644 --- a/statement-summary-tables.md +++ b/statement-summary-tables.md @@ -455,6 +455,11 @@ Fields related to Resource Control: - `MAX_QUEUED_RC_TIME`: the maximum waiting time for available RU when executing SQL statements. - `RESOURCE_GROUP`: the resource group bound to SQL statements. +Fields related to storage engines: + +- `STORAGE_KV`: introduced in v8.5.5, indicates whether the previous execution of SQL statements of this category read data from TiKV. +- `STORAGE_MPP`: introduced in v8.5.5, indicates whether the previous execution of SQL statements of this category read data from TiFlash. + ### `statements_summary_evicted` fields description - `BEGIN_TIME`: Records the starting time. diff --git a/tidb-cloud/delete-tidb-cluster.md b/tidb-cloud/delete-tidb-cluster.md index 92c15e9e1cdf0..19b2d20f5e13d 100644 --- a/tidb-cloud/delete-tidb-cluster.md +++ b/tidb-cloud/delete-tidb-cluster.md @@ -32,7 +32,7 @@ You can delete a cluster at any time by performing the following steps: Once a backed up TiDB Cloud Dedicated cluster is deleted, the existing backup files of the cluster are moved to the recycle bin. - - Automatic backups will expire and be automatically deleted once the retention period ends. The default retention period is 7 days if you don't modify it. + - Automatic backups will expire and be automatically deleted once the retention period ends, except for the latest one. The default retention period is 7 days if you don't modify it. The latest automatic backup will not be deleted unless you explicitly delete it. - Manual backups will be kept in the Recycle Bin until manually deleted. > **Note:** diff --git a/tidb-cloud/premium/backup-and-restore-premium.md b/tidb-cloud/premium/backup-and-restore-premium.md index fad03aa08df14..2374062c019e7 100644 --- a/tidb-cloud/premium/backup-and-restore-premium.md +++ b/tidb-cloud/premium/backup-and-restore-premium.md @@ -192,11 +192,15 @@ To restore backups from cloud storage, do the following: 2. On the **Select Backup Storage Location** page, provide the following information: - **Cloud Provider**: select the cloud provider where your backup files are stored. - - **Region**: if your cloud provider is Alibaba Cloud OSS, select a Region. + - **Region**: if your cloud provider is Alibaba Cloud OSS, select a region. - **Backup Files URI**: enter the URI of the top-level folder that contains your backup files. - **Access Key ID**: enter your access key ID. - **Access Key Secret**: enter your access key secret. + > **Tip:** + > + > To create an access key for your storage bucket, see [Configure Amazon S3 access using an AWS access key](#configure-amazon-s3-access-using-an-aws-access-key) and [Configure Alibaba Cloud OSS access](#configure-alibaba-cloud-oss-access). + 3. Click **Verify Backup and Next**. 4. If the verification is successful, the **Restore to a New Instance** page appears. Review the backup information displayed at the top of the page, and then follow the steps in [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md) to restore the backup to a new instance. @@ -208,3 +212,113 @@ To restore backups from cloud storage, do the following: ## Limitations Currently, manual backups are not supported for {{{ .premium }}} instances. + +## References + +This section describes how to configure access for Amazon S3 and Alibaba Cloud OSS. + +### Configure Amazon S3 access using an AWS access key + +It is recommended that you use an IAM user, rather than the AWS account root user, to create an access key. + +Take the following steps to configure an access key: + +1. Create an IAM user and access key. + + 1. Create an IAM user. For more information, see [Create an IAM user in your AWS account](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console). + 2. Sign in to the [IAM console](https://console.aws.amazon.com/iam) using your AWS account ID or account alias, and your IAM user name and password. + 3. Create an access key. For more information, see [Manage access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey). + +2. Grant permissions to the IAM user. + + Create a policy with only the permissions required for your task and attach it to the IAM user. To restore data to a {{{ .premium }}} instance, grant the `s3:GetObject`, `s3:GetBucketLocation`, and `s3:ListBucket` permissions. + + The following is an example policy that allows TiDB Cloud to restore data from a specific folder in your Amazon S3 bucket. + + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowGetBucketLocation", + "Effect": "Allow", + "Action": "s3:GetBucketLocation", + "Resource": "arn:aws:s3:::" + }, + { + "Sid": "AllowListPrefix", + "Effect": "Allow", + "Action": "s3:ListBucket", + "Resource": "arn:aws:s3:::", + "Condition": { + "StringLike": { + "s3:prefix": "/*" + } + } + }, + { + "Sid": "AllowReadObjectsInPrefix", + "Effect": "Allow", + "Action": "s3:GetObject", + "Resource": "arn:aws:s3::://*" + } + ] + } + ``` + + In the preceding policy, replace `` and `` with your actual bucket name and backup directory. This configuration follows the principle of least privilege by limiting access to only the necessary backup files. + +> **Note:** +> +> TiDB Cloud does not store your access keys. To maintain security, [delete the access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) after the import or export task is complete. + +### Configure Alibaba Cloud OSS access + +To grant TiDB Cloud access to your Alibaba Cloud OSS bucket, you need to create an AccessKey pair for the bucket. + +Take the following steps to configure an AccessKey pair: + +1. Create a RAM user and obtain the AccessKey pair. For more information, see [Create a RAM user](https://www.alibabacloud.com/help/en/ram/user-guide/create-a-ram-user). + + In the **Access Mode** section, select **Using permanent AccessKey to access**. + +2. Create a custom policy with the required permissions. For more information, see [Create custom policies](https://www.alibabacloud.com/help/en/ram/user-guide/create-a-custom-policy). + + - In the **Effect** section, select **Allow**. + - In the **Service** section, select **Object Storage Service**. + - In the **Action** section, select the required permissions. To restore a backup to a TiDB Cloud instance, grant the `oss:ListObjects` and `oss:GetObject` permissions. + + > **Tip:** + > + > To enhance security for restore operations, you can restrict access to the specific folder (`oss:Prefix`) where your backup files are stored rather than granting access to the entire bucket. + + The following JSON example shows a policy for a restore task. This policy restricts access to a specific bucket and backup folder. + + ```json + { + "Version": "1", + "Statement": [ + { + "Effect": "Allow", + "Action": "oss:ListObjects", + "Resource": "acs:oss:*:*:", + "Condition": { + "StringLike": { + "oss:Prefix": "/*" + } + } + }, + { + "Effect": "Allow", + "Action": "oss:GetObject", + "Resource": "acs:oss:*:*://*" + } + ] + } + ``` + + - In the **Resource** section, select the bucket and the specific objects in the bucket. + +3. Attach the custom policies to the RAM user. + + For more information, see [Grant permissions to a RAM user](https://www.alibabacloud.com/help/en/ram/user-guide/grant-permissions-to-the-ram-user).