Stay organized with collections
Save and categorize content based on your preferences.
This page helps you to restore disks from a backup vault
in the Google Cloud console.
Before you begin
Grant the Backup and DR Disk Operator (roles/backupdr.diskOperator)
IAM role for the backup vault service agent of the vault in the target project where
restore is being performed.
Grant the following IAM roles for the user who performs the
restore in the backup vault project.
Backup and DR Restore User (roles/backupdr.restoreUser) for both backup vault and target project.
Compute Viewer (roles/compute.viewer) for only the target.
These predefined roles contain the permissions required to access the
backup vault in the project where the disks are located.
For specific permissions, see the following list.
All Compute Engine instances with vaulted backups are listed here.
Select the backup to restore. Either from the backup details
page for the backup, or from the more_vert
menu for the disk:
Select the disk Resource type.
Select a Resource name.
Browse to select the backup to restore.
The Restore project name is prepopulated with the current project,
but you can browse to a different project if you want to restore elsewhere.
Click Restore. You can view and monitor the restore job from the
Notifications bell.
The restored disk appears in the Compute Engine Storage > Disks
list, with the original name followed by a time and date stamp.
gcloud
If not already granted, grant the Backup and DR Disk Operator
(roles/backupdr.DiskOperator) IAM role to the
backup vault service agent in the recovery project where the VM is
being recovered.
To get the backup vault service account, use the following command.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Restore disks from a backup vault\n\nThis page helps you to restore disks from a backup vault\nin the Google Cloud console.\n\nBefore you begin\n----------------\n\n- Grant the Backup and DR Disk Operator (`roles/backupdr.diskOperator`)\n IAM role for the [backup vault service agent](/backup-disaster-recovery/docs/cloud-console/backup-vault-create#service-agent) of the vault in the target project where\n restore is being performed.\n\n- Grant the following IAM roles for the user who performs the\n restore in the backup vault project.\n\n - Backup and DR Restore User (`roles/backupdr.restoreUser`) for both backup vault and target project.\n - Compute Viewer (`roles/compute.viewer`) for only the target.\n\n These predefined roles contain the permissions required to access the\n backup vault in the project where the disks are located.\n For specific permissions, see the following list.\n - `backupdr.bvbackups.restore`\n - `backupdr.compute.restoreFromBackupVault`\n - `backupdr.backupVaults.get`\n - `backupdr.backupVaults.list`\n - `backupdr.bvbackups.list`\n - `backupdr.bvdataSources.get`\n - `backupdr.bvdataSources.list`\n - `backupdr.bvbackups.get`\n\n For more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\nRestore disks\n-------------\n\nUse the following instructions to restore disks used by a Compute Engine instance. \n\n### Console\n\n1. In the Google Cloud console, go to the **Vaulted backups** page.\n\n [Go to Vaulted backups](https://console.cloud.google.com/backupdr/vaulted-backups)\n\n All Compute Engine instances with vaulted backups are listed here.\n2. Select the backup to restore. Either from the backup details\n page for the backup, or from the more_vert\n menu for the disk:\n\n 1. Select the disk **Resource type**.\n 2. Select a **Resource name**.\n 3. Browse to select the backup to restore.\n 4. The **Restore project name** is prepopulated with the current project, but you can browse to a different project if you want to restore elsewhere.\n 5. Click **Restore**. You can view and monitor the restore job from the Notifications bell.\n 6. The restored disk appears in the Compute Engine **Storage** \\\u003e **Disks** list, with the original name followed by a time and date stamp.\n\n### gcloud\n\n1. If not already granted, grant the Backup and DR Disk Operator\n (`roles/backupdr.DiskOperator`) IAM role to the\n backup vault service agent in the recovery project where the VM is\n being recovered.\n\n2. To get the backup vault service account, use the following command.\n\n gcloud backup-dr backup-vaults describe \u003cvar translate=\"no\"\u003eBACKUPVAULT_NAME\u003c/var\u003e\n --location=\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eBACKUPVAULT_NAME\u003c/var\u003e: the backup vault name you want to restore data from.\n - \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of the backup vault.\n3. To restore a disk, use the following commands.\n\n - Restore a disk in the same project as the workload project with backup ID.\n\n gcloud backup-dr backups restore compute test-backup-id \\\n --project=\u003cvar translate=\"no\"\u003ePROJECT\u003c/var\u003e --location=\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e \\\n --backup-vault=\u003cvar translate=\"no\"\u003eBACKUPVAULT_NAME\u003c/var\u003e --data-source=\u003cvar translate=\"no\"\u003eDATA_SOURCE\u003c/var\u003e\\\n --name=\u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e --target-zone=\u003cvar translate=\"no\"\u003eTARGET_ZONE\u003c/var\u003e \\\n --target-project=\u003cvar translate=\"no\"\u003eTARGET_PROJECT\u003c/var\u003e\n\n - Restore a disk in the same project as the workload project with backup full resource URL.\n\n gcloud backup-dr backups restore compute projects/test-project-id/locations/us-central1/backupVaults/test-vault/dataSources/test-ds/backups/test-backup-id \\\n --name=\u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e --target-zone=\u003cvar translate=\"no\"\u003eTARGET_ZONE\u003c/var\u003e \\\n --target-project=\u003cvar translate=\"no\"\u003eTARGET_PROJECT\u003c/var\u003e\n\n - Restore a VM instance with custom service-account and network configuration.\n\n gcloud backup-dr backups restore compute test-backup-id \\\n --project=\u003cvar translate=\"no\"\u003ePROJECT\u003c/var\u003e --location=\u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e \\\n --backup-vault=\u003cvar translate=\"no\"\u003eBACKUPVAULT_NAME\u003c/var\u003e --data-source=\u003cvar translate=\"no\"\u003eDATA_SOURCE\u003c/var\u003e\\\n --name=\u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e --target-zone=\u003cvar translate=\"no\"\u003eTARGET_ZONE\u003c/var\u003e \\\n --target-project=\u003cvar translate=\"no\"\u003eTARGET_PROJECT\u003c/var\u003e \\\n --network-interface=network=\u003cvar translate=\"no\"\u003eNETWORK\u003c/var\u003e,subnet=\u003cvar translate=\"no\"\u003eSUBNET\u003c/var\u003e \\\n --service-account=\u003cvar translate=\"no\"\u003eSERVICE_ACCOUNT\u003c/var\u003e \\\n --scopes=\u003cvar translate=\"no\"\u003eSCOPE\u003c/var\u003e\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003ePROJECT\u003c/var\u003e: the name of the backup vault project.\n - \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: the location of the backup vault.\n - \u003cvar translate=\"no\"\u003eBACKUPVAULT_NAME\u003c/var\u003e: the backup vault name you want to restore data from.\n - \u003cvar translate=\"no\"\u003eDATA_SOURCE\u003c/var\u003e: the data source name you want to restore data from.\n - \u003cvar translate=\"no\"\u003eNAME\u003c/var\u003e: the name of the restored VM.\n - \u003cvar translate=\"no\"\u003eTARGET_ZONE\u003c/var\u003e: the region the VM is restored in.\n - \u003cvar translate=\"no\"\u003eTARGET_PROJECT\u003c/var\u003e: the project the VM is restored in.\n - \u003cvar translate=\"no\"\u003eNETWORK\u003c/var\u003e: the network URI of the VM.\n - \u003cvar translate=\"no\"\u003eSUBNET\u003c/var\u003e: the subnet URI of the VM.\n - \u003cvar translate=\"no\"\u003eSERVICE_ACCOUNT\u003c/var\u003e: the service account of the restored VM.\n - \u003cvar translate=\"no\"\u003eSCOPE\u003c/var\u003e: the authorization scope of the service account.\n\nTo override other VM properties, see [Overview of Backup and DR Service Google Cloud CLI commands](https://cloud.google.com/sdk/gcloud/reference/alpha/backup-dr/backups/restore).\n\nThe Backup and DR Compute Engine guide\n--------------------------------------\n\n- [Create and manage a backup plan for vaulted backups](/backup-disaster-recovery/docs/cloud-console/backup-plan-create)\n- [Check for the cloud credentials](/backup-disaster-recovery/docs/configuration/create-cloud-credentials)\n- [Discover and protect Compute Engine instances](/backup-disaster-recovery/docs/configuration/discover-and-protect-ce-inst)\n- [Mount backup images of Compute Engine Persistent Disk](/backup-disaster-recovery/docs/access-data/mount-snapshot-images-of-cloud-instances)\n- [Restore a Compute Engine instance](/backup-disaster-recovery/docs/restore-data/restore-instance)\n- [Import Persistent Disk snapshot images](/backup-disaster-recovery/docs/configuration/import-pdsnapshot-images)"]]
