Enable Scheduled Backups for Block Volumes

Risk Level: Medium (should be achieved)

Rule ID: OCI-BlockVolume-005

Ensure that backup policies are used to schedule backups for OCI Block Volumes in order to simplify and automate the management and scheduling of Block Volume snapshots. In Oracle Cloud Infrastructure (OCI), the Block Volume service provides three predefined backup policies to choose from:

Bronze plan - supports monthly incremental backups. At midnight on the 1st of the month. Retain 12 months. Yearly incremental backups. During first part of January. Retain 5 years.
Silver plan - supports weekly incremental backups. At midnight Sunday. Retain 4 weeks. Monthly incremental backups. At midnight on the 1st of the month. Retain 12 months. Yearly incremental backups. During first part of January. Retain 5 years.
Gold plan - supports daily incremental backups at midnight. Retain 7 days. Weekly incremental backups. At midnight Sunday. Retain 4 weeks. Monthly incremental backups. At midnight on the 1st of the month. Retain 12 months. Yearly incremental backups. During first part of January. Retain 5 years.

Reliability

Using backup policies to schedule Block Volume backups in Oracle Cloud Infrastructure (OCI) is crucial because it automates and simplifies data protection while maintaining a reliable, policy-driven strategy that is vital for ensuring consistent adherence to data compliance and regulatory requirements.

Audit

To determine if scheduled backups are enabled for your OCI Block Volumes, perform the following operations:

Using OCI Console

Sign in to your Oracle Cloud Infrastructure (OCI) account.
Navigate to Block Storage console available at https://cloud.oracle.com/block-storage/.
In the left navigation panel, choose Block Volumes, and select an OCI compartment from the Compartment dropdown menu, next to Applied filters, to list the Block Volumes provisioned in that compartment.
Click on the name (link) of the Block Volume that you want to examine, listed in the Name column.
Select the Details tab to access the general configuration information available for the selected volume.
In the Scheduled backups section, check the Backup policy attribute value to identify the name of the backup policy configured for the selected volume. If Backup policy is set to None, there is no backup policy assigned to your resource, therefore, scheduled backups are not enabled for the selected OCI Block Volume.

Using OCI CLI

Run iam compartment list command (Windows/macOS/Linux) with output query filters to list the ID of each compartment available in your Oracle Cloud Infrastructure (OCI) account:
```
oci iam compartment list
	--all
	--include-root
	--query 'data[]."id"'
```

The command output should return the requested OCI compartment identifiers (OCIDs):

[
	"ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.compartment.oc1..abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd1234abcd"
]

Run bv volume list command (Windows/macOS/Linux) with the ID of the OCI compartment that you want to examine as the identifier parameter, the list the ID of each Block Volume provisioned in the selected OCI compartment:
```
oci bv volume list
	--compartment-id 'ocid1.tenancy.oc1..aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--all
	--query 'data[]."id"'
```

The command output should return the requested volume IDs:

[
	"ocid1.volume.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
	"ocid1.volume.oc1.ap-sydney-1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234"
]

Run bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment command (Windows/macOS/Linux) with the ID of the OCI Block Volume that you want to examine as the identifier parameter and custom output filters to identify the backup policy configured for the selected volume:
```
oci bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment
	--asset-id 'ocid1.volume.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--query 'data[]."policy-id"'
```
The command output should return the ID of the backup policy assigned to the selected volume. If the bv volume-backup-policy-assignment get-volume-backup-policy-asset-assignment command does not return an output, there is no backup policy assigned to your resource, therefore, scheduled backups are not enabled for the selected OCI Block Volume.

Remediation / Resolution

To ensure that scheduled backups are enabled for your Oracle Cloud Infrastructure (OCI) Block Volumes, perform the following operations:

Using OCI Console

Sign in to your Oracle Cloud Infrastructure (OCI) account.
Navigate to Block Storage console available at https://cloud.oracle.com/block-storage/.
In the left navigation panel, choose Block Volumes, and select an OCI compartment from the Compartment dropdown menu, next to Applied filters, to list the Block Volumes provisioned in that compartment.
Click on the name (link) of the Block Volume that you want to configure, listed in the Name column.
Choose Edit from the page top menu to update the performance configuration for the selected volume.
In the Backup Policies section, choose the appropriate OCI compartment, select the desired backup policy (Bronze, Silver, or Gold), then choose Update to apply the configuration changes. Bronze provides monthly (1st midnight, retain 12 months) and yearly (early January, retain 5 years) incremental backups, Silver adds weekly (Sunday midnight, retain 4 weeks) incremental backups to the Bronze schedule, and Gold includes daily (midnight, retain 7 days) incremental backups on top of the Silver schedule.

Using OCI CLI

Run bv volume-backup-policy list command (Windows/macOS/Linux) with output query filters to list all the predefined backup policies available within the current OCI compartment:
```
oci bv volume-backup-policy list
	--query 'data'
```

The command output should return the configuration information available for the predefined volume backup policies. The "bronze" plan provides monthly incremental backups at midnight on the 1st of each month (retained for 12 months) and yearly incremental backups in early January (retained for 5 years). The "silver" plan provides weekly incremental backups at midnight Sunday (retained for 4 weeks), monthly backups at midnight on the 1st (retained for 12 months), and yearly backups in early January (retained for 5 years). And the "gold" plan provides daily incremental backups at midnight (retained for 7 days), weekly backups at midnight Sunday (retained for 4 weeks), monthly backups at midnight on the 1st (retained for 12 months), and yearly backups in early January (retained for 5 years):

[
	{
		"compartment-id": null,
		"defined-tags": {},
		"destination-region": null,
		"display-name": "silver",
		"freeform-tags": {},
		"id": "ocid1.volumebackuppolicy.oc1..aaaaaaaa7hwv7iscewqqcmyqe2zuzfce6setvckhbxduswtxf6ctew7e54ja",
		"schedules": [
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_WEEK",
				"retention-seconds": 2419200,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			},
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_MONTH",
				"retention-seconds": 31557600,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			},
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_YEAR",
				"retention-seconds": 157680000,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			}
		],
		"time-created": "2017-10-01T00:00:00.001000+00:00"
	},
	{
		"compartment-id": null,
		"defined-tags": {},
		"destination-region": null,
		"display-name": "bronze",
		"freeform-tags": {},
		"id": "ocid1.volumebackuppolicy.oc1..aaaaaaaadrzfwjb5tflixtmy5axp2kx65uqakgnupfogabzjhtn5x5dfra6q",
		"schedules": [
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_MONTH",
				"retention-seconds": 31557600,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			},
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_YEAR",
				"retention-seconds": 157680000,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			}
		],
		"time-created": "2017-10-01T00:00:00+00:00"
	},
	{
		"compartment-id": null,
		"defined-tags": {},
		"destination-region": null,
		"display-name": "gold",
		"freeform-tags": {},
		"id": "ocid1.volumebackuppolicy.oc1..aaaaaaaagcremuefit7dpcnjpdrtphjk4bwm3emm55t6cghctt2m6iyyjdva",
		"schedules": [
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_DAY",
				"retention-seconds": 604800,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			},
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_WEEK",
				"retention-seconds": 2419200,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			},
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_MONTH",
				"retention-seconds": 31557600,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			},
			{
				"backup-type": "INCREMENTAL",
				"day-of-month": null,
				"day-of-week": null,
				"hour-of-day": null,
				"month": null,
				"offset-seconds": 0,
				"offset-type": null,
				"period": "ONE_YEAR",
				"retention-seconds": 157680000,
				"time-zone": "REGIONAL_DATA_CENTER_TIME"
			}
		],
		"time-created": "2017-10-01T00:00:00.002000+00:00"
	}
]

Run bv volume-backup-policy-assignment create command (Windows/macOS/Linux) with the ID of the OCI Block Volume that you want to configure as the identifier parameter, to assign a backup policy to the specified volume in order to enable schedule backups. For --policy-id specify the ID of the predefined backup policy that you want to assign to your volume, returned in the previous step:
```
oci bv volume-backup-policy-assignment create
	--asset-id 'ocid1.volume.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd'
	--policy-id ocid1.volumebackuppolicy.oc1..aaaaaaaadrzfwjb5tflixtmy5axp2kx65uqakgnupfogabzjhtn5x5dfra6q
```

The command output should return the volume backup policy assignment information:

{
	"data": {
		"asset-id": "ocid1.volume.oc1.ap-sydney-1.aaaabbbbccccddddabcd1234abcd1234abcd1234abcd1234abcd1234abcd",
		"id": "ocid1.volumebackuppolicyassign.oc1.ap-sydney-1.aaaabbbbccccddddabcdabcd1234abcd1234abcd1234abcd1234abcd1234",
		"policy-id": "ocid1.volumebackuppolicy.oc1..aaaaaaaadrzfwjb5tflixtmy5axp2kx65uqakgnupfogabzjhtn5x5dfra6q",
		"time-created": "2025-10-19T15:52:42.851000+00:00",
		"xrc-kms-key-id": null
	},
	"etag": "1234abcd1234abcd1234abcd1234abcd1234"
}

References

Oracle Cloud Infrastructure Documentation
Overview of Block Volume
Policy-Based Backups (Backup Policies)

Oracle Cloud Infrastructure CLI Documentation
compartment list
volume list
volume-backup-policy list
get-volume-backup-policy-asset-assignment
create

Publication date Nov 10, 2025

Audit

Using OCI Console

Using OCI CLI

Remediation / Resolution

Using OCI Console

Using OCI CLI

References

Related OCI-BlockVolume rules