You back up your Droplet every day. The backup runs, the green tick appears, and you move on. Then one morning a region goes down, and you discover that the backup lives in the same region as the Droplet it protects.
That's the moment cross-region backup stops being a theory.
This article explains why region placement matters for backup safety and compliance, what DigitalOcean offers natively for moving backups across regions, and the practical steps for replicating Droplet snapshots, database dumps, and Spaces objects to a different region or a different provider entirely.
Why region matters for backup
A backup stored in the same region as the source shares the same failure domain. A power event, a network partition, a fire suppression accident, or a misconfigured routing update can take both the live resource and its backup offline at the same time.
That's not a theoretical edge case. Cloud providers have documented regional outages that lasted minutes to hours. If your backup is in the same datacenter cluster as your running workload, a single event can kill both.
There's a second reason that matters beyond outages: compliance. SOC 2 Type II, ISO 27001, and GDPR all have provisions around data availability and resilience. Auditors want to see that your backup strategy survives a datacenter-level failure. A backup that lives one rack away from the source doesn't satisfy that requirement. For full compliance requirements around data residency and storage location, see the DigitalOcean GDPR compliance guide.
Why trust this article
We back up DigitalOcean every day. The failure mode we see most often isn't a corrupt snapshot. It's a backup that was stored too close to the thing it was protecting.
For a full treatment of compliance implications, see the upcoming article on DigitalOcean off-site backup and compliance.
What DigitalOcean offers for cross-region (not much)
Before scripting anything, it's worth understanding what DigitalOcean actually provides here, because it's limited.
The table below covers the full picture. Check it against your own infrastructure before deciding which approach applies to you.
| Resource | Native cross-region option | Notes |
|---|---|---|
| Droplet snapshots | Yes, via snapshot transfer | Region-to-region within DO only. Manual or via API/doctl. |
| Droplet backups | No | Cannot be transferred or downloaded. |
| Volume snapshots | No | Tied to the originating region. Cannot be transferred. |
| Managed Database backups | No | Cannot be downloaded or replicated to another region. |
| Spaces | No native replication | Versioning is available but there is no built-in geo-replication. |
The short version: Droplet snapshots are the only DigitalOcean-native resource you can move cross-region, and even then only within DigitalOcean. Everything else requires an external tool or a custom workflow.
For a fuller explanation of what native backup does and doesn't cover, see the upcoming overview of what DigitalOcean's native backup doesn't cover.
Replicating Droplet snapshots across regions
DigitalOcean lets you transfer a snapshot from one region to another using either the control panel or the doctl CLI.
Using doctl
First, find the snapshot ID you want to transfer:
doctl compute snapshot list --resource-type droplet
Then initiate the transfer to your target region:
doctl compute snapshot transfer SNAPSHOT_ID
--region nyc3
Replace SNAPSHOT_ID with the ID from the list output and nyc3 with the target region slug. Valid region slugs include nyc1, nyc3, ams3, sfo3, sgp1, lon1, fra1, tor1, blr1, syd1.
The operation is asynchronous. You can poll its status with:
doctl compute action list --resource-type droplet
For full CLI reference, see the DigitalOcean snapshot documentation.
Snapshot transfer is region-to-region only within DigitalOcean, not to an external provider. If you need the snapshot off-platform entirely, you need a different approach: boot a Droplet from the snapshot, dump what you need from it, and transfer that dump to your external storage.
What this doesn't solve
Snapshot transfer copies your snapshot to another DO region. That's useful for regional outage protection. It doesn't help if the issue is account-level: a compromised account, a billing suspension, or a legal hold. Both the source and the transferred copy live inside the same DigitalOcean account.
Cross-region within one account protects against one class of failure. It doesn't protect against all of them. We'll come back to this in the "Going fully off-platform" section.
Replicating database dumps cross-region
Managed Database backups can't be transferred or downloaded. If you want a copy of your database data in another region or on another provider, you need to generate the dump yourself.
The manual path
Connect to your Managed Database and run a standard dump:
# PostgreSQL
pg_dump
--host=<your-db-host>.db.ondigitalocean.com
--port=25060
--username=doadmin
--format=custom
--file=db-dump-$(date +%F).dump
defaultdb
# MySQL
mysqldump
--host=<your-db-host>.db.ondigitalocean.com
--port=25060
--user=doadmin
--password
--single-transaction
--routines
--triggers
defaultdb > db-dump-$(date +%F).sql
Once you have the dump file, upload it to object storage in a different region or on a different provider. The S3 CLI, rclone, and similar tools all work here.
The same pattern applies to backing up DigitalOcean Managed Databases regardless of where you send the output.
Automating it
Running this manually once is fine for a migration. Running it on a schedule, monitoring for failures, and verifying the output is where the overhead adds up fast. A cron job that silently fails at 3am is worse than no cron job, because it gives you false confidence.
If you want the hands-off version, SimpleBackups handles DigitalOcean Managed Database dumps sent to your chosen off-site storage, with alerts when a run fails. We cover that in the "What to do next" section below.
Replicating Spaces to another region
Spaces has no native replication. There is no built-in way to sync a bucket in nyc3 to a bucket in ams3 inside the DigitalOcean control panel.
The practical solution is rclone. It treats any two S3-compatible storage endpoints as source and destination, so you can sync Spaces-to-Spaces across regions, or Spaces to AWS S3, Backblaze B2, Wasabi, or any S3-compatible target.
Setting up rclone for Spaces
First, configure two rclone remotes: one for your source Spaces bucket and one for your destination. Both use the S3 provider type with DigitalOcean's endpoint format:
# Source: Spaces in nyc3
rclone config create spaces-nyc3 s3
provider DigitalOcean
access_key_id YOUR_SPACES_KEY
secret_access_key YOUR_SPACES_SECRET
endpoint nyc3.digitaloceanspaces.com
acl private
# Destination: Spaces in ams3
rclone config create spaces-ams3 s3
provider DigitalOcean
access_key_id YOUR_SPACES_KEY
secret_access_key YOUR_SPACES_SECRET
endpoint ams3.digitaloceanspaces.com
acl private
Then run the sync:
rclone sync spaces-nyc3:my-source-bucket spaces-ams3:my-dest-bucket
--progress
--transfers 8
rclone sync copies everything from the source that doesn't already exist at the destination, and removes anything at the destination that no longer exists at the source. Use rclone copy if you want a one-way additive mirror without deletes.
For a full walkthrough of backing up Spaces objects specifically, see the upcoming guide on backing up DigitalOcean Spaces.
Going fully off-platform
Cross-region within DigitalOcean is better than same-region. But it's still same-account. Account-level incidents affect both regions simultaneously.
Consider what happens when:
- Your account is compromised and an attacker deletes resources and backups.
- DigitalOcean suspends your account for a billing dispute.
- A compliance audit requires you to demonstrate that your backup is independent of the primary provider.
In all three cases, having a copy in ams3 when your primary is in nyc3 doesn't help. The copy is just as gone as the original.
Off-platform means a different account on a different provider: AWS S3, Backblaze B2, Wasabi, or any S3-compatible storage outside DigitalOcean.
The rclone command from the Spaces section works exactly the same way for an off-platform destination. You configure one remote as your DigitalOcean source and one as your external destination:
# Sync Spaces to Backblaze B2
rclone sync spaces-nyc3:my-source-bucket b2:my-backup-bucket
--progress
--transfers 8
The same pattern applies to any S3-compatible external storage. You swap the destination remote and the bucket name. The command structure doesn't change.
For the full compliance argument and a guide to building a defensible off-site backup posture, see the upcoming article on DigitalOcean off-site backup and compliance. See also our guide to storage replication with SimpleBackups for the managed version of this workflow.
Same-host risk
Cross-region protects against regional outages. But if both regions are in the same DO account, account-level incidents still take everything. Off-platform is the only complete answer.
What to do next
If you're running critical workloads on DigitalOcean, the minimum viable cross-region setup is:
- Enable Droplet snapshots and transfer them to a second region on a schedule via
doctlor the API. - Script a database dump and ship it to an external S3-compatible bucket.
- Use
rcloneto mirror your Spaces buckets to an external provider or a second region.
Steps 1 and 3 can be automated with cron. Step 2 needs a dump tool that understands your database engine.
If scripting and scheduling all this yourself sounds like a second job, SimpleBackups handles DigitalOcean Droplet, Managed Database, and Spaces backups off-site, with alerts when a run fails. See how it works.
Keep learning
- How to create a storage replication with SimpleBackups
- DigitalOcean backups explained
- Backing up DigitalOcean Droplets
- Backing up DigitalOcean Spaces
- What DigitalOcean's native backup doesn't cover
FAQ
Can I move a DigitalOcean backup to another region?
You can transfer Droplet snapshots to another region using doctl compute snapshot transfer or the DigitalOcean control panel. However, Droplet backups, Volume snapshots, and Managed Database backups cannot be transferred or downloaded. They are locked inside the originating region.
Does DigitalOcean support cross-region replication natively?
Only for Droplet snapshots, and only within DigitalOcean. There is no built-in geo-replication for Spaces, Volume snapshots, or Managed Database backups. If you need cross-region or off-platform copies of those resources, you need an external tool such as rclone or a managed backup service.
How long does a snapshot transfer take between regions?
Transfer time depends on snapshot size and network conditions between regions. A small snapshot (under 5 GB) typically completes in a few minutes. Larger snapshots can take 30 minutes or more. The operation is asynchronous: doctl submits the request and returns immediately. You check status by polling the actions endpoint.
Can I replicate a Managed Database to another region?
Not natively. DigitalOcean does not let you download or transfer native Managed Database backups. To replicate your database data to another region or provider, you need to generate a dump using pg_dump, mysqldump, or the equivalent tool for your engine, then push that dump to your target storage.
Is cross-region backup required for compliance?
SOC 2 Type II, ISO 27001, and GDPR all have provisions that require backup strategies to survive datacenter-level failures. An auditor reviewing a backup that lives in the same region as the source will typically flag it. Cross-region backup satisfies the geographic separation requirement, but only off-platform backup fully addresses account-level risks like account compromise or provider suspension.
This article is part of The complete guide to DigitalOcean backup, an honest, practical reference from the team that backs up DigitalOcean every day.