This is an archive version of the document. To get the most up-to-date information, see the current version.

Add IAM Role

You can add an IAM role to the Veeam Backup for AWS configuration database.

Request

To add an IAM role, send the HTTP POST request to the /accounts/amazon endpoint.

HTTP Request

POST https://<hostname>:<port>/api/v1/accounts/amazon

Request Headers

The request contains the following headers.

Header	Required/Optional	Value	Description
Authorization	Required	Bearer <Access-Token>	Authenticates a client who sends the request to the server. Must contain the access token for the current logon session in the Bearer <Access-Token> format.
x-api-version	Required	1.0-rev0	Specifies the current revision of the Veeam Backup for AWS REST API.
Content-Type	Required	application/json	Identifies a media type that is used in the body of the request.
Accept	Optional	application/json application/problem+json	Specifies a media type of representation that is required in the response message. If the requested type is not supported, the server will return the response in the application/json media type.

Request Body

To add the IAM role, send the following parameters in the request body.

Parameter	Type	Description
name	string	Specifies an IAM role name in Veeam Backup for AWS.
description	string	Specifies a n IAM role description.
accessKeys	AmazonAccountAccessKeyCreateSpec	[Applies only if the role is added using the Create a new IAM Role mode] Specifies parameters for the IAM role.
IAMRole	AmazonAccountIAMRoleCreateSpec	[Applies only if the role is added using the IAM Role from current account mode] Specifies parameters for the IAM role.
IAMRoleFromAnotherAccount	AmazonAccountIAMRoleFromAnotherAccountCreateSpec	[Applies only if the role is added using the IAM Role from another account mode] Specifies parameters for the IAM role.

Note

Before you add an IAM role, you can check whether a name you plan to specify as an IAM role name in Veeam Backup for AWS is unique. For more information, see Validate IAM Role Name.

Add IAM Role AmazonAccountAccessKeyCreateSpec

Parameter	Type	Description
accessKey	string	Specifies an access key generated by AWS for an AWS account.
secretKey	string	Specifies a secret key generated by AWS for the AWS account.
DefaultRegionType	string	Specifies the default region type of the AWS account (Global, Emulator, Government, China).

Add IAM Role AmazonAccountIAMRoleCreateSpec

Parameter	Type	Description
roleName	string	Specifies the IAM role name in AWS.

Add IAM Role AmazonAccountIAMRoleFromAnotherAccountCreateSpec

Parameter	Type	Description
accountId	string	AWS ID of a trusting AWS account.
roleName	string	Specifies the cross-account IAM role name in AWS.
externalId	string	Specifies an external ID of the cross-account IAM role (a property in the trust policy of the cross-account IAM role used for enhanced security).

Set the parameter values in the following format:

{

"name": "string",

"description": "string",

"accessKeys": {

"accessKey": "string",

"secretKey": "string",

"defaultRegionType": "Global"

"IAMRole": {

"roleName": "string"

"IAMRoleFromAnotherAccount": {

"accountId": "string",

"roleName": "string",

"externalId": "string"

}

Response

The server returns the following response to the client.

Response Code

A successfully completed operation returns a response code 201 (Created).

Response Headers

The response to this request contains the following headers. The response may also include additional standard HTTP headers.

Header	Value	Description
Content-Length	integer	Identifies the length of the response body message, in bytes.
Content-Type	application/json application/problem+json	Identifies the media type of the response body message.

Response Body

In the response body, Veeam Backup for AWS returns a representation of the added IAM role. The AmazonAccount schema is used for the resource representation.

Add IAM Role Example

The following request adds an IAM role from another account to the Veeam Backup for AWS configuration database.

Request:

POST https://135.169.170.192:11005/api/v1/accounts/amazon

Request Header:

Authorization: Bearer <Access-Token>

x-api-version: 1.0-rev0

Content-Type: application/json

Request Body:

{

"name": "Backup Policy Role2",

"description": "Role for Dept-01 EC2 instances",

"IAMRoleFromAnotherAccount": {

"accountId": "492706945713",

"roleName": "dept_1/ec2_role",

"externalId": "736587dept198s3"

}

Response:

201

Response Body:

{

"regionType": "Global",

"id": "45c56f0a-6022-40b0-b524-30223b479f62",

"name": "Backup Policy Role2",

"description": "Role for Dept-01 EC2 instances",

"awsid": "492706945713",

"IAMRoleFromAnotherAccount": {

"parentAmazonAccountId": "e104ee10-5eec-4896-9324-e9e8210d9e61",

"accountId": "492706945713",

"roleName": "dept_1/ec2_role"

"_links": [

{

"method": "GET",

"rel": "self",

"href": "https://135.169.170.192:11005/api/v1/accounts/amazon/45c56f0a-6022-40b0-b524-30223b479f62"

{

"method": "PUT",

"rel": "update",

"href": "https://135.169.170.192:11005/api/v1/accounts/amazon/45c56f0a-6022-40b0-b524-30223b479f62"

{

"method": "DELETE",

"rel": "delete",

"href": "https://135.169.170.192:11005/api/v1/accounts/amazon/45c56f0a-6022-40b0-b524-30223b479f62"

}

]

}