This is an archive version of the document. To get the most up-to-date information, see the current version.

Modify IAM Role

You can update an IAM role with the specified ID in the Veeam Backup for AWS configuration database.

Request

To change data for a specific IAM role, send the HTTP PUT request to the /accounts/amazon/{amazonAccountId} endpoint. {amazonAccountId} is a system ID assigned to the IAM role in the Veeam Backup for AWS REST API.

HTTP Request

PUT https://<hostname>:<port>/api/v1/accounts/amazon/{amazonAccountId}

Request Headers

The request contains the following headers.

Header	Required/Optional	Value	Description
Authorization	Required	Bearer <Access-Token>	Authenticates a client who sends the request to the server. Must contain the access token for the current logon session in the Bearer <Access-Token> format.
x-api-version	Required	1.0-rev0	Specifies the current revision of the Veeam Backup for AWS REST API.
Content-Type	Required	application/json	Identifies a media type that is used in the body of the request.
Accept	Optional	application/json application/problem+json	Specifies a media type of representation that is required in the response message. If the requested type is not supported, the server will return the response in the application/json media type.

Request Body

To specify data to be changed for the IAM role, send the following parameters in the request body.

Parameter	Required/Optional	Type	Description
name	Required	string	Specifies an IAM role name in Veeam Backup for AWS.
description	Optional	string	Specifies a n IAM role description. Note: If you do not send the description parameter in the request body, the value is set to null by default.
accessKeys	Optional	AmazonAccountAccessKeyUpdateSpec	[Applies only if the role was added using the Create a new IAM Role mode] Specifies new parameters for the IAM role.
IAMRole	Optional	AmazonAccountIAMRoleUpdateSpec	[Applies only if the role was added using the IAM Role from current account mode] Specifies new parameters for the IAM role.
IAMRoleFromAnotherAccount	Optional	AmazonAccountIAMRoleFromAnotherAccountUpdateSpec	[Applies only if the role was added using the IAM Role from another account mode] Specifies new parameters for the IAM role.

Note

Before you update an IAM role, you can check whether a name you plan to specify as an IAM role name in Veeam Backup for AWS is unique. For more information, see Validate IAM Role Name.

Modify IAM Role AmazonAccountAccessKeyUpdateSpec

Parameter	Type	Description
accessKey	string	Specifies an access key generated by AWS for an AWS account.
secretKey	string	Specifies a secret key generated by AWS for the AWS account.
DefaultRegionType	string	Specifies the default region type of the AWS account (Global, Emulator, Government, China).

Modify IAM Role AmazonAccountIAMRoleUpdateSpec

Parameter	Type	Description
roleName	string	Specifies the IAM role name in AWS.

Modify IAM Role AmazonAccountIAMRoleFromAnotherAccountUpdateSpec

Parameter	Type	Description
accountId	string	AWS ID of a trusting AWS account.
roleName	string	Specifies the cross-account IAM role name in AWS.
externalId	string	Specifies an external ID of the cross-account IAM role (a property in the trust policy of the cross-account IAM role used for enhanced security).

Set the parameter values in the following format:

{

"name": "string",

"description": "string",

"accessKeys": {

"accessKey": "string",

"secretKey": "string",

"defaultRegionType": "Global"

"IAMRole": {

"roleName": "string"

"IAMRoleFromAnotherAccount": {

"accountId": "string",

"roleName": "string",

"externalId": "string"

}

Response

The server returns the following response to the client.

Response Code

A successfully completed operation returns a response code 200 (OK).

Response Headers

The response to this request contains the following headers. The response may also include additional standard HTTP headers.

Header	Value	Description
Content-Length	integer	Identifies the length of the response body message, in bytes.
Content-Type	application/json application/problem+json	Identifies the media type of the response body message.

Response Body

In the response body, Veeam Backup for AWS returns an updated representation of the IAM role. The AmazonAccount schema is used for the resource representation.

Modify IAM Role Example

The following request modifies the name and description of an IAM role with the ID aa8bb04c-1e70-4ddf-9e35-7149e4920d1e.

Request:

PUT https://135.169.170.192:11005/api/v1/accounts/amazon/aa8bb04c-1e70-4ddf-9e35-7149e4920d1e

Request Header:

Authorization: Bearer <Access-Token>

x-api-version: 1.0-rev0

Content-Type: application/json

Request Body:

{

"name": "Backup01 Role",

"description": "Dept-01 instance backup",

"IAMRole": {

"parentCloudAccountId": "e104ee10-5eec-4896-9324-e9e8210d9e61",

"roleName": "dept-01-ec2",

"isDefault": false

}

Response:

200

Response Body:

{

"regionType": "Global",

"id": "aa8bb04c-1e70-4ddf-9e35-7149e4920d1e",

"name": "Backup01 Role",

"description": "Dept-01 instance backup",

"awsid": "547096128372",

"IAMRole": {

"parentAmazonAccountId": "e104ee10-5eec-4896-9324-e9e8210d9e61",

"roleName": "dept-01-ec2",

"isDefault": false

"_links": [

{

"method": "GET",

"rel": "self",

"href": "https://135.169.170.192:11005/api/v1/accounts/amazon/aa8bb04c-1e70-4ddf-9e35-7149e4920d1e"

{

"method": "PUT",

"rel": "update",

"href": "https://135.169.170.192:11005/api/v1/accounts/amazon/aa8bb04c-1e70-4ddf-9e35-7149e4920d1e"

{

"method": "DELETE",

"rel": "delete",

"href": "https://135.169.170.192:11005/api/v1/accounts/amazon/aa8bb04c-1e70-4ddf-9e35-7149e4920d1e"

}

]

}