Veeam Backup for AWS 4.0 [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

Repository IAM Role Permissions

To allow Veeam Backup for AWS to create a backup repository in an Amazon S3 bucket and to access the repository when performing backup and restore operations, the Repository IAM role specified in the repository settings must have the following permissions:

{

   "Version": "2012-10-17",

   "Statement": [

       {

           "Effect": "Allow",

           "Action": [

               "s3:PutObject",

               "s3:GetObject",

               "s3:DeleteObject",

               "s3:RestoreObject"

           ],

           "Resource": "arn:aws:s3:::<yourbucketname>/*"

       },

       {

           "Effect": "Allow",

           "Action": [

               "s3:ListBucket",

               "s3:GetBucketLocation"

           ],

           "Resource": "arn:aws:s3:::<yourbucketname>"

       },

       {

           "Effect": "Allow",

           "Action": [

               "s3:ListAllMyBuckets",

               "ec2:DescribeRegions"

           ],

           "Resource": "*"

       }

   ]

}

To encrypt data stored in a backup repository using an AWS KMS key, the IAM role used to create the backup repository must be assigned the following permissions:

{

           "Effect": "Allow",

           "Action": [

               "kms:Decrypt",

               "kms:DescribeKey",

               "kms:Encrypt",

               "kms:ListAliases",

               "kms:ListKeys"

           ],

           "Resource": "*"

}

View all results across Veeam
Back to document search