Veeam Backup for AWS 6a [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

Specifying Settings for New IAM Role

[This step applies if you have selected the Create new IAM role option]

At the Role Settings step of the wizard, specify the following settings:

  1. In the AWS role name field, specify a name that will be used to create the IAM role in AWS.

Consider the following limitations:

  • The specified name must be unique within one AWS account.
  • The following characters are not supported: \ / " ' [ ] : | < > ; ? * & .
  • The length of the name must not exceed 63 characters.

For more information on IAM role name requirements, see AWS Documentation.

  1. Select check boxes next to permission sets that must be granted to the IAM role:
  • Service role — select this check box to grant permissions sufficient to launch worker instances.
  • Policy role — select this check box to grant permissions sufficient to perform backup.

The IAM role with this permission set will allow you to back up any instance or VPC configuration within the AWS account.

  • Repository role — select this check box to grant permissions sufficient to add Amazon S3 buckets as backup repositories.

The IAM role with this permission set will allow you to add as a backup repository any Amazon S3 bucket within the AWS account.

Tip

If you want the IAM role to have granular permissions, do not select any of the check boxes (for example, if you want the IAM role to have permissions only on specific EC2 instances). In this case, after the IAM role is created, you can grant the necessary permissions to it in the AWS Management Console. To learn how to grant permissions to IAM roles, see Appendix B. Creating IAM Policies in AWS.

  1. Provide one-time access keys of an IAM user that is authorized to create IAM roles in the AWS account.

The specified access keys determine in which AWS account the role will be created. For example, if you specify access keys of an IAM user from the initial AWS account, the IAM role will be created in the initial AWS account and will have permissions on AWS services and resources of the initial account.

The IAM user must have the following permissions:

"iam:AttachRolePolicy",

"iam:CreatePolicy",

"iam:CreatePolicyVersion",

"iam:CreateRole",

"iam:GetAccountSummary",

"iam:GetPolicy",

"iam:GetPolicyVersion",

"iam:GetRole",

"iam:ListAttachedRolePolicies",

"iam:ListPolicyVersions",

"iam:SimulatePrincipalPolicy",

"iam:UpdateAssumeRolePolicy"

 

Note

Veeam Backup for AWS does not store one-time access keys in the configuration database.

New IAM Role

View all results across Veeam
Back to document search