Step 4. Specify IAM Identity

In this article

    At the Restore Mode step of the wizard, you can specify whether you want to use an already existing IAM role or a one-time access key. The specified IAM identity defines the AWS account that will be used to restore Amazon EFS file systems.

    • To restore EFS file systems using an IAM role, do the following:
    1. At the Restore Mode step, click the Pick account to use link.
    2. In the Account window, select IAM role.
    3. From the IAM role drop-down list, select the role that you want to use during restore.

    For an IAM role to be displayed in the list of available roles, it must be created in advance on the appliance. For more information on IAM roles, see the IAM Roles section in the Veeam Backup for AWS User Guide.

    • To restore EFS file systems using a one-time access key of an IAM user, do the following:
    1. At the Restore Mode step, click the Pick account to use link.
    2. In the Account window, select Temporary access key.
    3. In the Access key field, specify an access key ID of the IAM user that you want to use during restore.

    To be able to use an access key, you must create an IAM user access key (access key ID and access secret key) in advance as described in the AWS documentation.

    1. In the Secret key field, specify a secret access key of the IAM user.

    Note that neither Veeam Backup & Replication nor Veeam Backup for AWS store one-time access keys in the configuration databases.

    Important

    Mind the following:

    • The IAM role or IAM user that you plan to use when restoring EC2 instances must have permissions described in this Veeam KB article.
    • Cross-account restore is not supported. Make sure, that the specified IAM role or one-time access keys belong to an AWS account where the source file system resides.

    Step 4. Specify IAM Identity