Help Center
Choose product document...
Veeam Backup & Replication 9.5 Update 4
User Guide for Microsoft Hyper-V

AWS Account Permissions

To restore to Amazon EC2, it is recommended that the account used to connect to AWS has administrative permissions — access to all AWS actions and resources.

If you do not want to provide full access to AWS, you can grant to the account a minimal set of permissions. This set of permissions will be sufficient for restore. To grant minimal permissions, create the following policy in the JSON format and attach it to the AWS user:

{

 "Version": "2012-10-17",

 "Statement": [{

  "Action": [

   "ec2:DescribeInstances",

   "ec2:RunInstances",

   "ec2:TerminateInstances",

   "ec2:StartInstances",

   "ec2:StopInstances",

   "ec2:ModifyInstanceAttribute",

   "ec2:DescribeImages",

   "ec2:ImportImage",

   "ec2:DeregisterImage",

   "ec2:DescribeVolumes",

   "ec2:CreateVolume",

   "ec2:ModifyVolume",

   "ec2:ImportVolume",

   "ec2:DeleteVolume",

   "ec2:AttachVolume",

   "ec2:DetachVolume",

   "ec2:CreateSnapshot",

   "ec2:DescribeSnapshots",

   "ec2:DeleteSnapshot",

   "ec2:DescribeSubnets",

   "ec2:DescribeNetworkInterfaces",

   "ec2:DescribeSecurityGroups",

   "ec2:DescribeKeyPairs",

   "ec2:CreateKeyPair",

   "ec2:DeleteKeyPair",

   "ec2:DescribeAvailabilityZones",

   "ec2:DescribeVpcs",

   "ec2:DescribeConversionTasks",

   "ec2:DescribeImportImageTasks",

   "ec2:DescribeVolumesModifications",

   "ec2:CancelImportTask",

   "ec2:CancelConversionTask",

   "ec2:CreateTags",

   "ec2:DescribeAccountAttributes",

   "ec2:DescribeDhcpOptions",

   "ec2:DescribeVpcAttribute",

   "iam:GetRole",

   "iam:CreateRole",

   "iam:PutRolePolicy",

   "iam:DeleteRolePolicy",

   "s3:CreateBucket",

   "s3:ListBucket",

   "s3:ListAllMyBuckets",

   "s3:DeleteBucket",

   "s3:PutObject",

   "s3:DeleteObject",

   "s3:GetBucketLocation",

   "s3:PutLifeCycleConfiguration",

   "s3:GetObject",

   "s3:RestoreObject",

   "s3:AbortMultiPartUpload",

   "s3:ListBucketMultiPartUploads",

   "s3:ListMultipartUploadParts"

  ],

  "Effect": "Allow",

  "Resource": "*"

 }]

}

For information on how to create and attach a policy to an AWS user, see the Creating IAM Policies and Adding and Removing IAM Identity Permissions sections in the IAM User Guide.

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Agent Management Guide

Veeam Explorers User Guide

Backup and Restore of SQL Server Databases

Veeam Plug-ins for Enterprise Applications

PowerShell Reference

Veeam Explorers PowerShell Reference

RESTful API Reference

Required Permissions

Veeam Availability for Nutanix AHV

Veeam Backup for Microsoft Office 365 Documentation

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation