Step 10. Finish Working with Wizard

At the Summary step of the wizard, it is recommended that you run the backup policy configuration check before you click Finish.

The configuration check will verify whether specified IAM roles have all the required permissions, and networks settings are configured properly to launch worker instances. To run the check, click Test Configuration. Veeam Backup for AWS will display the Test policy configuration window where you can track the progress and view the results of the check. If the IAM role permissions are insufficient or policy settings are not configured properly, the check will complete with errors, and the list of permissions that must be granted to the IAM role and policy configuration issues will be displayed in the Test policy configuration window.

You can grant the missing permissions to the IAM role using the AWS Management Console or instruct Veeam Backup for AWS to do it.

To let Veeam Backup for AWS grant the missing permissions:

  1. In the Test policy configuration window, click the Grant link.
  2. In the Grant Permissions window, provide one-time access keys of an IAM user that is authorized to update permissions of IAM roles, and then click Apply.

The IAM user must have the following permissions:

"iam:AttachRolePolicy",

"iam:CreatePolicy",

"iam:CreatePolicyVersion",

"iam:CreateRole",

"iam:GetAccountSummary",

"iam:GetPolicy",

"iam:GetPolicyVersion",

"iam:GetRole",

"iam:ListAttachedRolePolicies",

"iam:ListPolicyVersions",

"iam:SimulatePrincipalPolicy",

"iam:UpdateAssumeRolePolicy"

Note

Veeam Backup for AWS does not store one-time access keys in the configuration database.

  1. After the required permissions are granted, close the Test policy configuration window, and then click Finish to close the Add Policy wizard.

Veeam Backup for AWS will save the configured backup policy.

Creating EC2 Backup Policy

Fixing Network Issues

If the backup policy check reveals that network settings are not configured properly, Veeam Backup for AWS will not be able to launch worker instances and thus perform image-level backup.

To fix network issues:

  1. Close the Test policy configuration window, and then click Finish to close the Add Policy wizard.

Veeam Backup for AWS will save the configured backup policy.

  1. To prevent the backup policy from failing, disable it. For details, see Disabling and Enabling Backup Policies.
  2. Depending on the error message received after the backup policy check, do the following:
  • Make sure that network settings are configured for each AWS Region selected at step 3.2 of the wizard. For information on how to configure network settings for AWS Regions, see Managing Worker Configurations.
  • Make sure that VPCs specified in network settings for AWS Regions have access to the required AWS services. The required AWS services are listed in the System Requirements section.
  1. After network issues are fixed, you can enable the backup policy. For details, see Disabling and Enabling Backup Policies.