Step 3.1 Specify IAM Role for Backup
In the IAM Role section of the Sources step of the wizard, you must specify an IAM role. Veeam Backup for AWS will use permissions of the specified IAM role to access AWS services and resources, and create cloud-native snapshots of EC2 instances. If you specify an IAM role created in another AWS account, the backup policy will process EC2 instances on which the specified IAM role has permissions in that AWS account.
If you have not added the necessary IAM role to Veeam Backup for AWS beforehand, you can do it without closing the Add Policy wizard. To add the IAM role, click Add and follow the steps described in Adding IAM Roles.
Checking IAM Role Permissions
It is recommended that you check whether the selected IAM role has all the required permissions to perform backup. If IAM role permissions are insufficient, the backup policy will fail.
To run the IAM role permissions check, click Check permissions. In the Permissions check window, Veeam Backup for AWS will display the progress and results of the performed check. If IAM role permissions are insufficient, Veeam Backup for AWS will complete the check with the Failed status. You can view the list of permissions that must be granted to the IAM role in the Missing Permissions column.
You can grant the missing permissions to the IAM role in the AWS Management Console manually. Alternatively, you can instruct Veeam Backup for AWS to do it for you.
- In the Permissions check window, click Grant.
- In the Grant permissions window, provide one-time access keys of an IAM user that is authorized to update permissions list of the IAM role, and then click Apply.
Note that Veeam Backup for AWS does not store one-time access keys in the configuration database.
- To make sure that the missing permissions were successfully granted, click Recheck.