Step 3. Specify Data Protection Scope
At the Sources step of the wizard, define the scope of resources that will be available for data protection:
- Select the Account option if you want to back up FSx file systems belonging to an AWS account. Then, specify an IAM role whose permissions will be used to access AWS services and resources, and to perform the backup operation. The role you specify must belong to an AWS account in which the resources that you want to protect reside, and must be assigned the permissions listed in section FSx Backup IAM Role Permissions.
For an IAM role to be displayed in the list of available roles, it must be added to Veeam Backup for AWS with the Amazon FSx Backup operation selected for the role as described in section Adding IAM Roles. If you have not added the necessary IAM role to Veeam Backup for AWS beforehand, you can do it without closing the Add FSx Policy wizard. To do that, click Add and complete the Add IAM Role wizard.
- Select the Organization option if you want to back up FSx file systems within an AWS Organization. Then, use the Organization drop-down list to specify the source organization identity — select an entire organization or a scope of organizational units whose resources Veeam Backup for AWS will back up. For an AWS Organization or a scope of organizational units to be displayed in the list of available identities, it must be added to Veeam Backup for AWS as described in section Adding AWS Organizations.
Important |
If you select the Account option, it is recommended that you check whether the selected IAM role has all the permissions required to perform the operation. If some permissions of the IAM role are missing, the backup policy will fail to complete successfully. To run the IAM role permission check, click Check Permissions and follow the instructions provided in section Checking IAM Role Permissions. |
Excluding Items from Data Protection Scope
If you select the Organization option, you can exclude specific organizational units and AWS accounts from the data protection scope. To do that, click Choose AWS identities to exclude in the Exclusions section and do the following in Specify organization identities to exclude window:
- Use the Type drop-down list to choose whether you want to exclude organizational units or accounts from the data protection scope.
- Use the Name or ID drop-down list to find the necessary organizational unit or account, and then click Exclude to exclude it from the data protection scope.
For an organizational unit or account to be displayed in the list of available items, it must be part of the source organization identity, and must be included in the scope of organizational units added to Veeam Backup for AWS, as described in section Adding AWS Organizations (step 4).
- To save changes made to the backup policy settings, click Apply.
Tip |
You can simultaneously exclude multiple items from the data protection scope. To do that, click Browse to select specific AWS identities from the global list, select check boxes next to the necessary organizational units or AWS accounts in the list of available items, and then click Exclude. If the list does not show the items that you want to exclude, click Rescan to launch the data collection process. As soon as the process is over, Veeam Backup for AWS will update the item list. |
Related Topics
