Specifying Settings for Cross-Account IAM Role

[This step applies if you have selected the IAM role from another account option]

At the Role Settings step of the wizard, specify the following settings:

  1. In the Account ID field, specify the 12-digit number (or alias) of the trusting account.

The trusting account is an AWS account that owns AWS services and resources, and shares them with the initial AWS account (trusted account). To learn how to delegate access across AWS accounts, see AWS Documentation.

  1. In the AWS role name field, enter the cross-account IAM role name as specified in AWS.

The cross-account IAM role must be created in the trusting account beforehand, and must allow the trusting account to share AWS services and resources with the trusted account — an AWS account where the backup appliance belongs. To learn how to create cross-account IAM roles, see AWS Documentation.


If there is a path identifying the IAM role, you must specify the role name in the PATH/NAME format (for example, dept_1/s3_role). To learn how to add identifiers to IAM roles, see AWS Documentation.

  1. In the External ID field, specify an external ID — a property in the trust policy of the cross-account IAM role used for enhanced security. For more information, see AWS Documentation.

If you have not specified an external ID when creating the role, you can provide a random value in the External ID field and proceed with the wizard. Veeam Backup for AWS will ignore this property if it is not requested by AWS.

IAM Role Another Account