Checking IAM Role Permissions
You can check whether permissions of an IAM role are sufficient to perform a data protection or disaster recovery operation for which the IAM role is specified.
It is recommended that you run the IAM role permissions check before you perform the operation to avoid the operation failure. For example, after you specify an IAM role in worker instance settings, you can check whether permissions of this IAM are sufficient to launch worker instances. After that, you can proceed with configuring network settings for AWS regions in which worker instances will be launched. You can also run the permissions check if you made changes in your AWS account and want to ensure that permissions granted to the IAM role remain sufficient.
To run the permissions check for an IAM role:
- At the top right corner of the Veeam Backup for AWS window, click Configuration.
- In the configuration menu on the left, click Accounts.
- On the IAM Roles tab, select the necessary IAM role and click Check AWS permissions.
You can use the search field to find the necessary IAM role by name.
Veeam Backup for AWS will display the AWS Permissions Check for IAM Role window where you can view the progress and results of the performed check. If IAM role permissions are insufficient, Veeam Backup for AWS will complete the check with the Failed status. You can view the list of permissions that must be granted to the IAM role in the Missing Permissions column.
You can grant the missing permissions to the IAM role in the IAM Management Console manually, or instruct Veeam Backup for AWS to do it for you.
To let Veeam Backup for AWS grant the missing permissions:
- In the AWS Permissions Check for IAM Role window, click Grant.
- In the Grant permissions window, provide one-time access keys of an IAM user that is authorized to update permissions of the IAM role, and then click Apply.
Note that Veeam Backup for AWS does not store one-time access keys in the configuration database.
- To make sure that the missing permissions were successfully granted, click Recheck.