Veeam Backup for AWS 7.0
User Guide
Related documents
Search

Step 4. Specify IAM Role Permissions

At the Permissions step of the wizard, you can define specific operations that Veeam Backup for AWS will be able to perform using the permissions of the created IAM role. Depending on the option that you have selected at the Type step of the wizard, Veeam Backup for AWS will do either of the following:

  • If you have selected the IAM role from current account or the IAM role from another account option, Veeam Backup for AWS will become able to filter IAM roles and check their permissions in backup and restore settings — but it will not assign any permissions to the role.

In this case, you can grant the permissions to the role manually using the AWS Management Console or instruct Veeam Backup for AWS to do it, as described in section Checking IAM Role Permissions.

  • If you have selected the Create new IAM role option, Veeam Backup for AWS will become able to filter IAM roles and check their permissions in backup and restore settings — and will also assign the specified permissions to the role.
  • If you have selected the Create template option, Veeam Backup for AWS will add the specified permissions to the created CloudFormation template or JSON policy document.

To specify permissions granularly, do the following:

  1. In the Specify IAM role permissions section, set the Specify granular permissions toggle to On.
  2. In the Veeam management roles section, choose actions that will be performed using the IAM role:

Important

For Veeam Backup for AWS to perform the selected actions using the IAM role, it must be assigned the permissions listed in sections Service IAM Role in Backup Account, Service IAM Roles in Production Accounts and Repository IAM Permissions.

  1. In the Workload permissions section, choose resources that will be protected using the IAM role, and operations that will be performed with these resources:

Note that the list of permissions for this role will also contain additional permissions required to deploy worker instances in production accounts during EFS indexing and EC2 backup operations.

  • Replication Veeam Backup for AWS will replicate cloud-native snapshots of EC2 and RDS resources. If you select this operation for an IAM role, you will be able to select it in the EC2 backup and RDS backup settings.
  • SnapshotVeeam Backup for AWS will create cloud-native snapshots of RDS resources. If you select this operation for an IAM role, you will be able to select it in the RDS backup settings.

Note that the list of permissions for this role will also contain additional permissions required to deploy worker instances in production accounts during RDS backup operations.

Note that the list of permissions for this role will also contain additional permissions required to deploy worker instances in production accounts during EC2 and RDS restore operations.

Important

For Veeam Backup for AWS to perform the selected operations using the IAM role, it must be assigned the permissions listed in sections Backup IAM Permissions and Restore IAM Permissions.

Note that if you do not specify any management roles and resource permissions for the IAM role at this step, all the listed actions and resource operations will be selected for the role automatically.

Specify IAM Role Permissions

View all results across Veeam
Back to document search