Step 3. Specify IAM Identity
At the Account step of the wizard, do the following:
- If you have selected the Automatic option at the Configuration Mode step of the wizard, specify one-time access keys that will be used to create IAM roles required to perform Veeam Backup for AWS operations. For more information on created IAM roles, see Required IAM Permissions.
- If you have selected the Manual option at the Configuration Mode step of the wizard, specify an IAM role that will be added to the Veeam Backup for AWS infrastructure and used to perform operations.
Use the Access key and Secret key fields to specify the access key ID and the secret access key of an IAM user that is authorized to create IAM roles. To learn what permissions must have the IAM user, see Required IAM Permissions.
Veeam Backup for AWS does not store one-time access keys in the configuration database.
To specify the Default Backup Restore IAM role, enter the IAM role name specified in AWS when creating the role. The IAM role must be created beforehand as described in Required IAM Permissions.
If there is a path identifying the IAM role, you must specify the role name in the PATH/NAME format (for example, dept_1/s3_role). To learn how to add identifiers to IAM roles, see AWS Documentation.
You can check whether the specified IAM role has permissions required to perform all Veeam Backup for AWS operations. To run the IAM role permission check, click Check Permissions. Veeam Backup for AWS will display the warning if the IAM role permissions are insufficient. To learn how to grant permissions to an IAM role using the IAM Management Console, see AWS Documentation.
If the permission check fails, you can still proceed with the initial configuration. You will be able to grant permissions to this IAM role and add other IAM roles to perform different backup and restore operations within the initial or in another AWS account after Veeam Backup for AWS installation. For more information, see Managing Permissions.