Veeam Backup for AWS 9
User Guide
Archive
Version 8.0 Version 7.0
Related documents
Search

Step 2. Specify IAM Role Name and Template Format

At the IAM Role Settings step of the wizard, choose IAM roles that will be created based on the template. To do that, select check boxes next to the necessary roles and enter names that will be assigned to these roles in AWS.

Veeam Backup for AWS allows you to create the following roles:

  • Organization rescan IAM role — permissions of this role will be used to collect information on the AWS Organization you want to add to Veeam Backup for AWS.

If you select the Organization rescan IAM role name check box, you must create the role in the AWS account that is used to manage the AWS Organization. Keep in mind that all the required permissions will be automatically assigned to the role after you create it in AWS.

  • Backup and restore IAM role — permissions of this role will be used to access AWS services and resources within the AWS Organization, and to perform backup and restore operations with resources of the organization.

If you select the Backup and restore IAM role name check box, you must create the role in each AWS account within the AWS Organization. Keep in mind that you will have to choose whether you want to specify granular permissions for the role at step 3 of the wizard.

  • Production worker IAM role — permissions of this role will be used to communicate with worker instances deployed in production accounts to index EFS file systems, and to perform operations with EC2 and RDS resources of the organization.

If you select the Production worker IAM role name check box, you must create the role in each AWS account within the AWS Organization. Keep in mind that all the required permissions will be automatically assigned to the role after you create it in AWS.

Note

If you do not select the Production worker IAM role name check box, Veeam Backup for AWS will use permissions of the Backup and restore IAM role both to deploy worker instances in production accounts and to communicate with these instances.

Veeam Backup for AWS also allows you to choose whether you want the template to be exported to a CloudFormation template or a JSON policy document:

  • Select the CloudFormation option to export the created template to a .CFORM file. You can further upload the file to the CloudFormation service and use it to create the necessary IAM roles automatically, as described in AWS Documentation.
  • Select the JSON option to export the created template to a .JSON file. You can further use the file to create IAM policies in the IAM console and attach the policies to the necessary IAM roles manually, as described in Appendix A. Creating IAM Roles in AWS and Appendix B. Creating IAM Policies in AWS.

Creating IAM Role Template

Page updated 3/21/2025

Page content applies to build 9.0.0.304

View all results across Veeam
Back to document search