Step 3. Specify Account Settings

At the Account step of the wizard, choose whether you want to use an IAM role belonging to a single AWS account, an AWS account within an AWS Organization, or one-time access keys of an IAM user to allow Veeam Backup for AWS to perform the restore operation. For information on the permissions that the IAM role or IAM user must have to perform the restore operation, see Redshift Restore IAM Permissions.

By default, Veeam Backup for AWS will do either of the following, depending on the AWS account to which the restored Redshift cluster belongs:

  • If you restore the cluster that belongs to an AWS account within an AWS Organization, Veeam Backup for AWS automatically chooses the AWS account to which the source Redshift cluster belongs and the organization identity that contains the account.
  • If you restore the cluster that belongs to a single AWS account, Veeam Backup for AWS automatically chooses an IAM role from the same AWS account to which the source Redshift cluster belongs.

Specifying IAM Role from Single AWS Account

To specify an IAM role to be used for the restore operation, select the IAM role option and choose the necessary IAM role from the list. Keep in mind that the selected role must belong to an AWS account to which you plan to restore Redshift clusters.

For an IAM role to be displayed in the list of available roles, it must be added to Veeam Backup for AWS with the Amazon Redshift Restore operation selected as described in section Adding IAM Roles. If you have not added the necessary IAM role to Veeam Backup for AWS beforehand, you can do it without closing the Redshift Cluster Restore wizard. To do that, click Add and complete the Add IAM Role wizard.

Important

It is recommended that you check whether the selected IAM role has all the permissions required to perform the operation. If some permissions of the IAM role are missing, the restore operation may fail to complete successfully. To run the IAM role permission check, click Check Permissions and follow the instructions provided in section Checking IAM Role Permissions.

Specifying AWS Account Within AWS Organization

To specify an AWS account to be used for the restore operation, select the Organization account option. Since Veeam Backup for AWS does not support cross-account recovery of Redshift clusters, Veeam Backup for AWS automatically chooses the AWS account to which the source Redshift clusters belong and the organization identity (either an entire AWS Organization or a limited scope of organizational units) that contains the account.

For an organization or an identity to be displayed in the list of available identities, it must be added to Veeam Backup for AWS as described in section Adding AWS Organizations. For an AWS account to be displayed in the list of available accounts, it must be included in the the selected organization identity.

Specifying One-Time Access Keys

To specify one-time access keys to be used for the restore operation, select the Temporary access keys option and use the Access key and Secret key fields to provide the access keys of an IAM user. Note that the IAM user must belong to an AWS account where the source clusters reside.

Note

Veeam Backup for AWS does not store one-time access keys in the configuration database.

Restoring Redshift Clusters

Page updated 4/24/2025

Page content applies to build 9.0.0.304