Step 3. Specify IAM Identity
At the Account step of the wizard, choose whether you want to use an IAM role or one-time access keys of an IAM user to allow Veeam Backup for AWS to perform the restore operation. For information on what permissions the IAM role or IAM user must have to perform restore, see this Veeam KB article.
Make sure, that the specified IAM role or one-time access keys belong to an AWS account in which you plan to restore EC2 instances.
To specify an IAM role for restore:
- Select the IAM Role option.
- Select the necessary IAM role from the list.
For an IAM role to be displayed in the IAM Role list, it must be added to Veeam Backup for AWS as described in Adding IAM Roles. If you have not added the necessary IAM role to Veeam Backup for AWS beforehand, you can do it without closing the Instance Restore wizard. To add an IAM role, click Add and complete the Add Account wizard.
To specify one-time access keys for restore:
- Select the Temporary Access Keys option.
- Use the Access Key and Secret Key fields to provide the access key ID and the secret access key.
Veeam Backup for AWS does not store one-time access keys in the configuration database.