Veeam Backup for AWS 9
User Guide
Archive
Version 8.0 Version 7.0
Related documents
Search

Enabling Worker Deployment in Production Account

[This step applies only if you restore EC2 instances from image-level backups using either the IAM role or the Organization account option]

By default, Veeam Backup for AWS deploys worker instances used to perform restore operations in the backup account. However, you can instruct Veeam Backup for AWS to deploy worker instances in a production account — that is, an account to which the EC2 instances will be restored. To do that, set the Deploy workers in production account toggle to On.

Depending on the option that you select for the restore operation, the following will happen:

  • If you select the IAM role option, you will be able to choose an IAM role that will be attached to the worker instances and used by Veeam Backup for AWS to communicate with these instances. The role you choose must belong to the same account to which the IAM role specified for the restore operation belongs, and must be assigned the permissions listed in section Worker Deployment Role Permissions in Production Accounts.

For an IAM role to be displayed in the list of available roles, it must be added to Veeam Backup for AWS with the Production worker role selected as described in section Adding IAM Roles. If you have not added the necessary IAM role to Veeam Backup for AWS beforehand, you can do it without closing the Add Policy wizard. To do that, click Add and complete the Add IAM Role wizard.

  • If you select the Organization account option, Veeam Backup for AWS will automatically choose one of the roles specified in the settings of the selected organization identity — either the IAM role whose permissions will be used to perform the restore operation, or the IAM role that will be attached to the worker instances and used by Veeam Backup for AWS to communicate with these instances.

For Veeam Backup for AWS to be able to choose an IAM role automatically, it must be created in all AWS accounts of the selected organization identity and added to Veeam Backup for AWS, as described in section Adding AWS Organizations (step 3).

In both cases, you will have to assign additional permissions to the IAM role that will be used to perform the restore operation. For more information on the required permissions, see EC2 Restore IAM Permissions.

Important

If you select the IAM role option, it is recommended that you check whether both the IAM role that will be used to perform the restore operation and the IAM role that will be attached to the worker instances have the required permissions — if some of the permissions are missing, the restore operation will fail to complete successfully. To run the IAM role permission check, click Check Permissions and follow the instructions provided in section Checking IAM Role Permissions.

Restoring Entire EC2 Instance

Page updated 3/21/2025

Page content applies to build 9.0.0.304

View all results across Veeam
Back to document search