Step 3. Specify IAM Identity

In this article

    At the Account step of the wizard, choose whether you want to use an IAM role or one-time access keys of an IAM user to allow Veeam Backup for AWS to perform the restore operation. For information on what permissions the IAM role or IAM user must have to perform restore, see VPC Configuration Restore IAM Permissions.


    After you click Next, Veeam Backup for AWS will use the permissions of the specified IAM role or IAM user to validate the restore list created at step 2. If any of the VPC configuration items on which the selected items depend are missing from the current VPC configuration, Veeam Backup for AWS will open the Missing Configuration Items window with the list of the missing items. To proceed to the next step, click Add. The missing items will be automatically added to the restore list.

    Specifying IAM Role

    To specify an IAM role for restore:

    1. Select the IAM role option.
    2. Select the necessary IAM role from the list.

    For an IAM role to be displayed in the IAM role list, it must be added to Veeam Backup for AWS as described in Adding IAM Roles. If you have not added the necessary IAM role to Veeam Backup for AWS beforehand, you can do it without closing the VPC Restore wizard. To add an IAM role, click Add and complete the Add IAM Role wizard.

    It is recommended that you check whether the selected IAM role has all the required permissions to perform restore. To run the IAM role permission check, click Check Permissions. Veeam Backup for AWS will display the Permission check window where you can view the progress and results of the performed check. If the IAM role permissions are insufficient, the check will complete with errors. You can view the list of permissions that must be granted to the IAM role in the Missing Permissions column.

    You can grant the missing permissions to the IAM role in the IAM Management Console or instruct Veeam Backup for AWS to do it. To learn how to grant permissions to an IAM role using the IAM Management Console, see AWS Documentation.

    Step 3. Specify IAM Identity 

    Specifying One-Time Access Keys

    To specify one-time access keys for restore:

    1. Select the Temporary access keys option.
    2. Use the Access key and Secret key fields to provide the access key ID and the secret access key.


    Veeam Backup for AWS does not store one-time access keys in the configuration database.

    Step 3. Specify IAM Identity