Updating IAM Roles
When you update the backup appliance to a newer version, the improvements and new features instantly become available in Veeam Backup for AWS. However, to meet new requirements, IAM roles must be assigned missing permissions manually either using the Veeam Backup for AWS UI or the AWS Management Console.
Updating Default Backup Restore IAM Role
After every product update, Veeam Backup for AWS checks if the Default Backup Restore IAM role created while installing the solution has all necessary permissions to perform backup and restore operations. If some of the permissions are missing, you will receive a warning in the notification area. For more information on permissions required for the Default Backup Restore IAM role after you update Veeam Backup for AWS to version 5a, see Full List of IAM Permissions.
You can update the Default Backup Restore IAM role using the AWS Management Console or instruct Veeam Backup for AWS to do it:
- Click the warning.
- In the IAM Roles Update window, provide one-time access keys of an IAM user that is authorized to update permissions of IAM roles, and then click Apply.
The IAM user must have the following permissions:
Veeam Backup for AWS does not store one-time access keys in the configuration database.
- To make sure that the missing permissions have been successfully granted, navigate to Accounts > IAM Roles, select the Default Backup Restore IAM role and click Check AWS Permissions.
Updating Custom IAM Role
To update the custom IAM role, run a permission check for this role at the IAM Roles page as described in section Checking IAM Role Permissions. If some of the permissions are missing, you will receive a warning in the AWS Permission Check window. You can grant the missing permissions to the IAM role using the AWS Management Console or instruct Veeam Backup for AWS to do it. To learn how to grant permissions to IAM roles using the AWS Management Console, see AWS Documentation.