Updating IAM Roles

When you update the backup appliance to a newer version, the improvements and new features instantly become available in Veeam Backup for AWS. However, to meet new requirements, IAM roles must be assigned missing permissions manually either using the Veeam Backup for AWS UI or the AWS Management Console.

To update the IAM role, run a permission check for this role at the IAM Roles tab as described in section Checking IAM Role Permissions. Veeam Backup for AWS will verify whether the IAM role is specified in any backup policy, repository or worker settings and check if all the permissions required to perform these operations are assigned to the role. If some of the permissions are missing, you will receive a warning in the AWS Permission Check window. You can grant the missing permissions to the IAM role using the AWS Management Console or instruct Veeam Backup for AWS to do it. To learn how to grant permissions to IAM roles using the AWS Management Console, see AWS Documentation.

Note

The permission check at the IAM Roles tab verifies only permissions of roles that are currently used by Veeam Backup for AWS. Permissions of IAM roles that are not specified in any settings on the backup appliance and are not used to perform any operations are not checked. That is why it is recommended that you additionally verify IAM role permissions using the built-in wizard permission check when specifying a role for the operation.
The Default Backup Restore IAM role is updated automatically during the upgrade of backup appliances from the Veeam Backup & Replication console. For more information, see Updating Appliances Using Console.