Enabling Automatic Protection

In this article

    To instruct Veeam Backup for AWS to protect VPC configuration of all AWS Regions specified in EC2 and RDS backup policy settings, in the Automatically protected regions section, set the Automatically collect VPC settings toggle to On.

    To retrieve VPC configurations of all automatically protected AWS Regions, Veeam Backup for AWS will use permissions of IAM roles specified in the settings of backup policies that protect instances residing in these AWS Regions. It is recommended that you check whether IAM roles whose permissions EC2 and RDS backup policies use to perform data protection operations have all the required permissions to perform Amazon VPC configuration backup. If the IAM role permissions are insufficient, the backup policy will fail.

    To run the IAM role permission check:

    1. In the Automatically Protected Regions section, click the Discovered regions link.
    2. In the Discovered regions window, select the IAM role whose permissions you want to check.
    3. Click Check Permissions.

    Veeam Backup for AWS will display the AWS Permission Check window where you can view the progress and results of the performed check. If the IAM role permissions are insufficient, the check will complete with errors. You can view the list of permissions that must be granted to the IAM role in the Missing Permissions column. For more information on required permissions, see VPC Configuration Backup IAM Role Permissions.

    You can grant the missing permissions to the IAM role in the IAM Management Console or instruct Veeam Backup for AWS to do it. To learn how to grant permissions to an IAM role using the IAM Management Console, see AWS Documentation.  To let Veeam Backup for AWS grant the missing permissions:

    1. In the AWS Permission Check window, click Grant.
    2. In the Grant Permissions Window, provide one-time access keys of an IAM user that is authorized to update permissions of the IAM role, and then click Apply.

    The IAM user whose access keys are used to update the IAM role must have the following permissions:

    "iam:CreatePolicy",

    "iam:GetRole",

    "iam:GetPolicy",

    "iam:AttachRolePolicy"

    Note

    Veeam Backup for AWS does not store one-time access keys in the configuration database.

    1. To make sure that the missing permissions were successfully granted, click Recheck.

    Enabling Automatic Protection