Adding AWS Regions Manually
To add an AWS Region to the VPC Backup policy, or to choose another IAM role for collecting VPC configuration data, do the following:
- In the Additional regions section, click Add.
- In the Configure account settings window, from the IAM role drop-down list, select an IAM role whose permissions Veeam Backup for AWS must use to perform Amazon VPC configuration backup. In the Account field, the ID of the AWS account in which the IAM role was created will be displayed.
For an IAM role to be displayed in the IAM role list, it must be must be assigned permissions listed in section VPC Configuration Backup IAM Role Permissions and added to Veeam Backup for AWS, as described in section Adding IAM Roles. If you have not added the necessary IAM role to Veeam Backup for AWS beforehand, you can do it without closing the VPC Configuration Backup wizard. To add an IAM role, click Add and complete the Add IAM Role wizard.
- In the Regions section, select the necessary AWS Regions from the Available Regions list on the left, and then click Add.
- To save changes made to the backup policy settings, click Apply.
- To check whether IAM role specified for the selected AWS Regions has all the permissions required to perform Amazon VPC configuration backup, in the Additional regions section, click Check Permissions.
Veeam Backup for AWS will display the AWS Permission Check window where you can view the progress and results of the performed check. If the IAM role permissions are insufficient, the check will complete with errors. You can view the list of permissions that must be granted to IAM roles in the Missing Permissions column. For more information on required permissions, see VPC Configuration Backup IAM Role Permissions.
You can grant the missing permissions to IAM roles in the AWS Management Console or instruct Veeam Backup for AWS to do it. To learn how to grant permissions to IAM roles using the AWS Management Console, see AWS Documentation. To let Veeam Backup for AWS grant the missing permissions:
- In the AWS Permission Check window, click Grant.
- In the Grant Permissions Window, provide one-time access keys of an IAM user that is authorized to update permissions of the IAM role, and then click Apply.
The IAM user whose access keys are used to update the IAM role must have the following permissions:
Veeam Backup for AWS does not store one-time access keys in the configuration database.
You can add, edit or remove additional AWS Regions from the VPC Backup policy.