Adding Configurations for Production Accounts
By design, Veeam Backup for AWS deploys worker instances in production accounts to perform EFS indexing, RDS backup and RDS restore operations. You can specify network settings that will be used to deploy these worker instances.
Note |
If you want Veeam Backup for AWS to deploy worker instances in production accounts to perform EC2 backup and restore operations as well (for example, to restore instances from cloud-native snapshots encrypted using default AWS managed keys), you must configure additional backup policy and restore settings. For more information, Worker Deployment Options. |
To deploy worker instances in production accounts, Veeam Backup for AWS employs the following IAM roles:
- An IAM role that is used to retrieve network settings of AWS Regions in a production account when adding new or editing existing working configurations. The role must be assigned permissions listed in section Worker Configuration IAM Role Permissions.
You must specify this IAM role in the Add Worker Configuration wizard as described in section Adding Worker Configurations.
- An IAM role that is used to perform a backup or restore operation. Veeam Backup for AWS also uses this role to deploy worker instances in a production account. That is why the role must be assigned additional permissions listed in section EFS Backup IAM Role Permissions, EC2 Backup IAM Role Permissions, EC2 Restore IAM Permissions or RDS Backup IAM Role Permissions.
You must specify this IAM role in the backup policy or restore settings as described in section Creating EFS Backup Policies, Creating EC2 Backup Policies, Performing RDS Backup, Performing Entire EC2 Instance Restore, Performing Volume-Level Restore or Performing RDS Database Restore.
- An IAM role that is attached to the deployed worker instances and further used by Veeam Backup for AWS to communicate with the instances. The role must be assigned permissions listed in section Worker Deployment Role Permissions in Production Accounts or FLR Worker IAM Role Permissions.
You must specify this IAM role when enabling worker deployment in production accounts in the backup policy or restore settings as described in section Creating EFS Backup Policies, Creating EC2 Backup Policies, Creating RDS Backup Policies, Performing Entire EC2 Instance Restore, Performing Volume-Level Restore, Performing File-Level Recovery or Performing RDS Database Restore.
Note |
Since you do not specify an IAM role for file-level recovery operations, the role that you specify when enabling worker deployment in production accounts in the restore settings is also used by Veeam Backup for AWS to deploy worker instances. |
Related Topics