Permissions
Mind that in order to use Veeam Backup & Replication to back up machines on EC2 instances to an S3 object storage in the AWS environment, Veeam Backup & Replication does not use permissions from the EC2 instance. Instead, to access AWS resources, it uses either Identity and Access Management (IAM) user credentials or AWS account root user credentials added as Veeam Backup & Replication cloud credentials record. However, AWS recommends that you use the IAM user credentials. For details, see the AWS Account Root User Credentials vs. IAM User Credentials section in the AWS General Reference.
The following are required permissions to use Amazon S3 object storage with immutability disabled.
{ "s3:ListBucket", "s3:GetBucketLocation", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListAllMyBuckets", "s3:GetBucketVersioning" } |
The following are required permissions to use Amazon S3 object storage with immutability enabled. For more information on immutability, see the Immutability section in the Veeam Backup & Replication User Guide.
{ "s3:ListBucket", "s3:GetBucketLocation", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListAllMyBuckets", "s3:GetBucketVersioning", "s3:GetBucketObjectLockConfiguration", "s3:ListBucketVersions", "s3:GetObjectVersion", "s3:GetObjectRetention", "s3:GetObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectLegalHold", "s3:DeleteObjectVersion" } |
For example, see this Veeam KB article. For more information on permissions, see this Amazon article.
Consider the following:
- Make sure the account you are using has access to Amazon buckets and folders.
- The ListAllMyBuckets permission is not required if you specify the bucket name explicitly at the Bucket step when Adding Amazon S3 Object Storage to Infrastructure.