Veeam Backup for AWS 9
REST API Reference
Related documents

IAM Roles

The /accounts/amazon resource collection represents all IAM roles added to the Veeam Backup for AWS configuration database.

Get Collection of IAM Roles

The HTTP GET request to the /accounts/amazon endpoint retrieves a list of all IAM roles added to the Veeam Backup for AWS configuration database.

SecurityBearer
Request
query Parameters
SearchPattern
string

Returns only those items of a resource collection whose names match the specified search pattern in the parameter value.

Offset
integer <int32>

Excludes from a response the first N items of a resource collection.

Limit
integer <int32>

Specifies the maximum number of items of a resource collection to return in a response.

Sort
Array of strings (AmazonAccountsSortColumns)

Specifies the order of items in the response. For more information, see the Veeam Backup for AWS REST API Reference Overview, section Sort Parameter.

Items Enum: "nameAsc" "nameDesc"
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

get/api/v1/accounts/amazon
Request samples 
curl -i -X GET \
  'https://helpcenter.veeam.com/api/v1/accounts/amazon?SearchPattern=string&Offset=0&Limit=0&Sort=nameAsc' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
{}

Add IAM Role

The HTTP POST request to the /accounts/amazon endpoint adds an IAM role to the Veeam Backup for AWS configuration database.

NOTE
Before you add an IAM role, you can check whether the name you plan to specify for the IAM role in Veeam Backup for AWS is unique. For more information, see Validate IAM Role Name.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
name
required
string [ 0 .. 255 ] characters

Specifies a name for an IAM role in Veeam Backup for AWS.

description
string [ 0 .. 512 ] characters

Specifies a description for an IAM role.

object (AmazonAccountIAMRoleCreateSpec)

[Applies only if the role is added using the IAM Role from current account mode] Specifies parameters for the IAM role.

object (AmazonAccountIAMRoleFromAnotherAccountCreateSpec)

[Applies only if the role is added using the IAM Role from another account mode] Specifies parameters for the IAM role.

requestedPermissions
Array of strings (CloudAccountPermission)

Specifies operations that will be performed using permissions of the IAM role.

Items Enum: "RepositoryPermissions" "BackupAccountWorkerRole" "ProductionAccountWorkerRole" "EC2BackupSnapshot" "EC2Replication" "EC2Restore" "RDSSnapshot" "RDSReplication" "RDSRestore" "EFSBackup" "EFSRestore" "VPCBackup" "VPCRestore" "DynamoDbBackup" "DynamoDbRestore" "FsxBackup" "FsxRestore" "RedshiftBackup" "RedshiftRestore" "RedshiftServerlessBackup" "RedshiftServerlessRestore" "OrganizationRescanRole"
Responses
201

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/accounts/amazon
Request samples
{
  • "name": "string",
  • "description": "string",
  • "IAMRole": {
    },
  • "IAMRoleFromAnotherAccount": {
    },
  • "requestedPermissions": [
    ]
}
Response samples
{}

Validate IAM Role Name

The HTTP POST request to the /accounts/amazon/validateName endpoint checks whether the name you plan to specify for an IAM role in Veeam Backup for AWS is unique.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema: application/json
required
name
required
string non-empty

Specifies a name for an IAM role.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/accounts/amazon/validateName
Request samples
application/json
{
  • "name": "Backup Policy Role"
}
Response samples
[
  • {
    }
]

Validate Removing of IAM Role

The HTTP POST request to the /accounts/amazon/{IAMRoleId}/validateDelete endpoint checks whether the IAM role with the specified ID is not used by Veeam Backup for AWS and can be removed from the configuration database.

SecurityBearer
Request
path Parameters
IAMRoleId
required
string <uuid>

System ID assigned to the IAM role in the Veeam Backup for AWS REST API.

header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

403

Forbidden. The user sending a request does not have adequate privileges to access one or more objects specified in the request.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/accounts/amazon/{IAMRoleId}/validateDelete
Request samples 
curl -i -X POST \
  'https://helpcenter.veeam.com/api/v1/accounts/amazon/{IAMRoleId}/validateDelete' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
[
  • {
    }
]

Get IAM Role Data

The HTTP GET request to the /accounts/amazon/{IAMRoleId} endpoint retrieves information on an IAM role with the specified ID.

SecurityBearer
Request
path Parameters
IAMRoleId
required
string <uuid>

System ID assigned to the IAM role in the Veeam Backup for AWS REST API.

header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

get/api/v1/accounts/amazon/{IAMRoleId}
Request samples 
curl -i -X GET \
  'https://helpcenter.veeam.com/api/v1/accounts/amazon/{IAMRoleId}' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
{}

Modify IAM Role

The HTTP PUT request to the /accounts/amazon/{IAMRoleId} endpoint updates an IAM role with the specified ID.

SecurityBearer
Request
path Parameters
IAMRoleId
required
string <uuid>

System ID assigned to the IAM role in the Veeam Backup for AWS REST API.

header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema:
required
name
required
string [ 0 .. 255 ] characters

Specifies a name for an IAM role in Veeam Backup for AWS.

description
string [ 0 .. 512 ] characters

Specifies a description for an IAM role.
Note: If you do not send the description parameter in the request body, the value is set to null by default.

object (AmazonAccountIAMRoleUpdateSpec)

[Applies only if the role was added using the IAM Role from current account mode] Specifies new parameters for the IAM role.

object (AmazonAccountIAMRoleFromAnotherAccountUpdateSpec)

[Applies only if the role was added using the IAM Role from another account mode] Specifies new parameters for the IAM role.

requestedPermissions
Array of strings (CloudAccountPermission)

Specifies operations that will be performed using permissions of the IAM role.

Items Enum: "RepositoryPermissions" "BackupAccountWorkerRole" "ProductionAccountWorkerRole" "EC2BackupSnapshot" "EC2Replication" "EC2Restore" "RDSSnapshot" "RDSReplication" "RDSRestore" "EFSBackup" "EFSRestore" "VPCBackup" "VPCRestore" "DynamoDbBackup" "DynamoDbRestore" "FsxBackup" "FsxRestore" "RedshiftBackup" "RedshiftRestore" "RedshiftServerlessBackup" "RedshiftServerlessRestore" "OrganizationRescanRole"
Responses
200

OK

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

put/api/v1/accounts/amazon/{IAMRoleId}
Request samples
[
  • {
    }
]
Response samples
{}

Remove IAM Role

The HTTP DELETE request to the /accounts/amazon/{IAMRoleId} endpoint removes an IAM role with the specified ID from the Veeam Backup for AWS configuration database.

NOTE
Before you remove an IAM role from the configuration database, make sure that the role is not used by Veeam Backup for AWS. For more information on how to check whether the IAM role can be removed, see Validate Removing of IAM Role.

SecurityBearer
Request
path Parameters
IAMRoleId
required
string <uuid>

System ID assigned to the IAM role in the Veeam Backup for AWS REST API.

header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
204

No Content

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

delete/api/v1/accounts/amazon/{IAMRoleId}
Request samples 
curl -i -X DELETE \
  'https://helpcenter.veeam.com/api/v1/accounts/amazon/{IAMRoleId}' \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'
Response samples
{
  • "type": "http://example.com",
  • "title": "string",
  • "status": 400,
  • "errorCode": "AccessDenied",
  • "details": "string",
  • "instance": "http://example.com",
  • "data": {
    }
}

Perform Infrastructure Rescan for IAM Role

The HTTP POST request to the /accounts/amazon/{IAMRoleId}/rescan endpoint runs the infrastructure rescanning operation for an IAM role with the specified ID.

SecurityBearer
Request
path Parameters
IAMRoleId
required
string <uuid>

System ID assigned to the IAM role in the Veeam Backup for AWS REST API.

header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Request Body schema: application/json
required
rescanType
required
string (RescanType)

Specifies type of resources to rescan.

Enum: "Ec2" "Rds" "Efs" "BackupVault" "DynamoDb" "Fsx" "Redshift" "RedshiftServerless" "All"
regionIds
required
Array of strings <uuid> unique

Specifies system IDs assigned in the Veeam Backup for AWS REST API to AWS Regions you want to rescan. By default, all available AWS Regions and Availability Zones are synchronized.

Responses
202

Accepted

400

Bad Request. The request body is malformed, incomplete or otherwise invalid.

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

404

Not Found. One or more resources specified in the request could not be found in the specified resource collection.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/accounts/amazon/{IAMRoleId}/rescan
Request samples
application/json
{
  • "rescanType": "Ec2",
  • "regionIds": [
    ]
}
Response samples
{}

Export Collection of IAM Roles

The HTTP POST request to the /accounts/amazon/export endpoint exports a list of all IAM roles added to the Veeam Backup for AWS configuration database to a .CSV or an .XML file. To specify the required type of the file, use the Accept request header.

SecurityBearer
Request
header Parameters
x-api-version
required
string
Default: 1.7-rev0

Specifies the current version and revision of the Veeam Backup for AWS REST API.

Responses
200

OK

401

Unauthorized. The Authorization header does not contain an access token, or the provided access token is invalid.

500

Internal Server Error. The request has been received but could not be completed because of an internal error on the server side.

503

Service Unavailable

504

Gateway Timeout

post/api/v1/accounts/amazon/export
Request samples 
curl -i -X POST \
  https://helpcenter.veeam.com/api/v1/accounts/amazon/export \
  -H 'Authorization: YOUR_API_KEY_HERE' \
  -H 'x-api-version: 1.7-rev0'