Skip to main content

Query related a IAM user and IAM role:  

Suppose if any customer has a Multiple AWS Accounts  with Control Tower Environment AWS setup, approx. 50+ account and want to take a backup of instance and DB backup using veeam backup for aws appliance,  is it possible using single IAM user and single IAM role to take backup of all workload of this separate account .  Require a IAM role permissions for Control Tower Environment AWS setup, In veeam documentation it is not available. 

Hi ​@SantoshP 

I'm replying from my Phone but if I remember correctly I can tell you that the answer is yes, but it requires a precise configuration based on IAM Role Delegation and the use of a central Management Account.

Create a role in the Management Account with an account and right permission. After this, for every Account, you need to create a dedicated backup role and add Trusted Policy for previos Account. 

Please check dedicated documentation on Veeam and AWS too.  

Sorry if I can't add links at the moment. If anyone of Community user knows better this argument please add other specifications. 

 


You can link 1 specific user to 1 backup.

I believe this documentation can help you:

EC2 Backup IAM Role Permissions - Veeam Backup for AWS Guide

 

I have this post about creating the bucket and permissions. However, it's for VBR, not the AWS Marketplace appliance.

Console AWS - Criando bucket para o Veeam | S3 Standard | Veeam Community Resource Hub

 

Let us know if you manage to set up the users.


Thank you for your reply, Andonet.                                                                                          And if you find any KB article or reference link, please share...   


@Jean.peres.bkp : Thank You..