Challenge
Backup service is using this role to generate temporary access keys to connect to the S3 bucket where backup data is stored (Veeam Backup Object Repository).Solution
Please follow the instruction below to create the role:1. Please use the following JSON text (replacing <yourbucketname> with actual name) to create IAM Policy by following instructions from How to create IAM Policy article
These permissions will allow backup service to access the S3 repository to save/load data in the object repository
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::<yourbucketname>/*",
"Effect": "Allow"
}
]
}
2. Press "Review policy" button3. Choose a name for the policy e.g. "vb4aws_repo1"
4. Press "Create policy" button
5. Navigate to Roles
6. Choose "Create role"
7. Select type of trusted entity "AWS Service"
8. Choose "S3" in "Choose the service that will use this role"
9. Select your use case "S3"
10. Press on "Next: Permissions" button
11. Enter vb4aws_repo1 in "filter policies" edit box
12. Select the policy with ticking on the checkbox in the first column
13. Press "Next: Tags" button
14. Enter tagging info if desired and press "Next: Review" button
15. Give a name to the IAM Role - you will be using this name in the Veeam Backup for AWS UI (e.g. vb4aws_repo1role)
16. Press "Create role" button
17. After successful creation of the role you will be able to see it in the list of all available roles