Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Starting with Veeam Backup for AWS v4, all permissions requirements are located in the User Guide:
The permissions listed below in this article are for Veeam Backup for AWS versions before version 4.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ebs:ListChangedBlocks",
"ebs:ListSnapshotBlocks",
"ec2:CreateSnapshot",
"ec2:CreateSnapshots",
"ec2:CreateTags",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeConversionTasks",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeTags",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeVolumes",
"ec2:GetEbsDefaultKmsKeyId",
"ec2:ModifySnapshotAttribute",
"events:DeleteRule",
"events:DescribeRule",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"iam:GetContextKeysForPrincipalPolicy",
"iam:ListInstanceProfiles",
"iam:SimulatePrincipalPolicy",
"kms:CreateGrant",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:ListAliases",
"kms:ListKeys",
"kms:ReEncryptFrom",
"kms:ReEncryptTo",
"servicequotas:ListServiceQuotas",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe",
"sqs:CreateQueue",
"sqs:DeleteMessage",
"sqs:DeleteQueue",
"sqs:ListQueues",
"sqs:ReceiveMessage",
"sqs:SetQueueAttributes",
"ssm:DescribeInstanceInformation",
"ssm:GetCommandInvocation",
"ssm:SendCommand"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"iam:GetContextKeysForPrincipalPolicy",
"iam:GetRole",
"iam:SimulatePrincipalPolicy",
"kms:CreateGrant",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:ListKeys",
"rds:AddTagsToResource",
"rds:CopyDBSnapshot",
"rds:CreateDBSnapshot",
"rds:DeleteDBSnapshot",
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:ModifyDBSnapshotAttribute",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe",
"sqs:CreateQueue",
"sqs:DeleteMessage",
"sqs:DeleteQueue",
"sqs:ListQueues",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:SetQueueAttributes"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeClientVpnAuthorizationRules",
"ec2:DescribeClientVpnEndpoints",
"ec2:DescribeClientVpnRoutes",
"ec2:DescribeClientVpnTargetNetworks",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeManagedPrefixLists",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayMulticastDomains",
"ec2:DescribeTransitGatewayPeeringAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGateways",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:GetManagedPrefixListEntries",
"ec2:GetTransitGatewayRouteTableAssociations",
"ec2:GetTransitGatewayRouteTablePropagations",
"ec2:SearchTransitGatewayRoutes",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"iam:GetContextKeysForPrincipalPolicy",
"iam:ListAccountAliases",
"iam:SimulatePrincipalPolicy",
"ram:GetResourceShares",
"ram:ListPrincipals",
"ram:ListResources",
"ram:ListResourceSharePermissions"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ebs:ListChangedBlocks",
"ebs:ListSnapshotBlocks",
"ec2:AttachVolume",
"ec2:CreateKeyPair",
"ec2:CreateSnapshot",
"ec2:CreateSnapshots",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteKeyPair",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DeregisterImage",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeConversionTasks",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeKeyPairs",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeVolumes",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:DescribeTags",
"ec2:DetachVolume",
"ec2:ImportImage",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySnapshotAttribute",
"ec2:DescribeVolumeAttribute",
"ec2:GetEbsDefaultKmsKeyId",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"events:DeleteRule",
"events:DescribeRule",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"iam:GetContextKeysForPrincipalPolicy",
"iam:GetRole",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfilesForRole",
"iam:ListRolePolicies",
"iam:SimulatePrincipalPolicy",
"kms:DescribeKey",
"kms:ListAliases",
"kms:CreateGrant",
"kms:GetKeyPolicy",
"kms:ReEncryptFrom",
"kms:ReEncryptTo",
"kms:ListKeys",
"s3:GetBucketLocation",
"servicequotas:ListServiceQuotas",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe",
"ssm:GetCommandInvocation",
"ssm:SendCommand",
"sts:AssumeRole",
"sts:GetCallerIdentity",
"sts:GetSessionToken",
"sqs:DeleteMessage",
"sqs:ListQueues",
"sqs:ReceiveMessage",
"sqs:DeleteQueue",
"sqs:SendMessage",
"sqs:CreateQueue",
"sqs:SetQueueAttributes",
"ssm:DescribeInstanceInformation",
"ssm:GetCommandInvocation",
"ssm:SendCommand"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"iam:GetContextKeysForPrincipalPolicy",
"iam:GetRole",
"iam:SimulatePrincipalPolicy",
"kms:CreateGrant",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:ListKeys",
"rds:AddTagsToResource",
"rds:CopyDBSnapshot",
"rds:CreateDBSnapshot",
"rds:DeleteDBSnapshot",
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:ModifyDBSnapshotAttribute",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe",
"sqs:CreateQueue",
"sqs:DeleteMessage",
"sqs:DeleteQueue",
"sqs:ListQueues",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:SetQueueAttributes"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeClientVpnAuthorizationRules",
"ec2:DescribeClientVpnEndpoints",
"ec2:DescribeClientVpnRoutes",
"ec2:DescribeClientVpnTargetNetworks",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeManagedPrefixLists",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayMulticastDomains",
"ec2:DescribeTransitGatewayPeeringAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGateways",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:GetManagedPrefixListEntries",
"ec2:GetTransitGatewayRouteTableAssociations",
"ec2:GetTransitGatewayRouteTablePropagations",
"ec2:SearchTransitGatewayRoutes",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"iam:GetContextKeysForPrincipalPolicy",
"iam:ListAccountAliases",
"iam:SimulatePrincipalPolicy",
"ram:GetResourceShares",
"ram:ListPrincipals",
"ram:ListResources",
"ram:ListResourceSharePermissions"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Your feedback has been received and will be reviewed.
Please try again later.
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Your feedback has been received and will be reviewed.