After upgrading Veeam Backup for AWS you can receive the following notifications:
You might also want to add the missing IAM Role permissions after the Check Permissions operation performing - here you will find information on how to create access keys and a list of necessary permissions for the user, whose keys you will use to upgrade an IAM role.
"ec2:AttachVolume",
"ec2:CopySnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteSnapshot",
"ec2:DeleteVolume",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeConversionTasks",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstanceTypes",
"ec2:DescribeKeyPairs",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"ec2:DetachVolume",
"ec2:GetEbsDefaultkmsKeyId",
"ec2:ModifyInstanceAttribute",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"iam:GetContextKeysForPrincipalPolicy",
"iam:PassRole",
"iam:SimulatePrincipalPolicy",
"kms:CreateGrant",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:ListAliases",
"kms:ListKeys",
"kms:ReEncryptFrom",
"kms:ReEncryptTo",
Alternatively, you can use the Check Permissions button on the Accounts page within the Configuration section to see the list of missing permissions.
To let Veeam Backup for AWS grant the missing permissions:
To learn how to create access keys, see the AWS Documentation.
The user whose keys you will use to upgrade an IAM role should have the following permissions:
"iam:CreatePolicy",
"iam:GetRole",
"iam:GetPolicy",
"iam:AttachRolePolicy"