- Veeam Support Knowledge Base
- Granular AWS Account Permissions for Connection to and Upgrading of Veeam Backup for AWS Appliance
Granular AWS Account Permissions for Connection to and Upgrading of Veeam Backup for AWS Appliance
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
This article contains information relevant to Veeam Backup for AWS and its respective plugin for version 5.
Starting with Veeam Backup for AWS 6, granular permissions are now available within the product user guide:
AWS Plug-In for Veeam Backup & Replication > AWS IAM User Permissions
Objective
This article documents the granular permissions needed for connecting to an existing Veeam Backup for AWS appliance.
Alternatively, cumulative permissions are listed in the Integration with Veeam Backup for AWS Guide.
Solution
Connect
To connect to an existing Veeam Backup for AWS appliance, use an AWS account with the following profile:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": "*"
}
]
}Connect and Upgrade
To connect to an existing Veeam Backup for AWS appliance and be able to upgrade the appliance, use an AWS account with the following profile:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeVolumes",
"ec2:CreateSnapshot",
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:DetachVolume",
"ec2:DeleteVolume",
"ec2:CreateVolume",
"ec2:AttachVolume",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfilesForRole",
"iam:ListRolePolicies",
"iam:PutRolePolicy",
"iam:UpdateAssumeRolePolicy",
"iam:GetAccountSummary",
"iam:SimulatePrincipalPolicy",
"iam:ListAttachedRolePolicies",
"iam:ListPolicyVersions",
"iam:GetPolicyVersion",
"iam:CreatePolicyVersion",
"iam:GetRole",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutObject",
"sts:GetCallerIdentity"
],
"Resource": "*"
}
]
}To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please try again later.
You have selected too large block!
Please try select less.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Thank you!
Your feedback has been received and will be reviewed.