Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide
  3. Section I. NetBackup Snapshot Manager for Cloud installation and configuration
  4. NetBackup Snapshot Manager for cloud providers
  5. AWS plug-in configuration notes
  6. Configuring AWS permissions for NetBackup Snapshot Manager
NetBackup™ Snapshot Manager for Cloud Install and Upgrade Guide

Configuring AWS permissions for NetBackup Snapshot Manager

To protect your Amazon Web Services (AWS) assets, NetBackup Snapshot Manager must first have access to them. You must associate a permission policy with each NetBackup Snapshot Manager user who wants to work with AWS assets.

The IAM role attached to the NetBackup Snapshot Manager must trust the EC2 service, so that the NetBackup Snapshot Manager can perform various operations. Add/update the IAM role as follows to trust the EC2 service:

On the the AWS Console, under Trust relationships of the IAM role attached to the NetBackup Snapshot Manager, edit the trust policy to allow the EC2 service to assume this IAM role, and add/append a new statement as follows:

{
  "Version": "2024-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": { "Service": "ec2.amazonaws.com" },
      "Action": "sts:AssumeRole"
    }
  ]
}

Ensure that the user account or role is assigned the minimum permissions required for NetBackup Snapshot Manager.

See AWS permissions required by NetBackup Snapshot Manager.

To configure permissions on Amazon Web Services

  1. Create or edit an AWS user account from Identity and Access Management (IAM).
  2. Perform one of the following.
    • To create a new AWS user account, perform the following:

      • From IAM, select the Users pane and click Add user.

      • In the User name field, enter a name for the new user.

      • Select the Access type. This value determines how AWS accesses the permission policy. (This example uses Programmatic access).

      • Select Next: Permissions.

      • On the Set permissions for username screen, select Attach existing policies directly.

      • Select the previously created permission policy (shown below) and select Next: Review.

      • On the Permissions summary page, select Create user.

      • Obtain the Access Key and Secret Key for the newly created user.

    • To edit an AWS user account, perform the following:

      • Select Add permissions.

      • On the Grant permissions screen, select Attach existing policies directly.

      • Select the previously created permission policy (shown below), and select Next: Review.

      • On the Permissions summary screen, select Add permissions.

  3. To configure the AWS plug-in for the created or edited user, refer to the plug-in configuration notes.

More Information

AWS plug-in configuration notes

Feedback

Was this page helpful?
Previous

AWS permissions required by NetBackup Snapshot Manager

Next

Google Cloud Platform plug-in configuration notes

Feedback

Was this page helpful?