Configuring AWS permissions for NetBackup Snapshot Manager
To protect your Amazon Web Services (AWS) assets, NetBackup Snapshot Manager must first have access to them. You must associate a permission policy with each NetBackup Snapshot Manager user who wants to work with AWS assets.
The IAM role attached to the NetBackup Snapshot Manager must trust the EC2 service, so that the NetBackup Snapshot Manager can perform various operations. Add/update the IAM role as follows to trust the EC2 service:
On the the AWS Console, under of the IAM role attached to the NetBackup Snapshot Manager, edit the trust policy to allow the EC2 service to assume this IAM role, and add/append a new statement as follows:
{
"Version": "2024-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "ec2.amazonaws.com" },
"Action": "sts:AssumeRole"
}
]
}Ensure that the user account or role is assigned the minimum permissions required for NetBackup Snapshot Manager.
See AWS permissions required by NetBackup Snapshot Manager.
To configure permissions on Amazon Web Services
- Create or edit an AWS user account from Identity and Access Management (IAM).
- Perform one of the following.
To create a new AWS user account, perform the following:
From IAM, select the Users pane and click Add user.
In the User name field, enter a name for the new user.
Select the Access type. This value determines how AWS accesses the permission policy. (This example uses Programmatic access).
Select Next: Permissions.
On the Set permissions for username screen, select Attach existing policies directly.
Select the previously created permission policy (shown below) and select Next: Review.
On the Permissions summary page, select Create user.
Obtain the Access Key and Secret Key for the newly created user.
To edit an AWS user account, perform the following:
Select Add permissions.
On the Grant permissions screen, select Attach existing policies directly.
Select the previously created permission policy (shown below), and select Next: Review.
On the Permissions summary screen, select Add permissions.
- To configure the AWS plug-in for the created or edited user, refer to the plug-in configuration notes.
More Information