IAM Role for AWS Configuration
If the Snapshot Manager is deployed in cloud, AWS configuration can be configured to use the IAM role for authentication.
See Add a cloud provider for a Snapshot Manager.
Before proceeding, ensure that the IAM role is configured within AWS. See the NetBackup Snapshot Manager Install and Upgrade Guide for details.
Note:
If you change the IAM role for the NetBackup Snapshot Manager host after the AWS CSP configuration, you need to edit the CSP configuration, and save it once with the same configuration.
The following implementations of the IAM role are supported:
Source account: In this case, the cloud assets that need to be protected are in the same AWS account as Snapshot Manager. Thus, AWS cloud is aware of the AWS account ID and role name, you need to only select the region.
Cross account: In this case, the cloud assets that need to be protected are in a different AWS account than Snapshot Manager. Thus, you need to enter the target account and the target role name details along with the region so that Snapshot Manager can access those assets.
You need to establish a trust relationship between the source and the target account. For example, if this is the role ARN for the role you want to use to configure the plugin:
arn:aws:iam::935923755:role/TEST_IAM_ROLE
So, to configure the plugin, provide the last part of the ARN, the name:TEST_IAM_ROLE
For more details, refer to the Access AWS Accounts Using IAM Roles related information in the Amazon Web Services documentation.