Permission AMI role

juliansbr · Post by **juliansbr** » Feb 21, 2025 3:21 pm this post

Hello guys,

We trying to implement the VBAWS in a high level security environment, wiches the policies rules needed to be transparent. I see some AMI rule to deploy worker are "dungerours" to be assigned, for example "create role" and "delete role".
https://helpcenter.veeam.com/docs/vbaws ... tml?ver=80

I need to understand about which actions, policies and roles are created due to the existence of the "CreateRole" permission on the worker node, which makes the use and creation of any rule broad and therefore we would like to understand what exactly is created through this "CreateRole".

Post by **nielsengelen** » Feb 21, 2025 3:33 pm this post

Hi,

These are required to deploy our workers and for this, we follow AWS best practices and apply certain roles and policies to this. These only apply to the workers and nothing else.

A solution could be to deploy workers in production that require a different set of permissions (see our user guide).

You can also use granular IAM roles within our product to limit permissions assigned to roles.

juliansbr · Post by **juliansbr** » Feb 21, 2025 5:59 pm this post

I've tried to restore operation with FLR on bucket S3 in backup account, and this solution sugested isn't adherent.

Post by **nielsengelen** » Feb 24, 2025 11:29 am this post

Could you clarify what exactly isn't working or fits your infrastructure?

juliansbr · Post by **juliansbr** » Feb 24, 2025 2:39 pm this post

Hello Niels
I've the instance EC2 backup stored in the bucket S3 at backup account and I trying to restore with FLR operation in the same account.
The recovery session finishes with issue message warning to add the 'create role'.

Post by **nielsengelen** » Feb 24, 2025 5:00 pm this post

I would recommend opening a support case for assistance and insight since it will be hard to troubleshoot via these forums and the forums are created for general technical questions.

Could you open a case and let us know the case ID for future reference? This way we can analyse and potentially adjust or improve things in the product if it’s beneficial.

Thanks!

juliansbr · Post by **juliansbr** » Feb 24, 2025 5:18 pm this post

Niels, the case already opened #07598794, but the solution is still far away.

Post by **nielsengelen** » Mar 06, 2025 4:27 pm this post

Hi,

I noticed there was some progress on the case. Please continue working with support as it will be the best way to find a solution due to the requirement for assistance.

R&D Forums

Permission AMI role

Re: Permission AMI role

Re: Permission AMI role

Re: Permission AMI role

Re: Permission AMI role

Re: Permission AMI role

Re: Permission AMI role

Re: Permission AMI role

Who is online