AWS

This page will walk you through the steps needed to add the IAM role in your AWS account. This role allows the Commvault media agent to discover and backup your VMs

Create the role named "DsioBackupRole" (Case Sensitive)

  1. In AWS Console, go to IAM → Roles

  2. Click the "Create role" button in the top Right

  3. Choose "Custom trust policy".

  4. Paste the following trust policies json:

  5. Replace <Role ARN> with the valid ARN from your email

You will need the Role ARN and the Region from your VM Backup Enable Complete Email

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": { "AWS": "<Role ARN>" },
    "Action": "sts:AssumeRole",
    "Condition": { "StringEquals": { "sts:ExternalId": "<EXTERNAL_ID>" } }
  }]
}

  1. For the EXTERNAL_ID, this can be any value you want. Just note, this value will be used on the following required steps

EXTERNAL_ID example = DSIOVMBackups

  1. click "Next" button on the bottom Right

  2. Skip the Add Permissions for now. Click the "Next" button in the bottom Right

  3. Role name: DsioBackupRole (Case Sensitive).

  4. Click the "Create role" button in the bottom Right

Add permissions to DsioBackupRole

  1. In AWS Console, got to IAM → Roles

  2. Search for DsioBackupRole and click the role

  3. In the DsioBackupRole Summary under the Permissions tab, click the "Add permissions" drop down button and select "Create Inline Policy"

  4. In the Policy editor, select "JSON".

This will switch from the Visual Editor to JSON

  1. Paste the entire following code into the AWS Policy Editor block:

  1. Click the "Next" button on the bottom Right

  2. In Policy details, Name the policy, "DSIO_Backup" for example

  3. Click the "Create Policy" button on the bottom Right

  4. Copy the ARN from the DsioBackupRole summary page. You will need this in the Command Center

PreviousCustomer RequirementsNextCommand Center

Last updated