why is role needed for On Demand Backup up for EC2

0

When I was creating an on demand backup for an EC2 using AWS Backup, I noticed that there are two options for IAM role: default and custom. I am wondering since I have the permission to backup EC2, why do I need to specify a role for the backup (or using a default role).

Does it mean that, the role helps to prevent users from restoring the EC2 snapshot?

On Demand Backup for EC2

profile picture
Lottie
posta 2 mesi fa133 visualizzazioni
1 Risposta
0
Risposta accettata

Hello.

Backup acquisition from AWS Backup is not done directly by IAM users, but AWS Backup performs the backup acquisition on behalf of the user.
Therefore, it is necessary for AWS Backup to assume the IAM role and obtain snapshots etc.
https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html

An AWS Identity and Access Management (IAM) role is similar to a user, in that it is an AWS identity with permissions policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. A service role is a role that an AWS service assumes to perform actions on your behalf. As a service that performs backup operations on your behalf, AWS Backup requires that you pass it a role to assume when performing backup operations on your behalf. For more information about IAM roles, see IAM Roles in the IAM User Guide.

profile picture
ESPERTO
con risposta 2 mesi fa
profile picture
ESPERTO
verificato 2 mesi fa
profile pictureAWS
ESPERTO
verificato 2 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande