AWS Backup custom IAM role

I suggest first having AWS Backup create a default role on your behalf and using the managed policies that are attached to that default role as a reference for the permissions that are required in the custom role you create to pass to AWS Backup. You should see two managed policies attached to the default role, one for backups and one for restores.

thanks!

already created a custom role and attached below two policies with terraform, i confirm it works.

arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup
arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores