why is role needed for On Demand Backup up for EC2

0

When I was creating an on demand backup for an EC2 using AWS Backup, I noticed that there are two options for IAM role: default and custom. I am wondering since I have the permission to backup EC2, why do I need to specify a role for the backup (or using a default role).

Does it mean that, the role helps to prevent users from restoring the EC2 snapshot?

On Demand Backup for EC2

profile picture
Lottie
feita há 2 meses133 visualizações
1 Resposta
0
Resposta aceita

Hello.

Backup acquisition from AWS Backup is not done directly by IAM users, but AWS Backup performs the backup acquisition on behalf of the user.
Therefore, it is necessary for AWS Backup to assume the IAM role and obtain snapshots etc.
https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html

An AWS Identity and Access Management (IAM) role is similar to a user, in that it is an AWS identity with permissions policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. A service role is a role that an AWS service assumes to perform actions on your behalf. As a service that performs backup operations on your behalf, AWS Backup requires that you pass it a role to assume when performing backup operations on your behalf. For more information about IAM roles, see IAM Roles in the IAM User Guide.

profile picture
ESPECIALISTA
respondido há 2 meses
profile picture
ESPECIALISTA
avaliado há 2 meses
profile pictureAWS
ESPECIALISTA
avaliado há 2 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas