By using AWS re:Post, you agree to the Terms of Use
/AWS Backup for AWS Organizations IAM Configuration Issue/

AWS Backup for AWS Organizations IAM Configuration Issue

0

I am having issues setting up the required IAM access for cross account backups. As I understand the requirements there are four places to configure IAM access:

Source Account (management account) Backup Vault

Source Account (management account) Resource Assignment

Target Account Backup Vault

Target Account IAM access role

From the AWS Backup Developer Guide p162 I understand that the IAM roles in the Source and Target accounts, Backup Vaults, and the Backup Vault permissions need to match. I have the following configured:

Source Account Backup Vault Access – “Allow Access to Backup Vault from Organisation”

Source Account Resource Assignment – Role with default policy called “AWSBackupOrganizationAdminAccess”

Target Account Backup Vault Access - “Allow Access to Backup Vault from Organisation”

Target Account IAM access role - Role with default policy called “AWSBackupOrganizationAdminAccess”

I have followed the setup guide to enable cross account backups for my AWS organization.

When I run a backup job for an EC2 server in the target account I get the following error:

Your backup job failed as AWS Backup does not have permission to describe resource <aws ec2 arn>

I assume that somewhere I do not have the IAM access configured correctly. As there are four places where I can configure IAM access how do I track down where the issue is?

1 Answers
1
Accepted Answer

I was able to rectify my issue using the following AWS blog: https://aws.amazon.com/blogs/storage/secure-data-recovery-with-cross-account-backup-and-cross-region-copy-using-aws-backup/

I was missing the AWSBackupServiceRolePolicyForBackup and AWSBackupServiceRolePolicyForRestores policies from my AWS Backup IAM role.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions