why is role needed for On Demand Backup up for EC2
When I was creating an on demand backup for an EC2 using AWS Backup, I noticed that there are two options for IAM role: default and custom. I am wondering since I have the permission to backup EC2, why do I need to specify a role for the backup (or using a default role).
Does it mean that, the role helps to prevent users from restoring the EC2 snapshot?
- 最新
- 投票最多
- 评论最多
Hello.
Backup acquisition from AWS Backup is not done directly by IAM users, but AWS Backup performs the backup acquisition on behalf of the user.
Therefore, it is necessary for AWS Backup to assume the IAM role and obtain snapshots etc.
https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html
An AWS Identity and Access Management (IAM) role is similar to a user, in that it is an AWS identity with permissions policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. A service role is a role that an AWS service assumes to perform actions on your behalf. As a service that performs backup operations on your behalf, AWS Backup requires that you pass it a role to assume when performing backup operations on your behalf. For more information about IAM roles, see IAM Roles in the IAM User Guide.
相关内容
AWS 官方已更新 9 个月前- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 10 个月前
The default role used for AWS Backup is probably AWSBackupDefaultServiceRole
Yes, by default it uses "AWSBackupDefaultServiceRole". https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html