why is role needed for On Demand Backup up for EC2

0

When I was creating an on demand backup for an EC2 using AWS Backup, I noticed that there are two options for IAM role: default and custom. I am wondering since I have the permission to backup EC2, why do I need to specify a role for the backup (or using a default role).

Does it mean that, the role helps to prevent users from restoring the EC2 snapshot?

On Demand Backup for EC2

profile picture
Lottie
已提问 3 个月前137 查看次数
1 回答
0
已接受的回答

Hello.

Backup acquisition from AWS Backup is not done directly by IAM users, but AWS Backup performs the backup acquisition on behalf of the user.
Therefore, it is necessary for AWS Backup to assume the IAM role and obtain snapshots etc.
https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html

An AWS Identity and Access Management (IAM) role is similar to a user, in that it is an AWS identity with permissions policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. A service role is a role that an AWS service assumes to perform actions on your behalf. As a service that performs backup operations on your behalf, AWS Backup requires that you pass it a role to assume when performing backup operations on your behalf. For more information about IAM roles, see IAM Roles in the IAM User Guide.

profile picture
专家
已回答 3 个月前
profile picture
专家
已审核 3 个月前
profile pictureAWS
专家
已审核 3 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则