Configuring Cross-Account Sharing of AWS-Encrypted Snapshots with IntelliSnap for Amazon to a Different Account
You can share snapshots of Amazon instances to a different Amazon account. The snapshots are privately shared with the destination account.
AWS supports cross-account snapshot sharing only for custom-encrypted volumes. For default-encrypted volumes, Commvault automatically converts such snapshots to custom-encrypted snapshots, and shares the snapshots with the destination account. If the cvlt keys or tags are not configured in the destination account, then the snapshots of default-encrypted volumes cannot be shared with the destination account.
Before You Begin
Verify that the destination account user has the following permissions:
- kms:CreateGrant
- kms:Encrypt
- kms:Decrypt
- kms:ReEncrypt*
- kms:GenerateDataKey*
- kms:DescribeKey
Procedure
- Log in to the AWS Console as a user associated with the access key and secret key that is configured for the Amazon client from which you will be sharing the snapshot.
- From the AWS Console ribbon, click Services.
- Click Key Management Service.
- Select the required destination account.
- Under Key users, select the key tagged with
cvlt-ec2orcvlt-master. - Under Other AWS accounts, click Add Other AWS Account.
The Other AWS accounts page appears.
- In the arn:aws:iam:: box, enter the account number of the destination account to which you will be sharing the snapshot.
- Click Save changes.
Last modified: 11/27/2019 5:43:37 AM