Loading...

Configuring Cross-Account Sharing of AWS-Encrypted Snapshots with IntelliSnap for Amazon to a Different Account

You can share snapshots of Amazon instances to a different Amazon account. The snapshots are privately shared with the destination account.

AWS supports cross-account snapshot sharing only for custom-encrypted volumes. For default-encrypted volumes, Commvault automatically converts such snapshots to custom-encrypted snapshots, and shares the snapshots with the destination account. If the cvlt keys or tags are not configured in the destination account, then the snapshots of default-encrypted volumes cannot be shared with the destination account.

Before You Begin

Verify that the destination account user has the following permissions:

  • kms:CreateGrant
  • kms:Encrypt
  • kms:Decrypt
  • kms:ReEncrypt*
  • kms:GenerateDataKey*
  • kms:DescribeKey

 Procedure

  1. Log in to the AWS Console as a user associated with the access key and secret key that is configured for the Amazon client from which you will be sharing the snapshot.
  2. From the AWS Console ribbon, click Services.
  3. Click Key Management Service.
  4. Select the required destination account.
  5. Under Key users, select the key tagged with cvlt-ec2 or cvlt-master.
  6. Under Other AWS accounts, click Add Other AWS Account.

    The Other AWS accounts page appears.

  7. In the arn:aws:iam:: box, enter the account number of the destination account to which you will be sharing the snapshot.
  8. Click Save changes.

Last modified: 11/27/2019 5:43:37 AM