> Software > Cloud Service Providers > Amazon Web Services > AWS Control Tower > Commvault Account Blueprints

Commvault Member Account Blueprint

Use the Commvault member account blueprint for your Commvault member or Workloads OU accounts. Typically, you have multiple member accounts to segregate your workloads by environment type (prod, dev, sandbox), application, or data classification.

Parameters

When you deploy new AWS Control Tower accounts using the Commvault member account blueprint, CommvaultSharedServicesAccountID is required to establish a trust policy between the Commvault shared services account and the Commvault member account. The Commvault shared services account ID is available only after you deploy a customized AWS account using the Commvault shared services account blueprint.

Resources Deployed

MemberAccount-CFT.yml deploys the following AWS IAM resources:

  • A CommvaultBackupAndRecoveryRole named CommvaultBackupAndRecovery-AFC: Consists of the following AWS managed policies:

    • Commvault_AmazonEC2Protection-AFC: Permits the shared services account to perform backup and recovery of Amazon EC2 instances, Amazon EBS volumes, and related Amazon VPC resources in protected member accounts.

    • Commvault_AmazonRDSProtection-AFC: Permits the shared services account to perform backup and recovery of provisioned and serverless Amazon Aurora and Amazon RDS databases in protected member accounts.

    • Commvault_AmazonRedshiftProtection-AFC: Permits the shared services account to perform backup and recovery of provisioned and serverless Amazon RedShift clusters in protected member accounts.

    • Commvault_AmazonDocDBProtection-AFC: Permits the shared services account to perform backup and recovery of Amazon DocumentDB clusters in protected member accounts.

    • Commvault_IntelliSnapDBFSProtection-AFC: Permits the shared services account to perform backup and recovery of Amazon EC2 instances and associated Amazon EBS volumes running self-managed databases, in protected member accounts.

    • Commvault_AmazonDynamoDBProtection-AFC: Permits the shared services account to perform backup and recovery of fully managed Amazon DynamoDB key-value and document databases in protected member accounts.

    • Commvault_AmazonS3Protection-AFC: Permits the shared services account to perform backup and recovery of Amazon S3 general-purpose and directory-type buckets and objects in protected member accounts in the commercial regions and on AWS Outposts.

    • Commvault_STSAssumePolicy-AFC

  • A CommvaultInstanceProfile named CommvaultBackupAndRecovery-AFC: Is attached to Amazon EC2-based Commvault access nodes and/or MediaAgents for the purposes of backup, recovery, and replication of backup data across accounts and regions.

Note

The Commvault member account blueprint does not deploy any Amazon EC2 compute or storage resources.

Outputs Populated

When the Commvault member account blueprint is successfully deployed, the following outputs are populated:

  • CommvaultBackupAndRecoveryRole: The IAM role/instance profile that you will attach to all Commvault EC2-based compute infrastructure, including access nodes, MediaAgents, index servers, and index gateways.
×

Loading...