> Software > Cloud Service Providers > Amazon Web Services > AWS Control Tower > Commvault Account Blueprints

Commvault Shared Services Account Blueprint

Use the Commvault shared services account blueprint for your Commvault shared services account. Typically, you have a single account that hosts your Commvault infrastructure (compute, storage) for all commercial regions. You might have another shared services account for Gov or China regions.

Resources Deployed

SharedServicesAccount-CFT.yml deploys the following AWS IAM resources:

  • A CommvaultBackupAndRecoveryRole named CommvaultBackupAndRecovery-AFC: Consists of the following AWS managed policies:

    • Commvault_AmazonEC2Protection-AFC: Permits the shared services account to perform backup and recovery of Amazon EC2 instances, Amazon EBS volumes, and related Amazon VPC resources in protected member accounts.

    • Commvault_AmazonRDSProtection-AFC: Permits the shared services account to perform backup and recovery of provisioned and serverless Amazon Aurora and Amazon RDS databases in protected member accounts.

    • Commvault_AmazonRedshiftProtection-AFC: Permits the shared services account to perform backup and recovery of provisioned and serverless Amazon RedShift clusters in protected member accounts.

    • Commvault_AmazonDocDBProtection-AFC: Permits the shared services account to perform backup and recovery of Amazon DocumentDB clusters in protected member accounts.

    • Commvault_IntelliSnapDBFSProtection-AFC: Permits the shared services account to perform backup and recovery of Amazon EC2 instances and associated Amazon EBS volumes running self-managed databases, in protected member accounts.

    • Commvault_AmazonDynamoDBProtection-AFC: Permits the shared services account to perform backup and recovery of fully managed Amazon DynamoDB key-value and document databases in protected member accounts.

    • Commvault_AmazonS3Protection-AFC: Permits the shared services account to perform backup and recovery of Amazon S3 general-purpose and directory-type buckets and objects in protected member accounts in the commercial regions and on AWS Outposts.

    • Commvault_STSAssumePolicy-AFC

  • A CommvaultInstanceProfile named CommvaultBackupAndRecovery-AFC: Is attached to Amazon EC2-based Commvault access nodes and/or MediaAgents for the purposes of backup, recovery, and replication of backup data across accounts and regions.

Note

The Commvault shared services blueprint does not deploy any Amazon EC2 compute or storage resources.

Outputs Populated

When the Commvault shared services account blueprint is successfully deployed, the following outputs are populated:

  • CommvaultBackupAndRecoveryRole: The IAM role/instance profile that you will attach to all Commvault EC2-based compute infrastructure, including access nodes, MediaAgents, index servers, and index gateways.

  • CommvaultS3BatchOperationsRole: The IAM role that the Commvault software passes to S3 Batch Operations to perform batch-enhanced rapid restores from S3 Glacier asynchronous storage classes.

×

Loading...