You can use the AWS STS assume role authentication to back up Amazon S3 object storage. The configuration wizard guides you through the configuration process, which includes creating any new entities that are needed, such as a backup plan, an object storage client, and a content group.
Procedure
1. From the Authentication method list, select AWS STS assume role (recommended).
2. Verify an existing CommvaultAdminRole IAM role or create a new CommvaultAdminRole IAM role in the AWS admin account:
- If the CommvaultAdminRole IAM role was previously created for another AWS workload, do the following:
1. Verify that the CommvaultAdminRole-STSAssumePolicy IAM policy for the AWS workload is attached to the CommvaultAdminRole IAM role.
2. At the bottom of the page, select the confirmation check box.
3. Click Next.
The Region page of the configuration wizard appears.
- If the CommvaultAdminRole IAM role does not exist yet, create it in AWS.
/// details | Steps to create CommvaultAdminRole IAM role 1. Click the Launch CloudFormation Stack link to open the AWS console for the AWS admin account.
//// note | Important If you do not have permission to create a role in the AWS account, copy the Launch CloudFormation Stack link and share it with your AWS IAM administrator. ////
2. Log on to the AWS console.
The Quick create stack page appears.
3. Under Capabilities, read the information about the template, and then select the acknowledgment check box.
4. Click Create stack.
Wait for the CloudFormation Stack to finish creating the CommvaultAdminRole IAM role. The CloudFormation Stack creates an IAM policy called CommvaultAdminRole-STSAssumePolicy for STS Assume Role authentication, and then attaches the policy to CommvaultAdminRole.
5. Return to the Commvault configuration wizard. ///