> Software > Protect > Cloud > Discover > AWS

Connect your AWS account and discover resources

Add a cloud connection to connect one or more AWS member accounts in your AWS organization or a single or standalone account and authorize Commvault to discover resources and assess backup costs.

Important

The Commvault software runs the discovery process on the configured accounts every 24 hours. On-demand discovery runs can be performed.

Prerequisites

If your AWS Control Tower uses IAM Identity Center with an external identity provider, configure a SAML app at the company level before you use the IAM Identity Center settings. For more information, see Adding a SAML Application.

Connect one or more AWS member accounts in AWS organization

Configure a cloud connection to discover resources from one or more member accounts in your AWS organization.

Step 1: Launch the create connection wizard

  1. Go to Discover > AWS.

  2. Click Create connection.

  3. Select Organization, and then click Next.

Step 2: Specify the AWS delegated account details

  1. For Cloud connection name, enter a name.

  2. For Delegated Account ID, enter your 12-digit delegated administrator account ID.

  3. To create the CloudFormation stack in the delegated admin account, click Launch the CloudFormation Stack or click Copy Link to access the AWS Management Console manually. If the role already exists, skip this step.

    Need help creating CloudFormation stack?

    1. Log in to the AWS Management Console.

    2. In the Template section, expand View template to review the template information and permissions.

    3. In the Capabilities section, review and acknowledge.

    4. Click Create stack.

    Note

    The CloudFormation stack creates an IAM role (CommvaultDelegatedAdminRole) in your delegated admin account only to discover member accounts. The Commvault software doesn't discover or protect resources in the delegated admin account.

  4. In Advanced options, from the Regional endpoints list, select the specific regions for compliance or operational requirements. By default, the Commvault software connects to all the available public regional endpoints.

  5. Click Next.

Step 3: Select member AWS accounts

  1. Create the CloudFormation stack from the AWS delegated admin account to create IAM roles and permissions in member accounts for resource discovery, backup and restore operations.

    Need help creating CloudFormation stack in member accounts?

    1. Log in to the AWS Management Console as an delegated administrator.

    2. Go to the CloudFormation console.

    3. Navigate to StackSets, and then click Create stack set.

    4. In Specify template section, enter the Amazon S3 URL, and then click Next.

    5. In Parameters section, specify the HostedInfrastructureRoleArn and HostedInfrastructureUserArn, and then click Next.

    6. In the Capabilities section, review and acknowledge, and then click Next.

    7. In the Deployment targets section, select the option to deploy stack to entire organization or specific accounts using organizational units (OUs).

      • By default, the Deploy to organization option is selected.

      • To deploy stack to specific accounts, select the Deploy to organizational units (OUs) option and then specify the AWS OU ID.

    8. In Specify Regions section, select the region to deploy the stack.

    9. Click Next, and then proceed with configuring other stack set options. For more information on creating a stack set, see Create CloudFormation StackSets with service-managed permissions on the AWS documentation website.

    Note

    • You can copy the Amazon S3 template URL, Commvault Cloud IAM Role ARN and Commvault Cloud IAM User ARN values from the Step-by-Step Instructions section.

    • The CloudFormation stack creates an IAM role (CommvaultRole) in your account to discover member accounts.

  2. To select all the member accounts to discover resources, select the Include all accounts option.

    If this option is selected, the Commvault software automatically discovers new accounts in the organization.

  3. To select one or more member accounts for discovery, clear the Include all accounts option and select the accounts from the Accounts list.

  4. Click OK.

  5. Click Next.

Step 4: Configure IAM Identity Center settings

If your AWS Control Tower uses IAM Identity Center with an external identity provider, you must provide the IAM Identity Center region and permission set details.

  1. Enable the Enable IAM Identity Center settings toggle key.

  2. From the IAM Identity Center Region list, select the region.

  3. In the Permission sets box, enter the name of permission set, and then click Add.

  4. Click Next.

Step 5: Review connection details

Review the cloud connection summary, and then click Submit.

Connect standalone AWS account

Configure a cloud connection to discover resources from a single or standalone AWS account.

Step 1: Launch the create connection wizard

  1. Go to Discover > AWS.

  2. Click Add connection.

  3. Select Single account, and then click Next.

Step 2: Specify the AWS account details

  1. For Cloud connection name, enter a name.

  2. For Account ID, enter your 12-digit AWS account ID.

  3. To create the CloudFormation stack in your account, click Launch the CloudFormation Stack or click Copy Link to access the AWS Management Console. If the role already exists, skip this step.

    Need help creating CloudFormation stack?

    1. Log in to the AWS Management Console.

    2. In the Template section, expand View template to review the template information and permissions.

    3. In the Capabilities section, review and acknowledge.

    4. Click Create stack.

    Note

    The CloudFormation stack creates an IAM role (CommvaultCloudConnectionTenantRole) in your account to discover member accounts.

  4. In Advanced options, from the Regional endpoints list, select the specific regions for compliance or operational requirements. By default, the Commvault software connects to all the available public regional endpoints.

  5. Click Next.

Step 3: Review connection details

Review the cloud connection summary, and then click Submit.

×

Loading...