Add the Amazon S3 Object Storage Repository with an AWS STS Assume Role with IAM Role Policy

To back up S3 buckets in different AWS accounts, or if you need cross AWS accounts, add the Amazon S3 object storage repository with a security token service (STS) assume role.


  1. From the navigation pane, go to Protect > Object storage.

    The Object storage page appears.

  2. In the upper-right area of the page, click Add object storage.

    The Add object storage dialog box appears.

  3. Click Amazon S3.

    The Add Amazon S3 Storage dialog box appears.

  4. In the Object storage name box, enter a name for the repository.

  5. In the Host URL box, enter the Amazon S3 account URL,

    To back up region-based data, enter the AWS service endpoint URL for the region in the format: s3.{region}

  6. From the Authentication list, select AWS STS Assume Role with IAM Role Policy.

  7. For Credentials, click the Create new button (Create new (+) button).

    The Add Credential dialog box appears.

  8. In the Credential name box, enter a name for the credentials.

  9. In the Role ARN box, enter the full IAM role Amazon resource name (ARN) of the cross account that includes the bucket that you want to back up.

  10. Click Save.

  11. Enter the following information:

  12. From the Access node list, select the access node to use for the repository.

  13. From the Plan list, select the server plan to use for the repository.

  14. Click Save.