Configure the EC2 IAM role details before configuring the storage library using the AWS STS Assume Role with IAM Role Policy authentication access.
Procedure
-
Create an Amazon EC2 Role (For example:
DemoEC2Role) with STS Policy with AssumeRole. (Sample json file.)For links to JSON files for various AWS data types and use cases, see IAM Policies for Protecting AWS Services with Commvault.
-
Create a S3 Role (For example: DemoS3Role) with S3 Policy with the permissions shown in the json file. (Sample json file.)
For links to JSON files for various AWS data types and use cases, see IAM Policies for Protecting AWS Services with Commvault.
-
From the S3 Role, Trust Relationship tab, click Edit Trust relationship, provide the EC2 Role ARN (For example: DemoEC2Role) as shown in the json file. (Sample json file.)
For links to JSON files for various AWS data types and use cases, see IAM Policies for Protecting AWS Services with Commvault.
-
Attach EC2 Role (For example: DemoEC2Role) to the EC2 instance.
-
Copy the S3 Role ARN and provide this role as the ARN input during library configuration.
For example:
arn:aws:iam::xxxxxxxxxxx:role/DemoS3Role