Amazon Web Services User Permissions for VM Conversion
You can assign Amazon user permissions by creating a policy as described in Overview of IAM Policies.
For non-admin users, you must set permissions in the Amazon Web Services (AWS) user policy to enable virtual machines to be converted to Amazon instances.
Download the amazon_permission_conversion.json file and use it on the AWS command line to apply all of the required permissions. For information about how Commvault uses each permission, see Amazon Web Services Permission Usage.
Prior to any conversion operations, you must enable the VM Import Service role (vmimport) on the Amazon Web Services account and associate that role to the user account that is used to perform conversion operations. Create an AWS role named vmimport (the name is case sensitive) and perform the steps in the "VM Import Service Role" section in Importing a VM as an Image Using VM Import/Export.
You might also need Amazon S3 permissions.
Commvault uses Amazon Web Services (AWS) permissions to perform data protection and data recovery operations for instances that run in AWS. These permissions are used only to access snapshots, volumes, and instance configuration information that are required to back up instances to storage media, to recover instances, and to clean up intermediate entities that are created by Commvault during those operations. In cases where a user with the required administrative privileges requests that a recovered instance overwrites the original instance, the permissions are also used to remove the original instance, but only after confirmation from the user.
Commvault usage of AWS permissions is controlled by the account settings that are used to create a virtualization client (hypervisor). To perform authentication, the virtualization client can use IAM roles or an access key and secret key pair to access the AWS account.
Last modified: 2/6/2019 4:03:46 PM