Permissions for creating the IAM role using a CloudFormation template
IMPORTANT: This information is only for Bring Your Own Cloud customers who back up servers to their own Amazon Web Services (AWS) accounts. If you back up servers to OpenText Hosted Cloud storage, you do not need to create an IAM role.
To create the IAM role that allows Server Backup agents to access your S3 buckets, we recommend downloading a CloudFormation template from the Management Console and using the template to create a stack in the AWS CloudFormation console. To do this, you must have AWS permissions to create and update stacks, work with S3 buckets, and manage IAM roles.
The following sample shows possible permissions for setting up Server Backup storage using a downloaded CloudFormation template. To determine the permissions you require, consult with an AWS power user in your organization or see documentation from Amazon Web Services.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:CreateUploadBucket",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"cloudformation:ListStacks",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:GetTemplateSummary",
"cloudformation:DescribeChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:ExecuteChangeSet",
"s3:PutBucketObjectLockConfiguration",
"s3:PutBucketVersioning",
"s3:CreateBucket",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutBucketPolicy",
"iam:AddRoleToInstanceProfile",
"iam:AttachRolePolicy",
"iam:CreateInstanceProfile",
"iam:CreatePolicy",
"iam:CreatePolicyVersion",
"iam:CreateRole",
"iam:DeleteInstanceProfile",
"iam:DeletePolicyVersion",
"iam:DeleteRole",
"iam:DetachRolePolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:ListRoles",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:RemoveRoleFromInstanceProfile",
"iam:UpdateAssumeRolePolicy"
],
"Resource": ["*"]
}
]
}