- Newest
- Most votes
- Most comments
We had the same issue while implementing the AWS Backup solution for VMware Cloud. We were using the default role "AWSBackupDefaultServiceRole" which had the same issue.
**Problem : ** Seems that the Backup Gateway is not able to assume the role
**Solution: ** We created a new role and assigned the policies as mentioned below. In the trust relationship policy we updated as below.
**Detailed steps: **
- Create a custom role similar to the default role "AWSBackupDefaultServiceRole"
- Assign the policies " AWSBackupServiceRolePolicyForBackup" , "AWSBackupServiceRolePolicyForRestrore", and "AWS BackupGatewayServiceRolePolicyForVirtualMachineMetadataSync"
- Update trust relationship policy as below
{
“Version”: “2012-10-17",
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: “backup-gateway.amazonaws.com”
},
“Action”: “sts:AssumeRole”
}
]
}
This resolved our problem and we were able to progress with the implementation.
Thank you
Little confuse, but you can have just one KMS Key to backup both environment (OnPrem or VMC on AWS)
They have to use AWS KMS.
Virtual machine backups are always encrypted. The AWS KMS encryption key for virtual machine backups is configured in the AWS Backup vault that the virtual machine backups are stored in.
https://docs.aws.amazon.com/aws-backup/latest/devguide/encryption.html
Relevant content
- Accepted Answerasked 3 months ago
- asked 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- published a year ago
This worked for me! What a life saver. Thank you.