How Can We Help?
Table of Contents
FenixDFA AWS Backup Integration Guide
Overview
This document describes the integration process between FenixDFA and AWS Backup, detailing the required configuration steps and data needed for successful integration.
Prerequisites
- Access to the AWS Management Console
- AWS IAM user or role with appropriate permissions for AWS Backup
- Active AWS account and region with AWS Backup configured
Configuration Process
1. Create an IAM User or Role
- Navigate to the IAM section in the AWS Management Console.
- For IAM User:
- Select Users and click Add Users.
- Provide a username and select Programmatic Access.
- Attach the necessary permissions (e.g.,
AWSBackupReadOnlyAccess) or create a custom policy. - Complete the setup and download the Access Key ID and Secret Access Key.
- For IAM Role:
- Select Roles and click Create Role.
- Choose a trusted entity (e.g., an EC2 instance or Lambda function).
- Attach the necessary permissions (e.g.,
AWSBackupReadOnlyAccess) or create a custom policy. - Save the role’s ARN for future use.
2. Configure Permissions
If using a custom policy, ensure it includes at least the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AwsBackupAllAccess",
"Effect": "Allow",
"Action": [
"backup:Get*",
"backup:List*",
"backup:Describe*"
],
"Resource": "*"
},
{
"Sid": "RDSDescribeAccess",
"Effect": "Allow",
"Action": [
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:describeDBEngineVersions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
"rds:describeDBSubnetGroups",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBInstanceAutomatedBackups",
"rds:DescribeDBClusterAutomatedBackups"
],
"Resource": "*"
},
{
"Sid": "DynamoDBAccess",
"Effect": "Allow",
"Action": [
"dynamodb:ListBackups",
"dynamodb:ListTables"
],
"Resource": "*"
},
{
"Sid": "EFSAccess",
"Effect": "Allow",
"Action": [
"elasticfilesystem:DescribeFilesystems"
],
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Sid": "EC2Access",
"Effect": "Allow",
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:describeAvailabilityZones",
"ec2:DescribeVpcs",
"ec2:DescribeAccountAttributes",
"ec2:DescribeSecurityGroups",
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:DescribePlacementGroups",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeAddresses"
],
"Resource": "*"
},
{
"Sid": "TagReadAccess",
"Effect": "Allow",
"Action": [
"tag:GetTagKeys",
"tag:GetTagValues",
"tag:GetResources"
],
"Resource": "*"
},
{
"Sid": "StorageGatewaySCSIAccess",
"Effect": "Allow",
"Action": [
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Sid": "StorageGatewayReadAccess",
"Effect": "Allow",
"Action": [
"storagegateway:ListGateways"
],
"Resource": "arn:aws:storagegateway:*:*:*"
},
{
"Sid": "StorageGatewayDiskReadAccess",
"Effect": "Allow",
"Action": [
"storagegateway:DescribeGatewayInformation",
"storagegateway:ListLocalDisks"
],
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
},
{
"Sid": "StorageGatewayVolumeReadAccess",
"Effect": "Allow",
"Action": [
"storagegateway:ListVolumes"
],
"Resource": "*"
},
{
"Sid": "OrganizationsAccess",
"Effect": "Allow",
"Action": "organizations:DescribeOrganization",
"Resource": "*"
},
{
"Sid": "SSMReadAccess",
"Effect": "Allow",
"Action": [
"ssm:CancelCommand",
"ssm:GetCommandInvocation"
],
"Resource": "*"
},
{
"Sid": "FSXDescribeAccess",
"Effect": "Allow",
"Action": "fsx:DescribeBackups",
"Resource": "arn:aws:fsx:*:*:backup/*"
},
{
"Sid": "FSxFileAccess",
"Effect": "Allow",
"Action": "fsx:DescribeFileSystems",
"Resource": "arn:aws:fsx:*:*:file-system/*"
},
{
"Sid": "FSxVolumeAccess",
"Effect": "Allow",
"Action": "fsx:DescribeVolumes",
"Resource": "arn:aws:fsx:*:*:volume/*/*"
},
{
"Sid": "FSxMachineAccess",
"Effect": "Allow",
"Action": "fsx:DescribeStorageVirtualMachines",
"Resource": "arn:aws:fsx:*:*:storage-virtual-machine/*/*"
},
{
"Sid": "DirectoryServiceAccess",
"Effect": "Allow",
"Action": "ds:DescribeDirectories",
"Resource": "*"
},
{
"Sid": "BackupGatewayListAccess",
"Effect": "Allow",
"Action": [
"backup-gateway:ListGateways",
"backup-gateway:ListHypervisors",
"backup-gateway:ListTagsForResource",
"backup-gateway:ListVirtualMachines"
],
"Resource": "*"
},
{
"Sid": "BackupGatewayHypervisorAccess",
"Effect": "Allow",
"Action": [
"backup-gateway:GetHypervisor",
"backup-gateway:GetHypervisorPropertyMappings"
],
"Resource": "arn:aws:backup-gateway:*:*:hypervisor/*"
},
{
"Sid": "BackupGatewayMachineAccess",
"Effect": "Allow",
"Action": [
"backup-gateway:GetVirtualMachine"
],
"Resource": "arn:aws:backup-gateway:*:*:vm/*"
},
{
"Sid": "BackupGatewayAccess",
"Effect": "Allow",
"Action": [
"backup-gateway:GetBandwidthRateLimitSchedule",
"backup-gateway:GetGateway"
],
"Resource": "arn:aws:backup-gateway:*:*:gateway/*"
},
{
"Sid": "CloudWatchAccess",
"Effect": "Allow",
"Action": "cloudwatch:GetMetricData",
"Resource": "*"
},
{
"Sid": "TimestreamListAccess",
"Effect": "Allow",
"Action": [
"timestream:ListDatabases",
"timestream:ListTables"
],
"Resource": [
"arn:aws:timestream:*:*:database/*"
]
},
{
"Sid": "TimestreamDescribeAccess",
"Effect": "Allow",
"Action": [
"timestream:DescribeEndpoints"
],
"Resource": "*"
},
{
"Sid": "S3ListAccess",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "RedshiftAccess",
"Effect": "Allow",
"Action": [
"redshift:DescribeClusters",
"redshift:DescribeClusterSubnetGroups",
"redshift:DescribeClusterSnapshots",
"redshift:DescribeSnapshotSchedules"
],
"Resource": [
"arn:aws:redshift:*:*:cluster:*",
"arn:aws:redshift:*:*:subnetgroup:*",
"arn:aws:redshift:*:*:snapshot:*/*",
"arn:aws:redshift:*:*:snapshotschedule:*"
]
},
{
"Sid": "RedshiftOptionsAccess",
"Effect": "Allow",
"Action": [
"redshift:DescribeNodeConfigurationOptions",
"redshift:DescribeOrderableClusterOptions",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterTracks"
],
"Resource": "*"
},
{
"Sid": "RedshiftServerlessListPermissions",
"Effect": "Allow",
"Action": [
"redshift-serverless:ListNamespaces",
"redshift-serverless:ListSnapshots",
"redshift-serverless:ListWorkgroups"
],
"Resource": [
"*"
]
},
{
"Sid": "RedshiftServerlessGetPermissions",
"Effect": "Allow",
"Action": [
"redshift-serverless:GetNamespace",
"redshift-serverless:GetSnapshot",
"redshift-serverless:GetWorkgroup"
],
"Resource": [
"arn:aws:redshift-serverless:*:*:namespace/*",
"arn:aws:redshift-serverless:*:*:workgroup/*",
"arn:aws:redshift-serverless:*:*:snapshot/*"
]
},
{
"Sid": "CloudFormationAccess",
"Effect": "Allow",
"Action": [
"cloudformation:ListStacks"
],
"Resource": [
"arn:aws:cloudformation:*:*:stack/*"
]
},
{
"Sid": "SAPAccess",
"Effect": "Allow",
"Action": [
"ssm-sap:GetOperation",
"ssm-sap:ListDatabases"
],
"Resource": "*"
},
{
"Sid": "SAPDatabaseAccess",
"Effect": "Allow",
"Action": [
"ssm-sap:GetDatabase",
"ssm-sap:ListTagsForResource"
],
"Resource": "arn:aws:ssm-sap:*:*:*"
},
{
"Sid": "RAMAccess",
"Effect": "Allow",
"Action": [
"ram:GetResourceShareAssociations"
],
"Resource": "*"
},
{
"Sid": "DSQLDescribePermissions",
"Effect": "Allow",
"Action": [
"dsql:GetCluster",
"dsql:ListClusters",
"dsql:ListTagsForResource"
],
"Resource": "*"
}
]
}