Setting up AWS for the first time - AWS Backup

Setting up AWS for the first time

Before you use AWS Backup for the first time, complete the following tasks:

Sign up for AWS

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including AWS Backup. You are charged only for the services that you use.

For more information about AWS Backup usage rates, see the AWS Backup Pricing page.

If you have an AWS account already, skip to the next task. If you don't have an AWS account, use the following procedure to create one.

To create an AWS account
  1. Open

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access.

Note your AWS account number, because you'll need it for the next task.

Create an IAM user

Services in AWS, such as AWS Backup, require that you provide credentials when you access them, so that the service can determine whether you have permissions to access its resources. AWS recommends that you do not use the AWS account root user to make requests. Instead, create an IAM user, and grant that user full access. We refer to these users as administrator users. You can use the admin user credentials, instead of the AWS account root user credentials, to interact with AWS and perform tasks, such as create a bucket, create users, and grant them permissions. For more information, see AWS account Root User Credentials vs. IAM User Credentials in the AWS General Reference and IAM Best Practices in the IAM User Guide.

If you signed up for AWS but have not created an IAM user for yourself, you can create one using the IAM console.

To create an administrator user, choose one of the following options.

Choose one way to manage your administrator To By You can also
In IAM Identity Center


Use short-term credentials to access AWS.

This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide.

Following the instructions in Getting started in the AWS IAM Identity Center User Guide. Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center in the AWS Command Line Interface User Guide.

(Not recommended)

Use long-term credentials to access AWS. Following the instructions in Creating your first IAM admin user and user group in the IAM User Guide. Configure programmatic access by Managing access keys for IAM users in the IAM User Guide.

To sign in as this new IAM user, sign out of the AWS Management Console. Then use the following URL, where your_aws_account_id is your AWS account number without the hyphens (for example, if your AWS account number is 1234-5678-9012, your AWS account ID is 123456789012):

Enter the IAM user name and password that you just created. When you're signed in, the navigation bar displays your_user_name@your_aws_account_id.

If you don't want the URL for your sign-in page to contain your AWS account ID, you can create an account alias. From the IAM dashboard, click Create Account Alias and enter an alias, such as your company name. To sign in after you create an account alias, use the following URL:

To verify the sign-in link for IAM users for your account, open the IAM console and check under AWS account Alias on the dashboard.

Create an IAM role

You can use the IAM console to create an IAM role that grants AWS Backup permissions to access supported resources. After you create the IAM role, you will create and attach policies to the role.

To create an IAM role with the console
  1. Sign in to the AWS Management Console and open the IAM console.

  2. In the IAM console, choose Roles in the navigation pane, and choose Create role.

  3. Choose AWS Service Roles, and then choose Select for AWS Backup. Choose Next: Permissions.

  4. On the Attach permissions policies page, check both AWSBackupServiceRolePolicyForBackup, and AWSBackupServiceRolePolicyForRestores. These AWS managed policies grant AWS Backup permission to back up and restore all supported AWS resources. To learn more about managed policies and view examples, see Managed Policies.

    Then, choose Next: Tags.

  5. Choose Next: Review.

  6. For Role Name, type a name that describes the purpose of this role. Role names must be unique within your AWS account. Because various entities might reference the role, you cannot edit the name of the role after you create it.

    Choose Create Role.

  7. On the Roles page, choose the role that you created to open its details page.