Using your existing AWS Backup configuration in AMS Accelerate - AMS Accelerate Operations Plan

Using your existing AWS Backup configuration in AMS Accelerate

After creating a backup plan, you can edit the plan; for example, you can add tags, or you can add, edit, or delete backup rules. Any changes that you make to a backup plan have no effect on existing backups created by the backup plan. The changes apply only to backups that are created in the future.

Common AWS Backup operations

If you have the AWS Management Console or API access, then you can use AWS Backup directly to create, manage and restore your backups.

To configure AWS Backup, see the following documentation:

IAM permissions to perform common AWS Backup operations

AMS Accelerate creates an IAM role in your account called ams-backup-iam-role. Different personas can use this role as follows to perform common AWS Backup operations:

  • Backup administrator: Create, modify and delete AWS Backup plans and AWS Backup vaults. Use the AWS-managed policy arn:aws:iam::aws:policy/AWSBackupFullAccess, along with the following policy, to be able to associate the AMS Accelerate-managed AWS Backup role ams-backup-iam-role to your AWS Backup plans.

    { "Version": "2012-10-17", "Statement": [ { "Action": "iam:PassRole", "Resource": "arn:aws:iam::ACCOUNT_ID:role/ams-backup-iam-role", "Effect": "Allow" } ] }
  • Backup operator: Assign resources to existing AWS Backup plans, create on-demand backups and restore backups as needed. Use the AWS Managed policy arn:aws:iam::aws:policy/AWSBackupOperatorAccess, along with the following policy to be able to use the AMS Accelerate-managed IAM role ams-backup-iam-role for AWS Backup operations such as create, copy, or restore jobs.

    { "Version": "2012-10-17", "Statement": [ { "Action": "iam:PassRole", "Resource": "arn:aws:iam::ACCOUNT_ID:role/ams-backup-iam-role", "Effect": "Allow" } ] }