AvePoint Docs
Graph API
My support tickets
Graph API
My support tickets
English

Home > Get Started > Enable Infrastructure Resilience > Enable Amazon Web Services (AWS) Resilience

Export to PDF

Enable Amazon Web Services (AWS) Resilience

To enable Amazon Web Services resilience, complete the following steps:

  1. Go to Management > App Management in the AvePoint Online Services interface to create a Cloud Cyber Recovery for AWS app profile. For details, refer to Create an App Profile and Grant Consent.

    To consent the app, access key of your IAM user is required, for detailed steps on retrieving the access key, refer to Create an Access Key.

  2. To protect Elastic Kubernetes Services, if you have limited the public endpoint access, enable the access of Cloud Cyber Recovery’s reserved IP address. For more details on endpoint access configurations, refer to . For details on downloading the reserved IP address, refer to .

  3. After you have completed all the settings above, go to Cloud Cyber Recovery > Infrastructure resilience and create resilience policies for your AWS services and resources. After defining the protection scope and replication schedule in a policy, you can test or run actual failover jobs when required. Note that you can click the Refresh button in the upper-right corner of the service page to retrieve the latest status for the data to protect.

    For details on creating a resilience policy and operating failover, refer to Infrastructure Resilience.

Create an App Profile and Grant Consent

For the infrastructure resilience of Amazon Web Services, you must create an app to connect to your tenant and grant consent for the permissions that this app requests.

Follow the steps below to create the app:

  1. On the Management > App management page in AvePoint Online Services, go to the App profile management tab and click Create on the action bar.

  2. In the Select services step, select Cloud Cyber Recovery (Preview).

    ![Select Cloud Cyber Recovery.]

  3. In the Choose setup method step, select Modern mode and click Next.

  4. In the Consent to apps step, click Consent next to the Cloud Cyber Recovery for AWS app.

    Click Consent.

    *Note: This app is only available after you’ve connected your Amazon tenant.

  5. In the provide information window, specify the IAM user via access key and secret access key. The keys are only used to configure an IAM role and required policies, and the keys will not be stored.

    Note the following:

    • If your AWS organization contains multiple accounts, make sure to create an IAM user for each account. This ensures proper access to load the VMs associated with each respective account. The connection requires the access key ID and secret access key of an IAM user. The IAM user must have the following permissions:

      • kms:\DescribeKey

      • kms:ListKeys

      • kms:\Decrypt

      • kms:Encrypt

      • kms:ListAliases

      • kms:CreateGrant

      • iam:GetPolicyVersion

      • iam:ListRoleTags

      • iam:RemoveRoleFromInstanceProfile

      • iam:CreateRole

      • iam:AttachRolePolicy

      • iam:\PutRolePolicy

      • iam:AddRoleToInstanceProfile

      • iam:\DetachRolePolicy

      • iam:ListAttachedRolePolicies

      • iam:ListRolePolicies

      • iam:ListPolicies

      • iam:GetRole

      • iam:GetPolicy

      • iam:ListEntitiesForPolicy

      • iam:\DeleteRole

      • iam:TagPolicy

      • iam:GetRolePolicy

      • iam:CreateInstanceProfile

      • iam:TagRole

      • iam:\DeletePolicy

      • iam:ListInstanceProfilesForRole

      • iam:\DeleteRolePolicy

      • iam:ListPolicyTags

      • iam:\DeleteInstanceProfile

      • iam:GetInstanceProfile

      • iam:ListRoles

      • iam:CreatePolicy

      To create an access key for your IAM user for third-party services, refer to Create an Access Key.

    • If you want to protect the Amazon EC2 instances with KMS enabled, the IAM user must be added as the key user.

Create an Access Key

To authenticate the requests for backup and restore, you must provide an access key (an access key ID and a secret access key).

Follow the steps below to create an access key for this user:

  1. Go to the user details page and expand the Security credentials tab.

  2. In the Access keys section, click Create access key.

    Click Create access key.

  3. On the Access key best practices & alternatives page, select Third-party service option.

  4. In the Retrieve access keys page, copy the access key and the secret access key or choose to download a .csv file to store the information.