AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > App Management > Manage App Profiles for Amazon Tenants > Create App Profiles for Amazon Tenants

Export to PDF

Create App Profiles for Amazon Tenants

In Management > App management, the Tenant Owner and Service Administrators can click Create and follow the steps below to create app profiles.

  1. Select services – Select a tenant and select services for which you want to create app profiles. Click Next.

    NOTE

    Before you create an app profile, you must ensure that the tenant has been connected to AvePoint Online Services. For more details on connecting tenants, refer to Connect Tenants.

  2. Choose setup methodModern mode is the recommended mode for all AvePoint’s default apps. In this mode, the related apps are listed in a service-based view, and you can consent to apps separately for the selected services.

  3. Consent to apps – To consent to an app, click Consent next to the app.

    For an Amazon tenant, creating an app profile for the Cloud Backup for AWS app requires an IAM user. Enter your Access key ID and Secret access key to specify an IAM user with at least the following required permissions:

    • iam:CreatePolicy

    • iam:GetRole

    • iam:UpdateAssumeRolePolicy

    • iam:ListPolicyVersions

    • iam:ListAccountAliases

    • iam:CreateRole

    • iam:AttachRolePolicy

    • iam:UpdateRole

    • iam:CreatePolicyVersion

    • iam:\DeletePolicyVersion

    • iam:GetAccountSummary

    • iam:SetDefaultPolicyVersion

  4. When you finish creating app profiles, you can click Finish to exit the Create app profile wizard.

Permissions Required by Cloud Backup for AWS

Once you create an app profile of the Cloud Backup for AWS app type, the IAM role named AWSBackupAdminRole will be created in your AWS environment. Below are the policies which will be added to the IAM role:

  • ebs:*

  • ec2:AttachVolume

  • ec2:CopySnapshot

  • ec2:\DeleteSnapshot

  • ec2:\DescribeAddresses

  • ec2:\DescribeInstances

  • ec2:\DescribeInstanceAttribute

  • ec2:\DescribeRegions

  • ec2:CreateImage

  • ec2:\DescribeSnapshots

  • ec2:\DeleteVolume

  • ec2:\DescribeNetworkInterfaces

  • ec2:StartInstances

  • ec2:CreateSecurityGroup

  • ec2:\DescribeVolumes

  • ec2:CreateSnapshot

  • ec2:\DescribeKeyPairs

  • ec2:\DescribeInstanceStatus

  • ec2:CreateInstanceExportTask

  • ec2:\DetachVolume

  • ec2:TerminateInstances

  • ec2:CreateTags

  • ec2:RegisterImage

  • ec2:ModifyNetworkInterfaceAttribute

  • ec2:RunInstances

  • ec2:StopInstances

  • ec2:AllocateAddress

  • ec2:\DescribeSecurityGroups

  • ec2:CreateVolume

  • ec2:CreateNetworkInterface

  • ec2:\DescribeImages

  • ec2:CreateSnapshots

  • ec2:AssociateAddress

  • ec2:ModifySnapshotAttribute

  • ec2:\DescribeInstanceTypeOfferings

  • ec2:\DescribeAvailabilityZones

  • ec2:\DescribeVpcs

  • ec2:\DescribeInstanceTypes

  • ec2:\DescribeSubnets

  • iam:\PassRole

  • elasticloadbalancing:\DescribeLoadBalancers

  • elasticloadbalancing:RegisterInstancesWithLoadBalancer