• Mike C
    0
    Running on an EC2 instance. The backup worked properly, now I am trying to do a restore from VM stored in S3 to EC2 instance or AMI.

    The restore wizard accesses my S3 bucket & finds everything there. On the target page I am specifying the same S3 account for S3 storage & target EC2 instance. I am not sure if this is correct, but if so, I get a "User is not authorized to perform actions with IAM" message.

    I've added full EC2 admin privileges to the IAM role for the EC@ instance I am running on & no luck.
  • Matt
    91
    First of all I would suggest to double-check if you have followed all setup instructions thoroughly.

    You can refer to out product blog articles:
    https://www.msp360.com/resources/blog/how-to-do-a-full-server-restore-on-amazon-ec2/

    Make sure that you have configured vmimport role correctly:
    https://www.msp360.com/resources/blog/how-to-configure-vmimport-role/

    In order to restore your backup as EC2 instance you need to grant the following permissions to your Amazon Web Services user.

    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": [
    "ec2:ImportInstance",
    "ec2:ImportImage",
    "ec2:RunInstances",
    "ec2:DescribeInstances",
    "ec2:MonitorInstances",
    "ec2:RequestSpotInstances",
    "ec2:RunInstances",
    "ec2:StartInstances",
    "ec2:TerminateInstances",
    "ec2:ModifyInstanceAttribute",
    "ec2:CreateTags",
    "ec2:CancelImportTasks",
    "ec2:StartInstances",
    "ec2:DescribeConversionTasks",
    "ec2:DescribeImportImageTasks",
    "ec2:ImportVolume",
    "ec2:DescribeAvailabilityZones",
    "ec2:DescribeSecurityGroups",
    "ec2:DescribeSubnets",
    "ec2:StopInstances",
    "ec2:DescribeKeyPairs",
    "iam:ListRoles",
    "iam:CancelImportTasks",
    "s3:ListAllMyBuckets"
    ],
    "Resource": "*",
    "Condition": {}
    },
    {
    "Effect": "Allow",
    "Action": "s3:*",
    "Resource": "arn:aws:s3:::{your bucket name}",
    "Condition": {}
    },
    {
    "Effect": "Allow",
    "Action": "sts:GetFederationToken",
    "Resource": "*",
    "Condition": {}
    },
    {
    "Effect": "Allow",
    "Action": "ses:*",
    "Resource": "*",
    "Condition": {}
    }
    ]
    }
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment

Welcome to MSP360 (CloudBerry) Forum!

Thank you for visiting! Please take a moment to register so that you can participate in the discussions!