Problem:
EFS backups may fail with the following error:
Error - failed starting EFS fs-1234abcd backup (vault: Default, iam role: AWSBackupDefaultServiceRole), policy Dailyjob_Policy. Exception: IAM Role arn:aws:iam::############:role/service-role/AWSBackupDefaultServiceRole cannot be assumed by AWS Backup (InvalidParameterValueException)
Resolution:
The issue is the lack of or incorrect configuration of the Role:
Creating IAM Roles in AWS
A default or custom IAM role is necessary for AWS to perform EFS operations on behalf of N2WS.
To create a default IAM Role:
1. Go to the AWS Backup Service:
2. Click the Create an on-demand backup button.
- For Resource type, select EBS.
- For Volume ID, select any EBS volume to backup.
- Select Default IAM Role.
3. Click the Create on-demand backup button. Ignore the error provided by AWS.
Verify that the following role was created on AWS IAM Service:
To create a custom IAM Role:
1. Go to AWS IAM Service:
2. Click the Create role button.
3. Select AWS Backup and click Next: Permissions.
4. Search for BackupService.
5. Select the following AWS managed policies:
- AWSBackupServiceRolePolicyForBackup
- AWSBackupServiceRolePolicyForRestores
6. Click Next: Tags and then click Next: Review.
7. Enter a Role name and click Create role.
For more details on how to configure N2WS Backup and Recovery for EFS see the CPM User Guide: