Background:
You can backup ec2 instances that are located in a different account then the N2WS server,
This Guide shows the needed configuration for this
AWS Configuration
You need to create a role in the target account IAM that has the following:
1. Same minimal json policies as the N2WS server, for example:
1. Trust relation with the source account, for example:
This will create a trust between the source account and this roles, which will allow CPM to assume this role
CPM Configuration
1. login to server with root user and create a new account,
Fill the target account number, the target role to assume and the Assuming account (Root in this example, which has authntication type: "CPM Instance IAM Role" )
you can now create a policy using this new account and select EC2 instances from the other account.
Troubleshooting
1. getting this error when creating the account
Error: User: arn:aws:sts::12345678:assumed-role/N2WSRoleName/i-xxxxx is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::87654321:role/Rolename.
Possible resolutions:
Aws is notifying you that the CPM role does not have permission/trust to assume the target role.
This might happen because of how the trust relationship is configured,
You need to validate that the trust relationship is properly configured and that the arn mentioned in the error message can assume the role
Thanks for reading this guide,
N2WS Support Team.