How to Check for AWS Permissions

Each account in N2WS is mapped to a specific Roles or IAM user in AWS, You can see the list of account and authentication types in the Account Tab:

  

For each account, you can select it and then click on 'Check AWS Permissions'

This will test the permissions status for the account by category, If they are fine it will be Green and if something is missing it will be red

  

What to do If permissions are missing?

you need to make sure you download the latest json policies from this KB Article.

Be aware that for some editions you have 2 json policy file, If there are two then you need them BOTH.

1. Link: What are the required minimal AWS permissions/roles for CPM operation?

Can anything else impact permissions?

1.

Yes, sometimes other AWS configuration might impact permissions,

For example AWS Oragnization SCP(Service Control Policies) 

One useful tool is the AWS Policy Simulator which can help you test for permission:

1. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html

• Related Articles

• What are the required minimal AWS permissions/roles for CPM operation?

  You can apply all the required roles by using the JSON files inside the archive attached to this article (including the new permissions required for v4.0 and up). Note that for some editions there is more then 1 json file. If you are using FLR or ...

• How to setup cross account/cross region recovery in CPM 2.x

  Background This document assumes that the main server running Cloud Protection Manager (CPM) is setup according to the minimum-Security requirements document at this link. ...

• How to use AWS IAM Policy Simulator to troubleshoot N2WS Backup permission issues.

  Background: Permission issues are one of the most common errors seen by users of N2WS Backup and this article explains how you can use the IAM Policy Simulator to help you narrow down whether permissions are allowed by an IAM User or a Role. This ...

• Permission checks fails with Error: “User not Found”

  Permission checks fails with Error: “User not Found”   You may receive the following error when checking permissions on an account within CPM.  Also, the policy check .CSV file will show only “User not Found” when opened. In the cpm_server logs you ...

• EFS - cross account tag scan may fail with Error: Invalid IAM role ARN

  When adding EFS to a policy via a tag, it may fail with one of the following errors: (tag for example: efstesting+vault=n2ws+exp_opt=D+exp_opt_val=30+role_arn=arn:aws:iam::12345678:role/CPM) Critical Error - Can't update EFS to backup targets. Error: ...