Background
This document assumes that the main server running Cloud
Protection Manager (CPM) is setup according to the minimum-Security
requirements document at this link.
https://support.n2ws.com/portal/kb/articles/what-are-the-required-minimal-aws-permissions-roles-for-cpm-operation
You will need the
json policy file to help create the role on the other AWS Account and you need
the file attachment entitled “
minimal_iam_policies_for_cpm.zip”
which can also be downloaded and extracted then copy the file contents entitled
“cpm_minimal_All_permissions” which you will utilize in step 10 of this
document.
This process is as follows:
1. Locate the AWS Account ID number for the user
you want to restore the instance from.

This is done by logging into the AWS console
and selecting Account and
selecting “My Account “
Note: An AWS Account number is a 12-digit
number.
2. Save this AWS Account ID and proceed to the AWS
Account that you want
to recover instances to .
3. Open
the AWS Console and select “Services” at the top of the console under
Security,
Identity & Compliance, choose IAM.
4. In the left-hand pane select “Roles”, Then
Create Role
5. This open the select Trusted Entity Screen and
you will select “Another AWS Account”
This is where you will add the AWS Account
number you located in step 1
6. After you enter the Account Id Number select
“Permissions “which opens the permissions page.
7. Click on “Create Policy”
8. Please select json tab
9. Remove all entries on json tab
10. Copy and paste the contents of the “cpm_minimal_All_permissions”
json file
into this section.
11. Click Review policy in lower right-hand corner
of screen.
12. Add a Name for the Policy and a description
should you need it.
13. Repeat steps 8-12 to create a second policy, you
need to copy and paste the
following into the json tab.
{
"Version":
"2012-10-17",
"Statement": [
{
"Sid":
"VisualEditor0",
"Effect":
"Allow",
"Action": [
"iam:PassRole",
"sts:AssumeRole"
],
"Resource": "*"
}
]
}
14. You must now Attach the second policy as follows,
Select Roles and then locate
the role we created. Now Click on “Attach policy”
button.
15. Locate the second policy we created and select
16. Click on attach policy
17. Verify that you now have two policies attached to this
role by clicking on it
18. You should see both policies attached to the
role.
19. You are now ready to test an instance recovery
using Cloud Protection Manager.
Login into CPM Manager select the Backup Monitor
Tab
20. Locate your Backup Image you want to recover to
the other account and click on “Recover”
21. This opens the recovery Panel
22. You will need to edit the following fields
Restore
to Account Restore to Region
23. Click on Instance button
Under the Basic
Options select Launch from: and choose “Image”.
24. Expand the advanced options
25. The following fields should be edited
Placement: Change
from “By Availability Zone” to “By VPC”
Security Groups: Select Default
Instance Profile: ARN: REMOVE the ARN number so its blank
26. Select “recover Instance” button on right hand side of the recovery Panel.
27. Confirm
you want to perform the Recovery Operation by clicking OK
You will see a message that Recovery Operation
was Successful
You may also open the Recovery Monitor screen and
click on the Open Button under the log
column heading to see what transpired
during recovery operation.
Additional Resources:
Setting up Cross Account Roles:
CPM Documentation: