This document assumes that the main server running Cloud
Protection Manager (CPM) is setup according to the minimum-Security
requirements document at this link.
You will need the
json policy file to help create the role on the other AWS Account and you need
the file attachment entitled “minimal_iam_policies_for_cpm.zip
which can also be downloaded and extracted then copy the file contents entitled
“cpm_minimal_All_permissions” which you will utilize in step 10 of this
This process is as follows:
1. Locate the AWS Account ID number for the user
you want to restore the instance from.
This is done by logging into the AWS console
and selecting Account and
selecting “My Account “
Note: An AWS Account number is a 12-digit
2. Save this AWS Account ID and proceed to the AWS
Account that you want
to recover instances to .
the AWS Console and select “Services” at the top of the console under
Identity & Compliance, choose IAM.
4. In the left-hand pane select “Roles”, Then
5. This open the select Trusted Entity Screen and
you will select “Another AWS Account”
This is where you will add the AWS Account
number you located in step 1
6. After you enter the Account Id Number select
“Permissions “which opens the permissions page.
7. Click on “Create Policy”
8. Please select json tab
9. Remove all entries on json tab
10. Copy and paste the contents of the “cpm_minimal_All_permissions”
into this section.
11. Click Review policy in lower right-hand corner
12. Add a Name for the Policy and a description
should you need it.
13. Repeat steps 8-12 to create a second policy, you
need to copy and paste the
following into the json tab.
14. You must now Attach the second policy as follows,
Select Roles and then locate
the role we created. Now Click on “Attach policy”
15. Locate the second policy we created and select
16. Click on attach policy
17. Verify that you now have two policies attached to this
role by clicking on it
18. You should see both policies attached to the
19. You are now ready to test an instance recovery
using Cloud Protection Manager.
Login into CPM Manager select the Backup Monitor
20. Locate your Backup Image you want to recover to
the other account and click on “Recover”
21. This opens the recovery Panel
22. You will need to edit the following fields
to Account Restore to Region
23. Click on Instance button
Under the Basic
Options select Launch from: and choose “Image”.
24. Expand the advanced options
25. The following fields should be edited
from “By Availability Zone” to “By VPC”
Security Groups: Select Default
Instance Profile: ARN: REMOVE the ARN number so its blank
26. Select “recover Instance” button on right hand side of the recovery Panel.
you want to perform the Recovery Operation by clicking OK
You will see a message that Recovery Operation
You may also open the Recovery Monitor screen and
click on the Open Button under the log
column heading to see what transpired
during recovery operation.
Setting up Cross Account Roles: