How to update the AWS Role Permissions

Background

This document details the steps needed to update the N2WS IAM Role Permissions.

This is often needed when upgrading to a newer version as added functionality requires additional AWS Permissions.

Steps for updating a policy

1.

Please visit this link to obtain the JSON permissions files necessary. 

Download the attachment at the bottom of the link.

It has all the IAM policy JSON files in it, sorted by version and edition.

1. Required minimal AWS permissions/roles for CPM operation

2.

Please log in to the AWS Console and Go to the IAM Console https://console.aws.amazon.com/iam/home

3.

Please select the "Roles" option in the left-hand pane and search for your N2WS role you want to update.

4. 

Please click on the Role and scroll down to see the permissions tab.

Here you can see all the permissions policies currently attached to your role.

5.

For each of the existing N2WS policies, Please do steps 6 to 9

If you are upgrading from very old version, the number of policies might change.

in this case you will need to create new policy in addition to updating existing ones.

Please see next section for steps on how to create a policy

6. 

Please click on the '+' sign, then on Edit

7.

A new tab with the policy will open.

Please select all the current content of the policy and delete it.

8. 

Please open the first policy json file for your edition, and copy all its content to the policy editor

It is Important to use notepad to open the JSON file, so when you copy and paste its contents you do not add any formatting characters.
Failure to do this can cause syntax errors when saving the policy and other issues. 

9.

Please scroll down, then click Next and Save changes

Steps for Creating a policy

As mentioned, If you are upgrading from very old version, the number of policies might change.

in this case you will need to create new policy for the additional files in addition to updating existing policies.

For example, If you upgrade from 2.x to 4.x you might have one policy attached to your role, while new version has 3 policies.

In this case, you will need to update the existing policy and also create 2 new policies.

1. Go to the IAM  Console https://console.aws.amazon.com/iam/home

2. Go to 'Policies'.

3. Click on 'Create policy' 

4. Click on JSON, Then delete the content and replace with the json from the minimal permission zip.

It is Important to use notepad to open the JSON file, so when you copy and paste its contents you do not add any formatting characters.

Failure to do this can cause syntax errors when saving the policy and other issues.

5. Then click Next, Select policy name and click Create policy

6. You will need to create a policy for each needed extra json file for your edition.

7. Once all policies are created, go to 'Roles' and click on the role used by the N2WS server

8. Open 'Permissions' tab and click 'Attach policies'

9. Search for the policies you've created and add them by checking the box next to them, then click Add Permissions.

Checking permissions

Once done, you can use this KB solution article to check your permissions.

1. How to Check for AWS Permissions

• Related Articles

• Required minimal AWS permissions/roles for CPM operation

  You can apply all the required roles by using the JSON files inside the archive attached to this article (including the new permissions required for v4.0 and up). Note that for some editions there is more then 1 json file. If you are using FLR or ...

• Permission check may fail with an error "Could not assume role"

  Issue: Permission check may fail with this error message: ERROR:  get_assume_role_credentials(aws_utils.py:1337)  Could not assume role arn arn:<AWS account ARN:RoleName> from account <CPM Account> (<CPM user>), reason User arn:<AWS account ARN:IAM ...

• How to use AWS IAM Policy Simulator to troubleshoot N2WS Backup permission issues.

  Background: Permission issues are one of the most common errors seen by users of N2WS Backup and this article explains how you can use the IAM Policy Simulator to help you narrow down whether permissions are allowed by an IAM User or a Role. This ...

• IAM minimal permissions comparison

  v4.2.1 -> v4.3.0 minimal permissions comparison This table shows the new permissions added to the minimal permission json files in comparison to 4.2.0 Azure AWS "ec2:LockSnapshot", "ec2:UnlockSnapshot", "ec2:DescribeLockedSnapshots" ...

• Minimal Azure permissions/roles for N2WS operations

  The required minimal IAM permissions json is attached to this KB article. You can find detailed steps in our User guide, Chapter 26: https://n2ws.com/support/documentation Or in the following KB Article: How to setup CPM on AWS to backup Azure ...