Forum Discussion

mccartneyc's avatar
mccartneyc
Level 0
5 years ago

S3 Cloud Storage setup across AWS accounts

Currently using NetBackup to backup servers in a single AWS account to S3 using an IAM user/access keys. This is working fine for backing up to S3 buckets in that account, but there is another AWS account that the NetBackup IAM user has cross acount access to that we want our master server to manage the backups of.

The thing I'm trying to figure out is how do I configure netbackup cloud storage to use the IAM user in Account #1 to access/backup to the S3 buckets in Account #2? The IAM user is working just fine and I can access and manage the S3 buckets through CLI from the master in account #1 to account #2, but when configuring cloud storage, it doesn't have an option to say to use account #2's S3 bucket. It only loads the buckets in account #1 or gives me an option to Add Volume which seems to try and create the bucket in Account #1.

Is it possible to point it directly to an existing bucket in a different account when the IAM user has cross account permissions or is an IAM user needed for each AWS account being accessed?

Thanks

8.1.2
AWS
cloud storage
NetBackup 8.1.2
windows server 2012

2 Replies

Sort By
  • EthanH's avatar
    EthanH
    Level 4
    5 years ago

    Have you tried configuring a new cloud storage server to use Account #2? If I'm understanding the Cloud Admin Guide correctly, it seems that each cloud storage server points to one AWS instance, from which you can make additional buckets as needed. 

    1. Make a new cloud storage server to use the new AWS account

    2. Create new disk pool for new AWS account/instance

    3. You should see the option to make S3 buckets on the new AWS instance.

    I'm no AWS expert, so there may be some IAM interaction that I don't see, but I believe the above steps should let you have the ability to make S3 buckets on the new account.

  • sdo's avatar
    sdo
    Moderator
    5 years ago

    I would expect that any single individual cloud-storage-unit can be tied to only one cloud-account from one cloud-vendor.  So, can you not create a second cloud-storage-unit using the second cloud-account, and then backup to and/or duplicate to/from/between whichever cloud-storage-unit you need to.