How to add an AWS account settings to your Cloudzy account


Option 1 (Recommended): Add an AWS account using external IAM role:

  1. Open the Cloudzy Settings page
  2. Click: Add a new account
  3. Enter a Description for the account. Example: "Staging AWS"
    • Cloudzy will provide settings you will need for the AWS IAM console. Leave this browser tab open
  4. Open a new tab in your browser, and login to your AWS console
  5. On your AWS console, click on IAM
  6. Click on Policies, Create Policy
    • Select: Create Your Own Policy
    • Policy Name: "CloudzyBackupPolicy" (or another name you choose)
    • Policy Document: Head over to your Cloudzy browser tab and click "Show Example Policy"
    • Copy and paste the example policy provided into the Policy Document field on the AWS console
    • Click Create Policy
  7. Click Roles, Create new Role:
    • Select: Role for cross-account access
    • Select: Provide access between your AWS account and a 3rd party AWS account
    • Account ID: Enter the Cloudzy Account ID provided on your Cloudzy browser tab
    • External ID: Enter the External ID provided on your Cloudzy browser tab
    • Click Next
    • Attach the policy you created in step 5 "CloudzyBackupPolicy", click Next Step
    • Role Name: "CloudzyRole", click Create Role
    • Click on the newly created role and copy the Role ARN
      • example: arn:aws:iam::1234567800000:role/CloudzyRole
  8. Head over to your Cloudzy browser tab and enter the Role ARN on the Cloudzy Create Account page
  9. Click "Test credentials" to be sure the account is setup correctly
    • You should see "Permissions are set correctly"
  10. Click "Create Credentials". 


You're now ready to setup Jobs and start automatic backups. 





Option 2 (Advanced / not recommended): Add an AWS account using access keys

  1. Open the Cloudzy Settings page
  2. Click: Add a new account
  3. Enter a Description for the account. Example: "Staging AWS"
  4. Open a new tab in your browser, and login to your AWS console
  5. Your AWS user and access keys will need the following permissions: 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1496019595000",
      "Effect": "Allow",
      "Action": [
        "ec2:CreateSnapshot",
        "ec2:DeleteSnapshot",
        "ec2:DescribeSnapshots",
        "ec2:DescribeInstances",
        "ec2:CreateTags",
        "ec2:DescribeSnapshotAttribute",
        "rds:CreateDBSnapshot",
        "rds:CreateDBClusterSnapshot",
        "rds:DeleteDBSnapshot",
        "rds:DeleteDBClusterSnapshot",
        "rds:DescribeDBSnapshots",
        "rds:DescribeDBInstances",
        "rds:DescribeDBSnapshotAttributes",
        "rds:AddTagsToResource",
        "rds:ListTagsForResource",
        "iam:SimulatePrincipalPolicy",
        "budgets:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}