Granting Required EC2 Permissions

When adding a new S3 Account, we strongly recommend that you use an IAM role with a policy that grants minimum permissions required for proper functioning of MSP360 (CloudBerry) Backup.

The IAM role should have the following permissions to be able to successfully use EC2 services via MSP360 (CloudBerry) products:

• ImportInstance
• ImportImage
• DescribeInstances
• MonitorInstances
• RequestSpotInstances
• RunInstances
• StartInstances
• TerminateInstances
• ModifyInstanceAttribute
• CreateTags
• CancelImportTask
• StartInstances
• DescribeConversionTasks
• DescribeImportImageTasks
• ImportVolume
• DescribeAvailabilityZones
• DescribeSecurityGroups
• DescribeSubnets
• StopInstances
• DescribeKeyPairs
• ImportSnapshot
• DescribeImportSnapshotTasks
• CreateVolume
• DescribeImages

You can use MSP360 (CloudBerry) Explorer to create an IAM role and grant it the required permissions, or manually create a new user role using AWS Management Console. See the following articles for more information:

• How to Use an External ID When Granting Access to Your AWS Resources to a Third Party
• How To Setup a VMimport Role