Skip to main content
Version: 2.7

EKS cluster prerequisites

Before adding your Amazon EKS cluster to Portworx Backup:

  • Create an IAM role in AWS console with the following permissions:

    • ec2:DeleteSnapshot
    • ec2:DescribeInstances
    • ec2:CreateTags
    • ec2:CreateSnapshots
    • ec2:DescribeVolumes
    • ec2:CreateSnapshot
    • ec2:DescribeRegions
    • ec2:DescribeSnapshots
    • ec2:CreateVolume
  • When you try to create a backup using a cloud account, make sure either the bucket is already created, or your credentials include permissions to create a bucket. If a bucket is not already created, you must add the s3:CreateBucket permission to your IAM role.

  • If Portworx is not yet installed on the cluster you wish to back up, you must add the following permissions to your IAM role:

    • s3:ListBucketMultipartUploads
    • s3:ListBucketVersions
    • s3:ListBucket
    • s3:GetBucketAcl
    • s3:GetBucketObjectLockConfiguration
    • s3:ListMultipartUploadParts
    • s3:PutObject
    • s3:GetObjectAcl
    • s3:GetObject
    • s3:ListAllMyBuckets
    • s3:GetObjectVersionAcl
    • s3:DeleteObject
    • s3:PutObjectAcl

    note

    To configure object lock in Portworx Backup, you need to enable additional permissions for the IAM role. For more information, refer to Prerequisites in Create object lock enabled backups.

Related topic: