NetBackup™ Marketplace Deployment on Amazon Elastic Kubernetes Service (EKS) Cluster

Last Published:
Product(s): NetBackup & Alta Data Protection (10.2)

Policies required in creating IAM roles for new and existing clusters

Ensure that the following IAM policies are assigned to the respective IAM role:

Policies required for creating IAM role for EKS Cluster and Node groups

IAM Policies

Trust Relationship

AmazonEKSClusterPolicy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "eks.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

AmazonEKSWorkerNodePolicy

AmazonEC2ContainerRegistryReadOnly

AmazonEKS_CNI_Policy

AmazonEKSServicePolicy

Note:

Along with the managed policies mentioned below, some additional permissions are required for NetBackup Snapshot Manager to configure AWS plugin and discover assets, manage the snapshots etc. To add permissions required for NetBackup Snapshot Manager refer NetBackup™ Snapshot Manager Install and Upgrade Guide .

Policies required for creating IAM role to access EKS Cluster from EC2 instance

IAM Policies

Trust Relationship

AmazonEKSClusterPolicy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

AmazonEKSWorkerNodePolicy

AmazonEC2ContainerRegistryReadOnly

AmazonEKS_CNI_Policy

AmazonEKSServicePolicy