Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ for Cloud Object Store Administrator's Guide
  3. Managing Cloud object store assets
  4. Adding Cloud object store accounts
  5. Creating cross-account access in AWS
NetBackup™ for Cloud Object Store Administrator's Guide

Creating cross-account access in AWS

If you have multiple AWS accounts in your environment, and NetBackup is deployed in one of these accounts, you can protect your data in all your AWS accounts. You need to configure cross-account data access in the AWS portal, before you select Assume role or Assume role EC2 as your access method. NetBackup only needs the access key, secret key, and role ARN.

Follow the guidelines in AWS documentation for creating cross-account access. Briefly, you need to perform the following steps.

To configure AWS cross-accounts:

  1. Log on to the AWS provider portal.
  2. Create a new IAM role in the target AWS account that you want to protect.
  3. Create a new policy for the IAM role and ensure that it has the required permissions to access the bucket and objects in that target AWS account. See Permissions required for Amazon S3 cloud provider user.
  4. Establish a trust relationship between the source and the target AWS accounts.
  5. In the source AWS account, create a policy that allows the IAM role in the source AWS account to assume the IAM role in the target AWS account.
  6. Attach the policy to the source account user, whose access key and secret access key you use for the assume role.

Feedback

Was this page helpful?
Previous

Adding Cloud object store accounts

Next

Check certificate for revocation

Feedback

Was this page helpful?