PowerProtect Data Manager 19.14 Amazon Web Services Deployment Guide

Create an AWS account

To deploy PowerProtect Data Manager to AWS, you must have an AWS account. To set up an account, navigate to https://aws.amazon.com/getting-started/.

Identity and access management

AWS recommends that you create an identity and access management (IAM) user or role for authenticating with AWS and never use root credentials to deploy a CloudFormation template. The IAM user must be allowed to perform AWS CloudFormation actions.

The following links provide more information about AWS best practices:

• Creating an IAM User in Your AWS Account
• Using IAM Roles
• What is AWS CloudFormation?

Security and operational best practices

Amazon recommends that you enable AWS CloudTrail logs to enable governance, compliance, and operational and risk auditing of your AWS account. AWS CloudTrail enables you to do the following:

• View the event history of your AWS account activity, including AWS Management Console actions, AWS SDKs, CLI, and other AWS services.
• Identify the initiator of actions, resources involved, and event timing.

This event history helps to simplify security analysis, resource change tracking, and troubleshooting.

The following links provide more information:

• Working with CloudTrail
• Turn on CloudTrail across all regions and support for Multiple Trails

AWS service limits and restrictions

The following links provide more information about AWS service limits and restrictions:

• Bucket Restrictions and Limitations
• IAM and STS Limits
• How do I manage my AWS service limits?
• AWS Service Quotas

Additional links

The following additional links provide more information about the AWS features that are used with a PowerProtect Data Manager deployment:

• Working with the AWS Management Console
• AWS Cloud Formation
• AWS Identity and Access Management (IAM)
• Amazon Virtual Private Cloud
• Amazon Elastic Compute Cloud Documentation