Skip to main content
Druva Documentation

VPC Cloning fails

 

Problem description

VPC Cloning fails with the error message, "You are unauthorized to perform this operation. You are not authorized to perform this operation." 

Cause

The Cloud Formation stack is incorrectly updated/removed/deleted. Druva CloudRanger provides a CloudFormation template that is used to create a stack.

The CloudFormation stack generates the following IAM permissions for Druva CloudRanger to access your AWS Account:

  • IAM Role
  • IAM Instance Profile
  • IAM Policy

The generated Amazon Resource Name (ARN) of the IAM role is then linked back to Druva CloudRanger so that it can run backup and restore jobs on your AWS workloads. For more information, see Create an AWS Access Role.

Note: Druva CloudRanger follows all security protocols and best practices recommended by AWS. All-access permissions to your AWS resources and regions are controlled by AWS Identity and Access Management.

Resolution

Update the CloudFormation stack by updating the existing AWS Access Roles in Druva CloudRanger. To do so, follow the steps:

  1. On your Druva CloudRanger console, click the Settings icon to navigate to Account Settings.
    settings.png
  2. Click Configure under AWS Access. Copy the CloudFormation URL.
    Account access.png
    For step-by-step instructions on CloudFormation,  click help me with Cloudformation.
  3. Login to your AWS Console and navigate to the CloudFormation page. Select the stack that you have previously created when configuring Druva CloudRanger, and then click Update.
    CFT.PNG
  4. On the Specify template page, select Replace current template. Then paste the CloudFormation URL into the Amazon S3 URL text box. Click Next.
    Update stack.PNG
  5. Click Next on the Specify stack details and Configure stack options page.
    You will be able to preview the changes before you click Update stack to confirm the CloudFormation changes to resources.
    Change set preview.PNG
  6. Once the stack update is complete, navigate back to Druva CloudRanger, and click Save under Save AWS Access Role.
    Save AWS access role.PNG
    Your IAM role and AWS account access should now be updated with the latest permissions, allowing you to take advantage of any new functionality that is released.
  • Was this article helpful?