Dell EMC PowerProtect DDVE on Amazon Web Services 7.9 Installation and Administration Guide

Create an AWS account

To deploy DDVE on AWS, you must have an AWS account. To set up an account, go to https://aws.amazon.com/getting-started/.

Identity and access management

AWS recommends that you create an IAM user or role for authenticating with AWS and never use root credentials to deploy the CloudFormation template. The IAM user must be allowed to perform AWS CloudFormation actions. The EC2 instance must be granted the IAM role to provide permissions to S3 storage.

The following links provide more information about AWS best practices:

• Creating-an-IAM-User-in-Your-AWS-Account
• Using-IAM-Roles
• What-is-AWS-CloudFormation?

Security and operational best practices

Amazon recommends that you enable AWS CloudTrail logs to enable governance, compliance, and operational and risk auditing of your AWS account. AWS CloudTrail enables you to:

• View the event history of your AWS account activity, including AWS Management Console actions, AWS SDKs, CLI, and other AWS services.
• Identify the initiator of actions, resources involved, and event timing.

This event history helps to simplify security analysis, resource change tracking, and troubleshooting.

The following links provide more information:

• Working-with-CloudTrail
• Turn-on-CloudTrail-across-all-regions-and-support-for-Multiple-Trails

AWS service limits and restrictions

The following links provide more information about AWS service limits and restrictions:

• Bucket-Restrictions-and-Limitations
• IAM-and-STS-Limits
• How-do-I-manage-my-AWS-service-limits?
• AWS-Service-Quotas

Additional links

The following additional links provide more information about the AWS features that are used with a DDVE deployment:

• Working-with-the-AWS-Management-Console
• AWS-Cloud-Formation
• AWS-Identity-and-Access-Management-(IAM)
• Amazon-Virtual-Private-Cloud
• Amazon-Elastic-Compute-Cloud-Documentation