Connecting an AWS account using CloudFormation

To securely perform backup and restore operations, Clumio requires Cross-Account IAM Roles deployed by CloudFormation, see AWS Resources and IAM Permissions(add link to KB article) for details.

To see a list of the resources created and the IAM roles and policies that are created and assigned to the Clumio role, complete the requirements(add link to KB article) checklist.

You can connect to an AWS account either automatically or manually using the CloudFormation template. For instructions on an end-to-end manual on-boarding flow, refer to the manual on-boarding instructions.

1. Sign into your AWS account so that Clumio can deploy the role in the correct account and region.
2. From the Clumio platform, navigate to the AWS > Connect page.
3. Click Add accounts and select Add with CloudFormation from the drop down menu to launch the wizard.
4. On the first screen of the wizard, type or paste your 12-digit AWS account number and select the region or regions you want to connect to Clumio. If you don't see a region you want to connect, contact Clumio support.
5. Specify the asset types you want this connection to support. Click Customize Assets to select specific asset types. By default, the entire set is selected. If you select MS SQL on EC2, then EC2/EBS is selected by default and cannot be deselected since it required.

Note: Once asset types have been selected you cannot remove that asset type when you edit the connection. You can only add assets to this list when you edit the connection.

6. Choose a region to deploy your stack. You can choose any region, it does not affect Clumio functions. The stack is stored in the selected location and Clumio uses the stored stack to create AWS stack sets for other regions in your account that you want to connect.
7. Create the stack. Make sure to log into the AWS account that you want to connect to Clumio and click Launch stack wizard. This will launch the AWS stack creation wizard. Complete the following fields in AWS:
   1. In the Stack name section, modify the default stack name from “ClumioService” to a meaningful name to help you easily identify the stack in the AWS Management Console (optional).
   2. In the Capabilities section, click the checkbox to acknowledge the statement, which informs you that the stack creation process includes creating a custom IAM role and IAM policies.
   3. Click Create stack. AWS creates the resources that will be used by Clumio to perform backups, Snaps, and restores. After the stack has been created, Clumio will try to connect to your AWS account.
8. You can check the connection status from the table on the AWS connect page. A status of "Connecting..." indicates that Clumio is trying to connect to your AWS account.
   If you have connected multiple regions, you can expand the account to view the connection progress for each region. Once all the connections are fully established for the account, the status changes to "Connected."

Edit account connection

You can edit, delete, or add protection to your account connection at any time after it is connected.

1. From Clumio, select AWS > Connect. The AWS connect page displays.
2. Click the Actions column for the account you want to edit and select the Edit option from the pop-up menu.
3. In the dialog that displays, you can edit the description, and organizational unit to which this account belongs. You can only change up or down one level of organizational unit at a time.
4. The AWS region displays the region in which your stack that creates the stack set is located. The location of the stack does not affect your backup settings.
5. Select regions you want to connect from the drop list.
6. You can only add asset types to the connection, you cannot remove the asset types selected when this connection was created.
7. Click Update Cloud Formation template to update the template and save your changes.