The process of Elastio deployment consists of two stages: an account-level Elastio CloudFormation stack is deployed first, followed by a regional Elastio Cloud Connector. CloudFormation stack provides the access from the Elastio Tenant to your AWS account. When deploying CloudFormation stack, Elastio creates
ElastioInstaller role is needed to install, update and delete Elastio Cloud Connector and its components.
ElastioTenant role is required for the communication between the Elastio Cloud Connector and an Elastio Tenant.
ElastioInstaller role has extended permissions that are required for the Elastio deployment only.
While being deployed to your AWS account, Elastio also creates various resources to set a proper infrastructure for backup and restore operations, as well as integrity checks. A list of the resources created by Elastio within your AWS account can be viewed here.
Additionally, Elastio creates IAM policies in your AWS account upon Elastio account level stack deployment:
These IAM policies are provided for the convenience of Elastio customers. The policies can be attached to customer-created IAM roles, users, or groups to grant the minimal permissions required to allow entities to perform certain Elastio operations.