Home > Data Protection > PowerProtect Data Manager > White Papers > Cloud Disaster Recovery Best Practices > AWS and Azure permissions
The deployment of the AWS cloud components requires you to provide access and secret keys of an IAM user with permissions to create components on your AWS account. The minimal required permissions are described by a policy in a JSON format. The policy JSON can be found in the administrator guide and in the user interface during the deployment process.
The minimal permissions are needed to create the Cloud DR Server instance, VPC, subnets, RDS, and other components. In addition, roles will be created and attached to the Cloud DR Server instance, and later to a recovery service instance. These roles are created in order to provide the Cloud DR Server and the Restore Service instances the necessary permissions to orchestrate the recovery flow.
Although the IAM user can have additional permissions, it is not recommended to provide more permissions than the minimal required as described in the policy JSON. It is also recommended to use a dedicated IAM user that will not be shared or used for other activities, you can also monitor the usage of the IAM user using the IAM console.
The Azure deployment requires you to create an active directory application and provide it Contributor privileges when assigning it to the subscription you are using. The deployment will ask you for Active directory ID, subscription ID, application ID and a secret of that application (secret key).