Storage Encryption

Steps to provide permission for Resilience service to create encryption keys in the recovery region

Log in to the AWS console with the IAM create/write access. Please make a note of your recovery region/s as we will be using that in our policy.

Follow these five steps to enable the Appranix resilience service to create encryption keys for the recovery region.

  1. Once you are in the console, select the “IAM” service and select “Roles” on the side menu
  2. List of pre-existing roles will appear. On the Search text box, type “AppranixProtectServicePermissions”. You will be able to find a role with the prefix “AppranixProtectServicePermissions”
  3. Click on the role and navigate to the “Permissions” tab
  4. Click on the policy link. Then click the “Edit Policy” and select the “JSON” tab
  5. Update the policy statement by copying the below content into the policy statement

NOTE: Change the regions in the "aws:RequestedRegion" property from the table below.

    "Sid": "CreateKeyAndAlias",
    "Effect": "Allow",
    "Action": [
    "Resource": "*",
    "Condition": {
      "StringEquals": {
        "aws:RequestedRegion": [

The following table lists the name and code of each region.

Region Name Code
US East (Ohio) us-east-2
US East (N. Virginia) us-east-1
US West (N. California) us-west-1
US West (Oregon) us-west-2
Africa (Cape Town) af-south-1
Asia Pacific (Hong Kong) ap-east-1
Asia Pacific (Mumbai) ap-south-1
Asia Pacific (Osaka-Local) ap-northeast-3
Asia Pacific (Seoul) ap-northeast-2
Asia Pacific (Singapore) ap-southeast-1
Asia Pacific (Sydney) ap-southeast-2
Asia Pacific (Tokyo) ap-northeast-1
Canada (Central) ca-central-1
China (Beijing) cn-north-1
China (Ningxia) cn-northwest-1
Europe (Frankfurt) eu-central-1
Europe (Ireland) eu-west-1
Europe (London) eu-west-2
Europe (Milan) eu-south-1
Europe (Paris) eu-west-3
Europe (Stockholm) eu-north-1
Middle East (Bahrain) me-south-1
South America (São Paulo) sa-east-1
Need more help? Submit a ticket