Cloud Accounts in Noovolari Smart Backup are a set of data and permissions that enable the Noovolari account (on which all Noovolari Smart Backup logic resides) to manage your resources.
To make actions on your behalf we need to establish a trust relationship between your AWS account and Noovolari Smart Backup account, this comes in form of the creation of an IAM role inside our customer’s AWS account.
This role comes with a policy with all the actions that you are authorizing to execute and a trust relationship which authorize Noovolari to execute those actions. To further ensure security all trust relationships are generated with an external id, which gives only Noovolari the permission to assume that role.
Noovolari Smart Backup runs on the principle of least privilege. We guarantee to have only the privileges which are essential to perform our intended function.
The only delete actions we need are on Snapshots (for all services) to perform the automatic rotation of backups. Other actions include create, describes and list of resource, to present all information inside Noovolari Smart Backup.