Launch Cloud Shell to run through the following steps. The icon can be found in the upper right navigation bar in the cloud portal.
We will use the resource service-instance operator to get our Cloud Object Storage instance id (GUID). Use the handy jq utility to only return the GUID.
$ ibmcloud resource service-instance <name-of-icos-instance> --output json | jq -r '.[].guid'
You will use the value returned by the above command in another command. Please note it.
We will create a service ID to interact with our ICOS bucket. A service ID identifies a service or application similar to how a user ID identifies a user. We can assign specific access policies to the service ID that restrict permissions for using specific services.
ibmcloud iam service-id-create <name-of-your-service-id> --description "Service ID for Veeam Scale out repository" --output json
This command simply returns the ID of the service-id that was created. This will be used in place of in the next command.
ibmcloud iam service-id <name-of-your-service-id> --output json | jq -r '.[].id'
You will use the value returned by the above command in another command. Please note it.
We will now create an access policy that gives the Service ID write access to a single IBM Cloud Object Storage bucket.
ibmcloud iam service-policy-create <Service ID> --roles Writer --service-name cloud-object-storage --service-instance <Service Instance GUID> --resource-type bucket --resource <bucket-name>
Veeam uses HMAC credentials (Secret Key/Access Key) so we will need to generate some from cloud shell. We will be binding these new credentials to our Service ID
$ ibmcloud resource service-key-create <name of service key> Writer --instance-id <Service Instance GUID> --service-id <Service ID> --parameters '{"HMAC":true}'
Save the access_key_id and secret_access_key as we will need these when we configure the scale out repository in Veeam.