The way that you configure backups for your Amazon DocumentDB instances depends on your AWS deployment and the type of authentication that you use.
For AWS workloads, the configuration wizard includes a CloudFormation template that automatically creates a JSON policy that specifies AWS IAM permissions based on the authentication method that you select, and then attaches the policy to an IAM role or a user group. The policy contains permissions for all AWS workloads that are supported by Commvault Cloud. If certain AWS workloads are not in use, you can detach policies from the IAM role or user group.