Use the following values if you intend to have Velero store the backup snapshots in an AWS s3 endpoint that is configured to allow access using an IAM role.
# Velero plugin to use (since we are backing upto AWS S3 or minio, we are using AWS plugin).initContainers:-name:velero-plugin-for-awsimage:velero/velero-plugin-for-aws:v1.1.0imagePullPolicy:IfNotPresentvolumeMounts:-mountPath:/targetname:plugins## Parameters for the `default` BackupStorageLocation and VolumeSnapshotLocation,## and additional server settings.##configuration:# Cloud provider being used (e.g. aws, azure, gcp).provider:aws# Parameters for the `default` BackupStorageLocation. See# https://velero.io/docs/v1.0.0/api-types/backupstoragelocation/backupStorageLocation:# Cloud provider where backups should be stored. Usually should# match `configuration.provider`. Required.name:aws# Provider for the backup storage location. If omitted# `configuration.provider` will be used instead.provider:# Bucket to store backups in. Required.bucket:velero-backups# Prefix within bucket under which to store backups. Optional.prefix:# Additional provider-specific configuration. See link above# for details of required/optional fields for your provider.config:region:us-east-1# Parameters for the `default` VolumeSnapshotLocation. See# https://velero.io/docs/v1.0.0/api-types/volumesnapshotlocation/volumeSnapshotLocation:# Cloud provider where volume snapshots are being taken. Usually# should match `configuration.provider`. Required.,name:aws# Provider for the backup storage location. If omitted# `configuration.provider` will be used instead.provider:# Additional provider-specific configuration. See link above# for details of required/optional fields for your provider.config:region:us-east-1serviceAccount:server:create:truename:velero-demoannotations:# Info about the secret to be used by the Velero deployment, which# should contain credentials for the cloud provider IAM account you've# set up for Velero.credentials:# Whether a secret should be used as the source of IAM account# credentials. Set to false if, for example, using kube2iam or# kiam to provide IAM credentials for the Velero pod.useSecret:false# Whether to deploy the restic daemonset.deployRestic:false# Automatic backup of the cluster every hourschedules:mybackup:schedule:"0****"template:ttl:"240h"storageLocation:aws
If using IAM Roles, create an IAM policy and attach it to the worker-node-role in the cluster. This will ensure that Velero can communicate with the s3 bucket to backup resources.