Installing Veeam Backup for AWS from AMI

In this article

    Important

    While installing Veeam Backup for AWS from the Amazon Machine Image (AMI), you will be asked to provide one-time access keys of an IAM user to allow Veeam Backup for AWS create the IAM roles required for the backup appliance configuration. If you do not want to provide the keys, you can create these IAM roles manually before you begin the installation. To learn how to create required IAM roles, see Required IAM Permissions.

    To launch Veeam Backup for AWS from the AMI:

    1. Log in to AWS Management Console using credentials of an AWS account in which you plan to install Veeam Backup for AWS.

    You can install Veeam Backup for AWS in the production site — in the AWS account where resources that you plan to back up reside. It is recommended, however, that you use a separate AWS account for Veeam Backup for AWS installation. In this case, if a disaster strikes in the production site, you will still be able to access Veeam Backup for AWS and perform recovery operations.

    1. Use the region selector in the upper-right corner of the page to select an AWS Region in which the EC2 instance running Veeam Backup for AWS will reside.

    For more information on AWS Regions, see AWS Documentation.

    1. In the AWS services section, expand the All services menu and navigate to Compute > EC2.
    2. On the EC2 Dashboard tab, click Launch instance > Launch instance. The launch instance wizard will open.

    Launch Instance

    1. At the Choose an Amazon Machine Image (AMI) step of the wizard, open the Community AMIs tab. Then, in the search field, type veeam-aws and press [ENTER] on the keyboard.

    Choose the necessary product edition (Free, Paid or BYOL) and click Select. For more information on product editions, see Licensing.

    Launch Instance

    1. At the Choose an Instance Type step of the wizard, select an EC2 instance type for the backup appliance. The minimum recommended EC2 instance type is t2.medium.

    Installing Veeam Backup for AWS from AMI 

    1. At the Configure Instance Details of the wizard, do the following:
    1. In the Network and Subnet sections, specify an Amazon VPC and subnet to which the backup appliance will be connected. You can either select an existing Amazon VPC and subnet, or create a new Amazon VPC and subnet.

    For more information on Amazon VPCs and subnets, see AWS Documentation.

    Important

    Consider the following:

    • The specified Amazon VPC and subnet must have the outbound internet access to AWS services listed in the Requirements section. Otherwise, Veeam Backup for AWS may not work properly and unexpected errors may occur.
    • The specified Amazon VPC and subnet must allow the inbound internet access from the local machine from which you plan to access Veeam Backup for AWS.

    To learn how to enable internet access for Amazon VPCs and subnets, see AWS Documentation.

    1. From the Auto-assign Public IP drop-down list, select Enable.
    2. [Applies if you have created IAM roles required for the product installation manually as described in section Required IAM Permissions] In the IAM role section, select an IAM role (Impersonation IAM role) that must be attached to the backup appliance. This role will allow Veeam Backup for AWS to assume IAM roles used to perform backup and restore operations. For more information on using IAM roles in Veeam Backup for AWS, see Managing IAM Roles.
    3. Configure additional settings for the backup appliance to meet your organization requirements. To learn how to configure Amazon Linux instances, see AWS Documentation.

    Installing Veeam Backup for AWS from AMI 

    1. At the Add Storage step of the wizard, storage settings are preconfigured by Veeam Backup for AWS, and it is not recommended to change them. Review the settings and click Next: Add Tags.

    Installing Veeam Backup for AWS from AMI 

    1. At the Add Tags step of the wizard, you can specify AWS tags that will be assigned to the backup appliance (for example, you can specify a name that will help you easily identify and locate the appliance).

    Installing Veeam Backup for AWS from AMI 

    1. At the Configure Security Group step of the wizard, create a security group — virtual firewall for the backup appliance that will control inbound and outbound traffic. To do that, select the Create a new security group option and add a new inbound rule for HTTPS traffic. To do this:
    1. Click Add Rule.
    2. Select HTTPS from the Type drop-down list and enter 443 in the Port Range field.
    3. In the Source column, specify IPv4 address ranges from which Veeam Backup for AWS Web UI will be accessible.

    Make sure the IPv4 address of the local machine from which you plan to access Veeam Backup for AWS lies within the specified IPv4 ranges.

    IPv4 address ranges must be specified in the CIDR notation (for example, 12.23.34.0/24). To allow unrestricted access to the backup appliance, you can specify 0.0.0.0/0. However, the latter is not recommended since unrestricted access to Veeam Backup for AWS can violate your organization security policy.

    You can also select an existing security group that will be associated with the backup appliance. In this case, make sure the selected security group allows access to AWS services listed in the Requirements section.

    Installing Veeam Backup for AWS from AMI 

    1. At the Review step of the wizard, review the configured settings and click Launch.

    Right after installation, you must perform the initial configuration of Veeam Backup for AWS. For more information, see After You Install.