Installing Veeam Backup for AWS from AMI
While installing Veeam Backup for AWS from the Amazon Machine Image (AMI), you will be asked to provide one-time access keys of an IAM user to allow Veeam Backup for AWS create the IAM roles required for the backup appliance configuration. If you do not want to provide the keys, you can create these IAM roles manually before you begin the installation. To learn how to create required IAM roles, see Required IAM Permissions.
To launch Veeam Backup for AWS from the AMI:
- Log in to AWS Management Console using credentials of an AWS account in which you plan to install Veeam Backup for AWS.
You can install Veeam Backup for AWS in the production site — in the AWS account where resources that you plan to back up reside. It is recommended, however, that you use a separate AWS account for Veeam Backup for AWS installation. In this case, if a disaster strikes in the production site, you will still be able to access Veeam Backup for AWS and perform recovery operations.
- Use the region selector in the upper-right corner of the page to select an AWS Region in which the EC2 instance running Veeam Backup for AWS will reside.
For more information on AWS Regions, see AWS Documentation.
- In the AWS services section, expand the All services menu and navigate to Compute > EC2.
- On the EC2 Dashboard tab, click Launch instance > Launch instance. The launch instance wizard will open.
- At the Choose an Amazon Machine Image (AMI) step of the wizard, open the Community AMIs tab. Then, in the search field, type veeam-aws and press [ENTER] on the keyboard.
Choose the necessary product edition (Free, Paid or BYOL) and click Select. For more information on product editions, see Licensing.
- At the Choose an Instance Type step of the wizard, select an EC2 instance type for the backup appliance. The minimum recommended EC2 instance type is t2.medium.
- At the Configure Instance Details of the wizard, do the following:
- In the Network and Subnet sections, specify an Amazon VPC and subnet to which the backup appliance will be connected. You can either select an existing Amazon VPC and subnet, or create a new Amazon VPC and subnet.
For more information on Amazon VPCs and subnets, see AWS Documentation.
Consider the following:
To learn how to enable internet access for Amazon VPCs and subnets, see AWS Documentation.
- From the Auto-assign Public IP drop-down list, select Enable.
- [Applies if you have created IAM roles required for the product installation manually as described in section Required IAM Permissions] In the IAM role section, select an IAM role (Impersonation IAM role) that must be attached to the backup appliance. This role will allow Veeam Backup for AWS to assume IAM roles used to perform backup and restore operations. For more information on using IAM roles in Veeam Backup for AWS, see Managing IAM Roles.
- Configure additional settings for the backup appliance to meet your organization requirements. To learn how to configure Amazon Linux instances, see AWS Documentation.
- At the Add Storage step of the wizard, storage settings are preconfigured by Veeam Backup for AWS, and it is not recommended to change them. Review the settings and click Next: Add Tags.
- At the Add Tags step of the wizard, you can specify AWS tags that will be assigned to the backup appliance (for example, you can specify a name that will help you easily identify and locate the appliance).
- At the Configure Security Group step of the wizard, create a security group — virtual firewall for the backup appliance that will control inbound and outbound traffic. To do that, select the Create a new security group option and add a new inbound rule for HTTPS traffic. To do this:
- Click Add Rule.
- Select HTTPS from the Type drop-down list and enter 443 in the Port Range field.
- In the Source column, specify IPv4 address ranges from which Veeam Backup for AWS Web UI will be accessible.
Make sure the IPv4 address of the local machine from which you plan to access Veeam Backup for AWS lies within the specified IPv4 ranges.
IPv4 address ranges must be specified in the CIDR notation (for example, 126.96.36.199/24). To allow unrestricted access to the backup appliance, you can specify 0.0.0.0/0. However, the latter is not recommended since unrestricted access to Veeam Backup for AWS can violate your organization security policy.
You can also select an existing security group that will be associated with the backup appliance. In this case, make sure the selected security group allows access to AWS services listed in the Requirements section.
- At the Review step of the wizard, review the configured settings and click Launch.
Right after installation, you must perform the initial configuration of Veeam Backup for AWS. For more information, see After You Install.