Veeam Backup for AWS 10
User Guide
Related documents
Search

Considerations and Limitations

When you plan to deploy and configure Veeam Backup for AWS, keep in mind the following limitations and considerations.

Deployment

When deploying backup appliances, consider the following:

  • Veeam Backup for AWS is available only in AWS Global and AWS GovCloud (US) regions.
  • You can deploy Veeam Backup for AWS within a single Availability Zone only.
  • To ensure successful deployment and installation of Veeam Backup for AWS, customers are encouraged to make sure they are operating within AWS service quotas. For more information, see AWS Documentation.

Licensing

If the Paid license is not installed, Veeam Backup for AWS will operate in the Free edition allowing you to protect up to 10 instances free of charge. For more information, see Licensing.

Hardware

The minimum recommended EC2 instance type for the backup appliance is t3.medium, and the supported AMI architecture is x86_64. For the list of all existing instance types, see AWS Documentation.

Software

To access Veeam Backup for AWS, use Microsoft Edge (latest version), Mozilla Firefox (latest version) or Google Chrome (latest version). Internet Explorer is not supported.

Security Certificates

Veeam Backup for AWS supports certificates only in the .PFX and .P12 formats.

Backup Repositories

When managing backup repositories, consider the following:

When you add a backup repository of the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage class, Veeam Backup for AWS does not create any S3 Glacier vaults in your AWS environment — it assigns the selected storage class to backups stored in the repository. That is why these backups remain in Amazon S3 and cannot be accessed directly through the Amazon S3 Glacier service.

If you enable S3 Object Lock for a bucket that is already used as a target location for image-level backups, Veeam Backup for AWS will not be able to continue creating backups and storing them in an existing backup repository.

If you use a KMS key to encrypt a repository, do not disable or delete this key. Otherwise, Veeam Backup for AWS will not be able to encrypt and decrypt data stored in the repository.

  • After you create a repository with encryption enabled, you will not be able to disable encryption for this repository. However, you will still be able to change the encryption settings as described in section Editing Backup Repository Settings.
  • Backup repositories must not be managed by multiple backup appliances simultaneously. Retention sessions running on different backup appliances may corrupt backups stored in the repositories, which may result in unpredictable data loss.
  • Veeam Backup for AWS preserves all backup files previously stored in Amazon S3 buckets that are no longer used as backup repositories.

If you no longer need the backed-up data, either delete it as described in sections Removing EC2 Backups and Snapshots, Removing RDS Backups and Snapshots and Removing VPC Configuration Backups before you remove the repositories from Veeam Backup for AWS, or use the AWS Management Console to delete the data if the repositories have already been removed.

AWS Organizations

When performing data protection operations with resources within AWS Organizations, consider the following:

EC2 Backup

When protecting EC2 instances, consider the following:

When Veeam Backup for AWS backs up EC2 instances with IPv6 addresses assigned, it does not save the addresses. That is why when you restore these instances, IP addresses are assigned according to the settings specified in AWS for the subnet to which the restored instances will be connected.

  • Veeam Backup for AWS may fail to create image-level backups of EC2 instances with product codes if the AMIs that were used to deploy the instances do not support the type of worker instances deployed for the backup operation. To work around the issue, modify the worker profile to choose another instance type, as described in section Managing Worker Profiles.
  • [Applies only to image-level backups and file-level recovery from cloud-native snapshots] Veeam Backup for AWS does not support creating image-level backups and restoring EC2 instances with product codes that have vendor restrictions preventing root EBS volumes from being attached to worker instances as secondary volumes. To learn how Veeam Backup for AWS performs EC2 backup, see Protecting EC2 Instances.
  • Veeam Backup for AWS does not support creating cloud-native snapshots and image-level backups for EC2 instances with arm64 architecture that were deployed using AMIs containing product codes.
  • Veeam Backup for AWS runs retention sessions for scheduled-based backup policies at 4:00 AM by default, according to the time zone set on the backup appliance. If you schedule backup policies to execute at 4:00 AM, the backup policies and retention tasks will be queued.
  • Since Veeam Backup for AWS runs retention sessions for SLA-based backup policies as soon as it finalizes the backup window in all protected regions, it is recommended that you estimate how long it may take for Veeam Backup for AWS to complete a retention session first, and then configure a backup window. Otherwise, Veeam Backup for AWS will not be able to run retention sessions, and obsolete data will not be removed from the configuration database and backup repositories.

RDS Backup

When protecting RDS resources, consider the following:

For the list of supported PostgreSQL versions, see Protecting RDS Resources.

  • For Veeam Backup for AWS to be able to create image-level backups for PostgreSQL DB instances, make sure that security groups associated with worker instances allow outbound HTTPS traffic from the worker instances through port 443 to download a certificate bundle for establishing SSL/TLS connections. For more information on certificate bundles for AWS Regions, see AWS Documentation.
  • Veeam Backup for AWS supports creating image-level backups for Microsoft SQL Server DB instances only if each hosted database is no larger than 5 TiB.
  • Veeam Backup for AWS does not support creating cloud-native snapshots for PostgreSQL DB clusters with Multi-AZ DB cluster deployment and IBM Db2 DB instances.
  • Veeam Backup for AWS does not support creating cloud-native snapshots for Aurora PostgreSQL Limitless Database clusters.
  • Veeam Backup for AWS does not support creating image-level backups for Microsoft SQL Server DB instances that host system databases only.
  • Veeam Backup for AWS does not support creating image-level backups for Aurora PostgreSQL clusters.
  • Veeam Backup for AWS does not support creating archived backups for Microsoft SQL Server DB instances.
  • Veeam Backup for AWS runs retention sessions at 4:00 AM by default, according to the time zone set on the backup appliance. If you schedule backup policies to execute at 4:00 AM, the backup policies and retention tasks will be queued.

Redshift Clusters Backup

When protecting Redshift clusters, consider the following:

For Veeam Backup for AWS to be able to create cloud-native backups of Redshift clusters, you must enable the Opt-in service for the Redshift resource type in the AWS Backup settings. Otherwise, Veeam Backup for AWS will automatically enable the service for each AWS Region specified in the backup policy settings in your AWS account while performing backup operations. For more information on considerations for using AWS Backup with Amazon Redshift, see AWS Documentation.

  • Veeam Backup for AWS runs retention sessions at 4:00 AM by default, according to the time zone set on the backup appliance. If you schedule backup policies to execute at 4:00 AM, the backup policies and retention tasks will be queued.

Redshift Serverless Backup

When protecting Redshift Serverless namespaces, consider the following:

DynamoDB Backup

When protecting DynamoDB tables, consider the following:

For Veeam Backup for AWS to be able to create cloud-native backups for DynamoDB tables, you must configure the AWS Backup settings to enable both the Opt-in service and the advanced features for Amazon DynamoDB backups. Otherwise, Veeam Backup for AWS will automatically enable these settings for each AWS Region specified in the backup policy settings in your AWS account while performing backup operations. For more information on advanced DynamoDB backup, see AWS Documentation.

  • Veeam Backup for AWS uses the AWS Backup service to create DynamoDB backups and backup copies. The DynamoDB backup service is not supported.
  • Veeam Backup for AWS runs retention sessions at 4:00 AM by default, according to the time zone set on the backup appliance. If you schedule backup policies to execute at 4:00 AM, the backup policies and retention tasks will be queued.

EFS Backup

When protecting EFS file systems, consider the following:

  • Indexing of the backed up EFS file systems is not supported in the Free edition of Veeam Backup for AWS. For more information on license editions, see Licensing.
  • Veeam Backup for AWS runs retention sessions at 4:00 AM by default, according to the time zone set on the backup appliance. If you schedule backup policies to execute at 4:00 AM, the backup policies and retention tasks will be queued.

FSx Backup

When protecting FSx file systems, consider the following:

For Veeam Backup for AWS to be able to create cloud-native backups for FSx file systems, you must enable the Opt-in service for the FSx resource type in the AWS Backup settings. Otherwise, Veeam Backup for AWS will automatically enable the service for each AWS Region specified in the backup policy settings in your AWS account while performing backup operations.

  • Veeam Backup for AWS does not support creating cloud-native backups for Amazon FSx for Lustre file systems with the Scratch deployment type.
  • Veeam Backup for AWS uses the AWS Backup service to create FSx backups and backup copies. The AWS Backup service does not support creating backup copies of FSx backups stored in Opt-in Regions.
  • Veeam Backup for AWS runs retention sessions at 4:00 AM by default, according to the time zone set on the backup appliance. If you schedule backup policies to execute at 4:00 AM, the backup policies and retention tasks will be queued.

VPC Backup

When protecting VPC configurations, consider the following:

EC2 Restore

When restoring EC2 instances, consider the following:

  • Veeam Backup for AWS does not support restoring EC2 instances to the original location if the source instances with termination protection and stop protection enabled still exist in AWS.
  • When restoring multiple EC2 instances that have the same EBS volume attached, Veeam Backup for AWS restores one volume per each instance and enables the Multi-Attach option for every restored volume. For more information on Amazon EBS Multi-Attach, see AWS Documentation.

RDS Restore

When restoring RDS resources, consider the following

  • [Applies only if you perform restore from image-level backups of Microsoft SQL Server and PostgreSQL DB instances] The database account specified for the restore operation will become the owner of all restored databases.
  • [Applies only if you perform restore from image-level backups of Microsoft SQL Server DB instances] Veeam Backup for AWS does not support restoring databases that contain the FILESTREAM file group.
  • [Applies only if you perform restore from image-level backups of Microsoft SQL Server DB instances] Veeam Backup for AWS does not support restoring databases of DB instances that have a zero backup retention period to DB instances that have a nonzero retention period due to the incompatibility in database recovery models. This is the expected behavior caused by AWS technical limitations.
  • [Applies only if you perform restore from image-level backups of Microsoft SQL Server DB instances] The target DB instance must run the same or a later engine version as the source DB instance. Otherwise, the restore operation will fail to complete successfully.
  • [Applies only if you perform restore from image-level backups of PostgreSQL DB instances] Veeam Backup for AWS does not support restoring original database accounts, including their predefined roles and access privileges. Therefore, you will have to manually recreate these accounts on the restored databases and reassign their privileges after the restore process completes.

 

  • When restoring Aurora DB clusters to a new location, Veeam Backup for AWS creates only primary DB instances in the restored clusters. Additional writer DB instances (for Aurora multi-master clusters) or Aurora Replicas (for Aurora DB clusters with single-master replication) must be added manually in the AWS Management Console after the restore operation completes. To learn how to add DB instances to Amazon Aurora DB clusters, see AWS Documentation.

Redshift Restore

When restoring Redshift clusters, consider the following:

  • Veeam Backup for AWS supports restoring Amazon Redshift clusters only to the same AWS accounts to which the source clusters belong and the same AWS Region where the source clusters reside.
  • Veeam Backup for AWS does not support restoring Amazon Redshift clusters with the Multi-AZ deployment.

Redshift Serverless Restore

When restoring Redshift Serverless namespaces, consider the following:

  • Veeam Backup for AWS supports restoring Amazon Redshift Serverless namespaces only to the same AWS accounts to which the source namespaces belong and the same AWS Region where the source namespaces reside.
  • Veeam Backup for AWS does not support restoring Amazon Redshift Serverless namespaces to provisioned clusters.
  • Veeam Backup for AWS does not support restoring tables of Amazon Redshift Serverless namespaces.

DynamoDB Restore

When restoring DynamoDB tables, consider the following:

  • Veeam Backup for AWS supports restoring DynamoDB tables only to the same AWS account to which the source tables belong.
  • The AWS Backup service does not support copying DynamoDB cloud-native backups stored in a cold storage tier to another AWS Region. These means that you will only be able to use these backups to restore tables to the same AWS Region in which the backups reside after being transitioned from a warm storage tier.
  • You can change the Time to Live (TTL) setting for DynamoDB tables only an hour after the restore operation completes.

EFS Restore

Veeam Backup for AWS supports restoring EFS file systems only to the same AWS account to which the source file systems belong.

FSx Restore

When restoring FSx file systems, consider the following:

  • Veeam Backup for AWS supports restoring FSx file systems only to the same AWS accounts to which the source file systems belong.
  • Veeam Backup for AWS does not support restoring Amazon FSx for Windows File Server file systems that use AWS Secrets Manager to store service account credentials when joined to a self-managed Microsoft Active Directory (AD).

VPC Restore

When restoring VPC configurations, consider the following:

  • Veeam Backup for AWS does not support restoring entire VPC configurations to a new location for the following VPC configuration items: Client VPN endpoints, customer gateways and load balancer listeners that use authentication certificates and specific components of route tables (core networks, routes to local gateways, network interfaces, instances and carrier gateways).
  • Veeam Backup for AWS does not support restoring specific VPC configuration items to a new location.

SureBackup

Starting from version 10, Veeam Backup for AWS supports the SureBackup functionality for backup appliances managed by Veeam Backup & Replication servers. However, this functionality is limited at the moment — you can perform backup verification and content scan only. Also, consider that since SureBackup performs backup integrity check and extensive content analysis, it requires additional data to be read from AWS, which may incur an increase in the associated costs.

For more information on SureBackup, see the Veeam Backup & Replication User Guide, section Recovery Verification.

Page updated 11/19/2025

Page content applies to build 10.0.0.233

View all results across Veeam Help Center
Back to document search