System Requirements

In this article

    Before you start using Veeam Backup for AWS, consider the following requirements.

    Network Ports

    The following network ports must be open to ensure proper communication of components in the Veeam Backup for AWS infrastructure.

    From

    To

    Protocol

    Port

    Notes

    Web browser (local machine)

    Backup appliance

    TCP

    443

    Required to access the Web UI component from a user workstation.

    SSH

    22

    Required to communicate with the backup service running on the backup appliance.

    TCP

    11005

    Default port required to communicate with the REST API service running on the backup appliance.

    For information on how to change the port number, see the Configuring Security Settings section in the Veeam Backup for AWS REST API Reference.

    Worker instance

    TCP

    443

    Required to access the File Level Recovery for Veeam Backup browser running on a worker instance during the file-level restore process.

    Backup appliance

    SMTP server

    TCP

    25

    Default port used for sending email notifications.

    Veeam Update Notification Server (repository.veeam.com)

    TCP

    443

    Required to download information on available product updates.

    To open network ports, in the AWS Management Console, you must add inbound rules to security groups associated with Veeam Backup for AWS infrastructure components.

    For details on how to add inbound rules to security groups, see AWS Documentation.

    IAM Role Permissions

    IAM roles that Veeam Backup for AWS uses to perform data protection and disaster recovery operations must have permissions to access AWS services and resources. The minimal set of permissions for IAM roles is described in the following Veeam KB articles: KB3032, KB3033, KB3034.

    AWS Services

    The backup appliance and worker instances must have outbound internet access to the following AWS services: