Before you start using Veeam Backup for AWS, consider the following requirements.
The following network ports must be open to ensure proper communication of components in the backup infrastructure of Veeam Backup for AWS.
Web browser (local machine)
Port used for communication with Veeam Backup for AWS Web UI.
Command port used for communication with the backup server.
Port used for communication with the Veeam Backup browser on the worker instance in the file-level restore process.
Command port used for communication with a worker instance.
Port used for communication with the worker instance in the file-level restore process.
To open network ports, in the AWS Management Console, you must add inbound rules to security groups associated with backup infrastructure components.
- A security group for the backup server is created during the product installation. For details, see Installing Veeam Backup for AWS.
- A security group for worker instances is selected per AWS region and Availability Zone. For details, see Configuring Worker Instance Settings.
For details on how to add inbound rules to security groups, see AWS Documentation.
To access Veeam Backup for AWS, you can use any of the following web browsers: Microsoft Edge 40 or later, Mozilla Firefox 56 or later, Google Chrome 62 or later.
IAM roles that Veeam Backup for AWS uses to perform data protection and disaster recovery operations must have permissions to access AWS resources. The minimal set of permissions for IAM roles is described in the following Veeam KB articles: KB3032, KB3033, KB3034.
Backup infrastructure components (the backup server and worker instances) must have outbound internet access to the following AWS services:
- Amazon CloudWatch
- Amazon Elastic Compute Cloud (EC2)
- Amazon Simple Notification Service (SNS)
- Amazon Simple Queue Service (SQS)
- Amazon Simple Storage Service (S3)
- AWS Identity and Access Management (IAM)
- AWS Key Management Service (KMS)
- AWS Marketplace Metering Service
- AWS Security Token Service (STS)
- AWS Service Quotas
- AWS Systems Manager (SSM)
Endpoints supported for AWS services are listed in AWS Documentation.