AWS Services

To perform backup and restore operations, the AWS Plug-In for Veeam Backup & Replication, backup appliance and worker instances must have outbound internet access to the following AWS services.

AWS Services Required For AWS Plug-In for Veeam Backup & Replication

Additionally, consider the following requirement:

If you plan to deploy a backup appliance with a public IP address, consider that outbound internet access must be allowed from the backup server to https://checkip.amazonaws.com/ through port 443 over the HTTPS protocol — this is required for AWS Plug-in for Veeam Backup & Replication to be able to retrieve the IP address of the backup appliance.

AWS Services Required For Backup Appliance

Additionally, consider the following requirements:

  • For Veeam Backup for AWS to be able to deploy worker instances when performing RDS image-level backup operations, outbound internet access must be allowed from the backup appliance to the TrustStore through port 443 over the HTTPS protocol to download the following certificate authority (CA) certificates https://truststore.pki.us-gov-west-1.rds.amazonaws.com/global/global-bundle.pem (for AWS GovCloud (US) regions) and https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem (for AWS commercial regions).
  • For Veeam Backup for AWS to be able to receive information on the cost of EC2 and RDS services while performing EC2 and RDS backup and restore operations, outbound internet access must be allowed from the backup appliance to the AWS Pricing API through port 443 over the HTTPS protocol to download .JSON file from https://pricing.us-east-1.amazonaws.com.
  • For Veeam Backup for AWS to be able to retrieve the names of AWS Regions, outbound internet access must be allowed from the backup appliance to the AWS Service Health Dashboard (https://status.aws.amazon.com) through port 443 over the HTTPS protocol.

AWS Services Required For Worker Instances

Important

If you plan to configure an HTTP proxy for the backup appliance, make sure that the security group associated with the proxy server allows direct network traffic required to communicate with the AWS services.

Backup Infrastructure

Page updated 4/28/2025

Page content applies to build 9.0.0.304