Authorization and Security

In this article

    Important

    Right after you install Veeam Backup for AWS, you must create the default user to access the Veeam Backup for AWS Web UI and REST API.

    To learn how to create the default user, see First Login (if you deployed Veeam Backup for AWS from AWS Marketplace) or Initial Configuration (if you deployed Veeam Backup for AWS from the Amazon Machine Image). To perform the operation using the Web UI, see the Veeam Backup for AWS User Guide, sections After You Install and Initial Configuration. For more information on the Veeam Backup for AWS deployment, see the Veeam Backup for AWS User Guide, section Deployment.

    To start working with the Veeam Backup for AWS REST API, users must first authenticate themselves and get authorization to make requests. Veeam Backup for AWS controls access to its functionality with the help of user roles. A role defines what operations users can perform and what range of data is available to them in the Veeam Backup for AWS REST API. For more information on user roles, see  the Veeam Backup for AWS User Guide, section Managing Permissions.

    Veeam Backup for AWS REST API authorization process is based on the OAuth 2.0 Authorization Framework and involves obtaining an access token and a refresh token.

    • Access token is a string that represents authorization issued to the client and that must be used in all requests during the current logon session.
    • Refresh token is a string that represents authorization granted to the client and that can be used to obtain a new access token if the current access token expires or becomes lost.

    By default, the Veeam Backup for AWS REST API access token expires in 1 hour, refresh token expires in 2 hours. You can change the token lifetime policy to meet the necessary security requirements. For more information, see Configuring Security Settings.

    For increased security, Veeam Backup for AWS allows you to use multi-factor authentication (MFA) to verify user identity. It is recommended to enable MFA for Veeam Backup for AWS users. For more information, see Multi-Factor Authentication or the Veeam Backup for AWS User Guide, section Configuring Multi-Factor Authentication.

    In This Section