Authorization and Security
Right after you install Veeam Backup for AWS, you must create the Default Administrator to access the Veeam Backup for AWS Web UI and REST API.
To start working with the Veeam Backup for AWS REST API, users must first authenticate themselves and get authorization to make requests. Veeam Backup for AWS controls access to its functionality with the help of user roles. A role defines what operations users can perform and what range of data is available to them in the Veeam Backup for AWS REST API. For more information on user roles, see the Veeam Backup for AWS User Guide, section Managing Permissions.
Veeam Backup for AWS REST API authorization process is based on the OAuth 2.0 Authorization Framework and involves obtaining an access token and a refresh token.
- Access token is a string that represents authorization issued to the client and that must be used in all requests during the current logon session.
- Refresh token is a string that represents authorization granted to the client and that can be used to obtain a new access token if the current access token expires or becomes lost.
By default, the Veeam Backup for AWS REST API access token expires in 1 hour, refresh token expires in 2 hours. You can change the token lifetime policy to meet the necessary security requirements. For more information, see Configuring Security Settings.
For increased security, Veeam Backup for AWS allows you to use multi-factor authentication (MFA) to verify user identity. It is recommended to enable MFA for Veeam Backup for AWS users. For more information, see Multi-Factor Authentication or the Veeam Backup for AWS User Guide, section Configuring Multi-Factor Authentication.
In This Section