Configuring Security Settings

The Veeam Backup for AWS REST API has the following default security settings:

  • Access token lifetime is 1 hour (3600 seconds).
  • Refresh token lifetime is 2 hours.
  • Authorization code lifetime is 60 seconds.
  • REST API port number is 11005.

However, you can change token and authorization code lifetime defaults and the REST API port number to meet the necessary security requirements. To do that:

  1. Connect to the EC2 instance where Veeam Backup for AWS is installed. To do that, run the following ssh command in a terminal window:

ssh -i /path/EC2_instance.pem key ubuntu@<Public DNS hostname or IPv4 address of the EC2 instance>

  1. To change token and authorization code lifetime defaults, do the following:
  1. Create an override file. To do that, run the following command:

sudo systemctl edit veeamawsbackuprestfulapi.service

  1. Add the following variables to the file, and set their values:

[Service]

Environment=VEEAM_ACCESS_TOKEN_LIFETIME_SEC=<value>

Environment=VEEAM_REFRESH_TOKEN_LIFETIME_DAYS=<value>

Environment=VEEAM_AUTHORIZATION_CODE_LIFETIME_SECONDS=<value>

  1. Save the changes.
  1. Restart the veeamawsbackuprestfulapi service to apply the changes. To do that, run the following commands:

sudo systemctl daemon-reload

sudo systemctl restart veeamawsbackuprestfulapi.service

  1. To change the REST API port number, do the following:
  1. Open the veeam-backup-publicapi-port configuration file. To do that, run the following command:

sudo nano /etc/nginx/sites-available/veeam-backup-publicapi-port.conf

  1. Set the new port number. To do that, run the following command:

listen <port_number> ssl;

  1. Save the changes.
  1. Restart the nginx service to apply the changes. To do that, run the following command:

sudo service nginx restart