Configuring Security Settings
The Veeam Backup for AWS REST API has the following default security settings:
- Access token lifetime is 1 hour (3600 seconds).
- Refresh token lifetime is 1 hours.
- Authorization code lifetime is 60 seconds.
- REST API port number is 11005.
However, you can change token and authorization code lifetime defaults and the REST API port number to meet the necessary security requirements. To do that:
- Connect to the EC2 instance where Veeam Backup for AWS is installed. Use the following command:
ssh -i /path/EC2_instance.pem key ubuntu@<Public DNS hostname or IPv4 address of the EC2 instance>
- On the EC2 instance where Veeam Backup for AWS is installed, navigate to /lib/systemd/system. Use the following command:
- Open the veeamawsbackuprestfulapi.service configuration file in Nano or any other editor. Use the following command:
sudo nano veeamawsbackuprestfulapi.service
- To change token and authorization code lifetime policy, add the VEEAM_ACCESS_TOKEN_LIFTIME_SEC, VEEAM_REFRESH_TOKEN_LIFTIME_DAYS and VEEAM_AUTHORIZATION_CODE_LIFETIME_SECONDS variables to the file, and set their values.
- To change the REST API port number, locate the VEEAM_PUBLIC_REST_PORT variable in the file, and set the new value.
- Save the changes.
- Restart the veeamawsbackuprestfulapi service to apply the changes. Use the following commands:
sudo systemctl daemon-reload
sudo systemctl restart veeamawsbackuprestfulapi.service