Configuring Security Settings

In this article

    The Veeam Backup for AWS REST API has the following default security settings:

    • Access token lifetime is 1 hour (3600 seconds).
    • Refresh token lifetime is 1 hours.
    • Authorization code lifetime is 60 seconds.
    • REST API port number is 11005.

    However, you can change token and authorization code lifetime defaults and the REST API port number to meet the necessary security requirements. To do that:

    1. Connect to the EC2 instance where Veeam Backup for AWS is installed. Run the following command:

    ssh -i /path/EC2_instance.pem key ubuntu@<Public DNS hostname or IPv4 address of the EC2 instance>

    1. On the EC2 instance where Veeam Backup for AWS is installed, create an override file. Run the following command:

    sudo systemctl edit veeamawsbackuprestfulapi.service

    1. To change token, authorization code lifetime policy the REST API port number, add the following variables to the file, and set their values.

    [Service]

    Environment=VEEAM_PUBLIC_REST_PORT=<value>

    Environment=VEEAM_ACCESS_TOKEN_LIFTIME_SEC=<value>

    Environment=VEEAM_REFRESH_TOKEN_LIFTIME_DAYS=<value>

    Environment=VEEAM_AUTHORIZATION_CODE_LIFETIME_SECONDS=<value>

    1. Save the changes.
    1. Restart the veeamawsbackuprestfulapi service to apply the changes. Run the following commands:

    sudo systemctl daemon-reload

    sudo systemctl restart veeamawsbackuprestfulapi.service