Deploying Veeam Backup & Replication from AMI

Veeam Backup & Replication is deployed on a single EC2 instance. The EC2 instance is created during the product deployment.

To deploy Veeam Backup & Replication from the AMI:

  1. Log in to the AWS Management Console using credentials of an AWS account in which you plan to deploy Veeam Backup & Replication.


Do not use the root user for login when deploying Veeam Backup & Replication. Deployment or operation of Veeam Backup & Replication does not require the use of root privileges.

You can deploy Veeam Backup & Replication in the production site — in the AWS account where resources that you plan to back up reside. It is recommended, however, that you use a separate AWS account for Veeam Backup & Replication deployment. In this case, if a disaster strikes in the production site, you will still be able to access Veeam Backup & Replication and perform recovery operations.

  1. Use the region selector in the upper-right corner of the page to select an AWS Region where the EC2 instance running Veeam Backup & Replication will reside.

For more information on AWS Regions, see AWS Documentation.

  1. In the AWS services section, expand the All services menu and navigate to Compute > EC2.
  2. On the EC2 Dashboard tab, click Launch instance > Launch instance. The Launch an instance wizard will open.

Launching Instance

  1. At the Name and tags step of the wizard, specify the EC2 instance name. Add additional tags, if required.

Specifying Instance Name

  1. At the Application and OS Images (Amazon Maching Image) step of the wizard, choose an AMI that will be used to deploy the solution. To do that, type veeam backup & replication in the search field and press [ENTER]. You will be redirected to the Choose an Amazon Machine Image (AMI) page.

Searching AMI

  1. Select the AWS Marketplace AMIs tab and select the Veeam Backup & Replication solution.

Selecting AMI

  1. Click Continue to confirm the selected AMI.

Confirming AMI Selection

  1. At the Instance type step of the wizard, select an EC2 instance type for the backup solution. The minimum recommended EC2 instance type is m5.xlarge.

Selecting Instance Type

  1. In the Key pair (login) section, select a key pair to use for login. If necessary, you can create a new key pair as described in AWS Documentation.

Selecting Key Pair

  1. At the Network settings step of the wizard, do the following:
  1. In the Network and Subnet fields, specify an Amazon VPC and subnet to which the backup appliance will be connected. You can either select an existing Amazon VPC and subnet, or create a new Amazon VPC and subnet.

For more information on Amazon VPCs and subnets, see AWS Documentation.


Mind that no public access is required to use Veeam Backup & Replication unless you plan to access the Veeam Backup & Replication server from the internet. If the access over the internet is required, ensure that the specified Amazon VPC and subnet allow the inbound internet access from the local machine that you plan to use to access Veeam Backup & Replication in AWS.

To learn how to enable internet access for Amazon VPCs and subnets, see AWS Documentation.

  1. From the Auto-assign public IP drop-down list, select Enable.
  2. At the Network settings step of the wizard, choose a security group that will control the inbound and outbound traffic for the Veeam Backup & Replication instance. You can either associate an existing security group with the instance or create a new security group.
  • If you choose an existing security group, make sure it allows access to the Amazon Simple Storage Service (S3) AWS service.
  • If you choose to create a new security group, you may want to modify the default inbound rule for the RDP traffic. To do that, from the drop-down list next to the Allow RDP traffic from check box, select My IP or select Custom and specify the IPv4 address ranges from which Veeam Backup & Replication will be accessible.

Make sure the IPv4 address of the local machine from which you plan to access Veeam Backup & Replication lies within the specified IPv4 ranges.

IPv4 address ranges must be specified in the CIDR notation (for example, To allow unrestricted access to the backup appliance, you can specify However, the latter is not recommended since unrestricted access to Veeam Backup & Replication can violate your organization security policy.

Specifying Network Settings

  1. At the Configure storage step of the wizard, review the preconfigured storage settings and proceed to the next step. For technical reasons, it is not recommended to change these settings.


AWS encryption of the root volume is not required as all the data can be encrypted by means of Veeam Backup & Replication. For more information, see Security Considerations.
However, you may use AWS encryption mechanisms. For more information, see AWS Documentation.

Configuring Storage

  1. Skip the Advanced details step of the wizard.
  2. In the Summary section, review the configured settings and click Launch instance.

Right after installation, you must perform a number of additional actions for the backup appliance configuration. For more information, see After You Install.