Learn about AWS Connector Console

How to use the AWS Connector for SAP Management Console #

Overview #

This section provides information about all configuration tabs available in the AWS Connector for SAP Management Console. It will help you understand every possible scenario configuration.

To start AWS Connector Console, open Transaction /LNKAWS/S4MANAGER from your SAP Server.

Topics #

1. System Status #

The main tab in the AWS Connector for SAP Console will give you a quick look of the Add-on configuration status. The system will check all the prerequisites needed for the correct behaviour of the Console.

Tests performed are:

  • Product successfully licensed. System must be licensed before you can start working with it. This test will give you any information regarding the license status.
  • HTTP service exists and is active. HTTP service is used for internal communications for Content Repository or Archive Server purposes.
  • HTTPS service exists and is active. HTTPS service should be up for any communication between your SAP Server and AWS.
  • Command ZOPENSSL has been created. (Only for automated certificate management). OpenSSL is installed in your server and reachable from SAP.
  • Command WGET has been created. (Only for automated certificate management). WGET is installed in your server and reachable from SAP.
  • Job /LNKAWS/STRUST job is scheduled. (Only for automated certificate management). Certificates expiration dates are check with this job and update them if needed.
  • AWSCONNECTOR_S3 service exists in SICF. AWSCONNECTOR_S3 SICF service needed for Content Repository and Archive Server purposes is active.
Linke Console's User Contextual Menu

System Status Tab

2. Credentials #

Under Credentials tab, you will set the IAM credentials needed to access your AWS Resources. This IAM User will have attached the policy with the proper permissions. You will need to indicate the AWS Account of the IAM User, the IAM User Name and its programatic credentials (both the Access Key and the Secret Access Key).

If you need to access resources from different accounts and you don’t want them to assume roles. You can create different IAM Users in the credentials tab and access the specific resources using the IAM Credentials that you prefer.

Console Credentials

Credentials Tab.

3. Buckets Management #

The main tab in the AWS Connector for SAP Console will give you a quick look of the Add-on configuration status. The system will check all the prerequisites needed for the correct behaviour of the Console.

Console Credentials

Buckets Management Tab.

You will need to provide the following information to create a S3 bucket.

  • Buckets. This is the bucket name to use. It can be an existing bucket of your AWS Account or a bucket created by AWS Connector.

    You must select the Create option if the buckets does not exist.

  • Access Point. At this moment, you cannot create Amazon S3 Access Points from the AWS Connector Console, so this selection will be only available if you select the bucket owning the access point during configuration.

  • Create Mark this option if you want to create the bucket from the AWS Connector Console.

  • User Name. From the list of users created in the Credentials tab section, indicate the one that will own the bucket. (The user must have permissions to access or create this bucket in its IAM Policy)

  • Region. The region where the bucket will be hosted.

  • Content Rep. This option is not modifiable. Once you create a bucket, it will indicate the Content Repository name automatically created and attached to this bucket.

  • Lifecycle. You can specify retention period after which the objects will be moved to Amazon Glacier to reduce the costs.

  • Client Encryption. If you want to encrypt the data before it leaves SAP, you must set this option. The process will use the Encryption Key specified during the Configure AWS Connector for SAP to use Client Side Encryption section.

  • Server Encryption. If you select that option, you will leverage AWS to encrypt the data while it is stored in the Amazon S3 Bucket. You can choose from one of the following encryption options:

    • No server encryption. The data will not be encrypted once stored in Amazon S3 or data will inheritate the default encryption key of the bucket, if it has one specified.
    • AES256. The default encryption key of your AWS Account will be used to encrypt/decrypt the data.
    • AWS-KMS. You will set a specific encryption key managed by AWS KMS service.
    Console Credentials

    Encryption Types

  • Object Lock. You can specify the object lock properties for the data stored in Amazon S3. For additional information about this feature, please read the Locking objects using S3 Object Lock documentation from AWS.

  • Zip. If the data to be stored has a format that can be compressed, you can select this option to compress them as a zip file before it is stored in Amazon S3. This option can help you to reduce the storage costs.

Once the bucket is created, you can perform a Check to ensure that everything was created properly and the IAM user specified has the proper permissions to work with the bucket.

4. Buckets Size #

Under Bucket Size tab, you can have a quick look about the number of documents stored in each bucket managed by AWS Connector and also its total size.
Console Credentials

Buckets Size Tab.

5. Archiving Objects Management #

AWS Connector can be used to store Archiving Sessions created through the SARA transaction in an Amazon S3 Bucket.

Under Archiving Objects Management tab, you can specify the correlation between an Archiving Objects (BC_SFLIGHT, COPA, DOCB) and the Amazon S3 bucket where the archiving files will be stored.

You will need to provide the following information:

  • Archiving Once yct Name. Any standard or custom Archiving Object Name available through the SARA transaction.
  • Bucket. The bucket where the archiving objects will be stored.
  • Start Automatically. To start the storage process at the same time you start the archiving job.
  • Sequence. Select between the standard processes Store before deleting or Delete before storing.
  • Read Stor.Syst.. Check that the storage server is reachable before it deletes the data.
Console Credentials

Archiving Objects Management Tab.

6. Attachments config #

AWS Connector can also be used to store Attachments into an Amazon S3 Bucket.

Under Attachments config tab, you can specify the bucket where you want your attachments to be stored. This attachments will be stored under the SOFFHIO Document Class.

You will need to provide the following information:

  • Bucket. The bucket where the archiving objects will be stored.
  • (optional) Access Point. If you want to store the documents in a specific access point within that bucket.
    Access Points. You can find additional information in the Amazon S3 Access Points documentation page.

After you save these changes, your attachments will be uploaded to Amazon S3 without any additional action required.

Console Credentials

Attachment Configuration Tab.

7. Logs #

In this section, you can find the application logs.

Under Logs tab, specify your application log retention time and filter your logs for troubleshooting.

  • Config Log. You can select the retention period for your application logs. You can select one of the predefined options, or you can select your own custom period time.
  • Display logs. By selection search all application logs will be displayed. You can choose to filter these logs by date, time of event type.
Console Credentials

Logs Management Tab.