Do you want to deploy and run a virtual appliance like the ABAP on HANA developer edition on AWS in a secure way? One recommended option is using a virtual private cloud (VPC) with openVPN server for VPN access in a public subnet and running the SAP system in a private subnet (as depicted in the drawing below).
Instead of creating all these AWS resources manually as described in my previous document, you can use AWS CloudFormation to create the whole stack automatically using a CloudFormation script. The attached CloudFormation script/template makes it a lot easier to setup a secure VPC stack with VPN access for your trial or developer edition.
Remark: There are other options to set up a VPC with VPN access on AWS. This approach should serve as proposal for modest testing and evaluation purposes and the template can be modified to your needs. Moreover, the ID of the openVPN access server AMI changes frequently. Thus, if the creation of the openVPN server instance fails, please check in the AWS Marketplace whether the AMI ID in the CF template is still valid or has to be updated.
There two prerequisites to successfully use this CloudFormation script (besides a valid AWS account):
a) You need a valid EC2 key pair, which you can use to connect to your VPN server instance using SSH:
To create a dedicated key pair, navigate to the EC2 dashboard > Network & Security > Key Pairs and hit the Create Key Pair button. Download the .pem file containing your private key.
b) You have to subscribe to the openVPN access server on the AWS Marketplace (for free), in order to accept the terms and conditions of this AMI:
Navigate to the AWS Marketplace and search for the openVPN access server. Select the current release, click on Manual Launch and hit the Accept Terms button. Now you are allowed to create an openVPN server instance programmatically.
c) Download the corresponding AWS CloudFormation template from GitHub (hit the Download Gist button).
Generate your VPC stack
Now it’s time to automatically build your VPC with VPN server using AWS CloudFormation:
1. In the AWS console navigate to the CloudFormation service and ensure that you selected the desired region (e.g. US East for the AS ABAP on SAP HANA developer edition).
2. Hit the Create New Stack button and select the vpc_openvpn.json script as template using the Browse button.
3. Enter the desired template parameters, i.e. an existing EC2 key pair and (optionally) a CIDR block (IP filter) for limiting admin access to your openVPN server instance:
4. Hit the Create button and wait until your entire VPC stack has been created:
Remark: You can also delete your whole VPC stack (all AWS resources) automatically if you don’t need it anymore by selecting your CloudFormation template in the AWS console and hitting the Delete Stack button.
After the automatic creation of your VPC stack you’ll find the admin URL and the access URL of your openVPN server in the Outputs tab of the CloudFormation service:
Deploy your virtual appliance and connect to your VPC
As I already described the remaining steps (configuring the openVPN server, deploying the virtual appliance, connecting to your VPC) in my previous document, please proceed with these steps described in Section 3. I hope the option described above (using AWS CloudFormation) makes it easier and more convenient for you to build and define your own VPC stack for deploying virtual appliances in the cloud.
Final remark: Please keep in mind, that your openVPN server instance will not be managed by SAP CAL (start, stop, terminate) together with your CAL instances. Directly use the AWS EC2 dashboard to start and stop your openVPN server.