Technical Articles
How to consume AWS services on SAP Cloud Platform?
[UPDATED – 02.02.2021]
Disclaimer: The Multi-Cloud Foundation guide on “Integrating AWS Services into Cloud Foundry on SAP Cloud Platform” is removed. Please use user-provided services, instead. See Creating User-Provided Service Instances. Hence some of the links in the blog below might not work anymore
Hi All,
Often, we are asked by our customers about the possibilities to integrate their SAP workloads with native hyperscaler services. SAP Cloud Platform’s cloud foundry environment provides a possibility to provision and to consume native hyperscaler services. In this blog post, let’s see how this is enabled with Amazon Web Services (AWS) using the AWS Service Broker.
The AWS Service Broker is an open source project which allows native AWS services to be exposed directly through application platforms, that implement the Open Service Broker API such as Cloud Foundry and Kubernetes. The Broker provides a simple integration of AWS Services directly within the application platform. This is based on standard Cloud Foundry patterns with service brokers. The step-by-step tutorial on how to achieve this is available in the official documentation. The following image depicts a high-level overview of the steps described in the documentation:
Once the above-depicted integration is implemented, AWS services such as AWS S3, Dynamo DB and so on are available in Cloud Foundry service marketplace as shown below:
With SAP’s multi-cloud strategy, we strive to provide our customers with seamless integration and reuse experience. Stay tuned for more use-cases and scenarios using the native services and I will be happy to hear your feedback as comments below.
All my best,
Harini
Hi Harini,
have seen azure building native integration capabilities from ABAP layer itself for customers who decide to stay on ECC for some more time. Link here.
Are you aware of any such initiatives from AWS.
Regards,
Sitakant.
Hi Sitakant,
I forwarded this query to the AWS folks. I will keep you posted once we have an update on this.
Best regards,
Harini
Sitakant - Currently there is no ABAP SDK from AWS but there is a partner solution available for the same. Which AWS services would you like to access from ABAP?
And stating the obvious, all AWS services are REST enabled, so you should be able to consume them using HTTP client classes in ABAP.
Thanks for your feedback.
Hi Sitakant
On AWS, you have an Add-on to connect to AWS, certified by SAP.
For any NetWeaver from 7.5 to 7.54, available for Amazon S3, SNS, SQS, Lambda, Athena, DynamoDB, and EC2 service for Autoscaling.
https://aws.amazon.com/marketplace/pp/B0844W6JHV?qid=1590901468124&sr=0-1&ref_=srh_res_product_title
Microsoft one is a Z program that gives a skeleton to build it for yourself.
Regards. Mario
You mention the tutorial is in line with the link to the official documentation. Is there a link to the tutorial you can add to the above information?
Hi Josh,
The official documentation contains 3 tabs. The second has all the steps that that needs to be done on the AWS account side and the third has the necessary steps to be done on SCP side.
Best regards,
Harini
The link doesn't seem to work, can you please check it?
Hi Harini,
Thanks for this great post, and the function provided here will be great.
I am following the guide you mentioned. For me its missing a little detail on the online help.
When I create the Service Broker stack, I am creating the CloudFormation Stack in eu-west-1 in AWS – is this OK ? (I understand there will be a latency to eu-central-1 where SCP CF sits).
I also note that the Stacks S3_REGION is us-east-1.
The stack creates a user – so I assume the access and secret keys are for this user. Is this correct ?
For the Security User name and password – Since the push is to Cloud Foundry, I assume these are just variables on the application aws-service-broker that it uses for the CLI authentication ? If not can you let me know to authenticate the cf create-service-broker (see below, I am getting a 403)
SECURITY_USER_NAME: myuser
SECURITY_USER_PASSWORD: myuserpassword
When I go to register the AWS Service Broker in the CLI, using the environment variables setup in the manifest and that show on the application I get a HTTP 403 (I used random-route on the push to get the unique route) :
C:\Users\username\Box\PC\Code\nodejs\aws-sb-cf-cloudfoundry-app-1.0.1>cf create-service-broker aws-service-broker-generous-warthog myuser myuserpassword aws-service-broker-generous-warthog.cfapps.eu10.hana.ondemand.com
Creating service broker aws-service-broker-generous-warthog as myemail@mycompany.com…
FAILED
Server error, status code: 403, error code: 10003, message: You are not authorized to perform the requested action
NOTE – somehow above its using or retrieving my email address, and I would have expected it to use “myuser”.
In summary, any help in letting me know how to register this would me much appreciated.
Peter
Hi Peter,
For my case, in manifest.yml, i placed all required information from AWS account
PS C:\My work\SAP Technology\Cloud\AWS\service broker> cf push aws-sb-cf-cloudfoundry-app-1.0.1
Pushing app aws-sb-cf-cloudfoundry-app-1.0.1 to org xxxxxxx / space aws as xxxxxxx...
Getting app info...
Updating app with these attributes...
name: aws-sb-cf-cloudfoundry-app-1.0.1
path: C:\My work\SAP Technology\Cloud\AWS\service broker
disk quota: 1G
health check type: port
instances: 1
memory: 1G
stack: cflinuxfs3
routes:
aws-sb-cf-cloudfoundry-app-101.cfapps.sap.hana.ondemand.com
Updating app aws-sb-cf-cloudfoundry-app-1.0.1...
and it update app automatically.
Hi Peter,
As mentioned in the last step's note here, you probably need to execute the create service broker command with the space scoped parameter as below:
cf create-service-broker aws-service-broker <SECURITY_USER_NAME> <SECURITY_USER_PASSWORD> <URL OF THE SERVICE BROKER> --space-scoped
Does anyone face the error of None of the buildpacks detected a compatible application ?
Downloaded app package (8.6M)
None of the buildpacks detected a compatible application
Exit status 222
Error staging application: An app was not successfully detected by any available buildpack
TIP: Use 'cf.exe buildpacks' to see a list of supported buildpacks.
FAILED
PS C:\My work\SAP Technology\Cloud\AWS\service broker> cf buildpacks
Getting buildpacks...
buildpack position enabled locked filename stack
staticfile_buildpack 1 true false staticfile_buildpack-cflinuxfs3-v1.4.42.zip cflinuxfs3
java_buildpack 2 true false java-buildpack-cflinuxfs3-v4.19.zip cflinuxfs3
ruby_buildpack 3 true false ruby_buildpack-cflinuxfs3-v1.7.38.zip cflinuxfs3
sap_java_buildpack_1_9_1 4 true false sap_java_buildpack-v1.9.1.zip
Had the same problem, I used
Hi,
when trying to push the app (v. 1.0.1) I get an issue with the property in the manifest file.
Do you have any information on this? Thanks
cf push
FAILED
Error reading manifest file:
Property '${BROKER_ID}' found in manifest. This feature is no longer supported. Please remove it and try again.
Hi ,
While creating the service broker I am getting error –
Server error, status code: 500, error code: 10001, message: An unknown error occurred.
Do anyone have any information about how to fix it?
Command used to create service broker-
cf create-service-broker aws-service-broker <SECURITY_USER_NAME> <SECURITY_USER_PASSWORD> https://amit-aws-service-broker.cfapps.eu10.hana.ondemand.com –space-scoped
Thanks..
Amitanshu
Hi Amit,
I think you are missing one dash in "--space-scoped" and the URL should be in the format "https://yourservicebroker.ondemand.com"
At least this just now worked for me.
Regards,
Alex
Hi Alex,
Thank you for the reply !
I am using dash (it is not showing here in reply section 🙂 )
I used the URL –
cf create-service-broker amit-aws-service-broker <SECURITY_USER_NAME ><SECURITY_USER_PASSWORD> https://amit-aws-service-broker.cfapps.eu10.hana.ondemand.com –space-scoped
Here the <SECURITY_USER_NAME > is the user created after uploading yml file in AWS and<SECURITY_USER_PASSWORD> is my AWS login password.The same user and password is used for deployment of application in SAP CF. Am I doing something wrong here?
The error is still
Server error, status code: 500, error code: 10001, message: An unknown error occurred.
Thanks..
Amitanshu
Hi Amitanshu Shekhar ,
I have got the same error, could you fix it somehow? I'm using trial account.
Best regards!
Hi Harini Gunabalan,
Peter Clancy has already asked this but this is still not really clear: which access key, secret and user password do we have to provide in the yaml file? A BrokerUser is created with the CloudFormation template, do we have to provide this user's details in the manifest or the details of the user used to create the stack?
Cheers,
Pierre
Hi Pierre,
I tested it. We use BrokerUser credentials which is created by CloudFormation to deploy broker. Here are the explanation to the environment.
AWS_ACCESS_KEY_ID: BrokerUser access_key_id.
AWS_SECRET_ACCESS_KEY:BrokerUser sercret_access_key.
SECURITY_USER_NAME: basic auth username which is used to access broker api
SECURITY_USER_PASSWORD: basic auth password which is used to access broker api
Hi Harini Gunabalan ,
I updated my manifest.yml with
Can you please suggest me, Is this configuration is correct or do I need to modify anything?
Getting app info...
The app cannot be mapped to route aws-service-broker.cfapps.eu10.hana.ondemand.com because the route exists in a different space.
FAILED
I have the same problem. please help!
ok: "cf push --random-route" solves this issue
Hi,
Anyone facing the following error? I have tried with the master, 1.01, and 1.02 versions of the service broker. My CF missing any build packs?
2020-08-02T10:12:20.11-0500 [CELL/0] OUT Starting health monitoring of container
2020-08-02T10:12:20.40-0500 [APP/PROC/WEB/0] ERR bash: ./cfnsb: No such file or directory
2020-08-02T10:12:20.43-0500 [APP/PROC/WEB/0] OUT Exit status 127
2020-08-02T10:12:20.57-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 stopping instance 4f44b9f3-c673-4119-6b07-00f7
2020-08-02T10:12:20.57-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 destroying container for instance 4f44b9f3-c673-4119-6b07-00f7
2020-08-02T10:12:20.60-0500 [API/5] OUT Process has crashed with type: "web"
2020-08-02T10:12:20.63-0500 [API/5] OUT App instance exited with guid 21f63ac4-d93e-47c7-bbbf-4d1419da9709 payload: {"instance"=>"4f44b9f3-c673-4119-6b07-00f7", "index"=>0, "cell_id"=>"ff54f2fb-6672-44d0-b963-c7bf04d31ee6", "reason"=>"CRASHED", "exit_description"=>"APP/PROC/WEB: Exited with status 127", "crash_count"=>3, "crash_timestamp"=>1596381140570544254, "version"=>"60bca7a1-d57f-4850-83a1-533e3fd07e3f"}
2020-08-02T10:12:21.25-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 successfully destroyed container for instance 4f44b9f3-c673-4119-6b07-00f7
Thanks.
Gopal
Hi Harini Gunabalan
I am also getting same error. Please guide.
Hi Harini Gunabalan,
I am getting the same error.
Let us know how to fix it.
I did try to deploy by providing binary buildpack as a command attribute, but no luck.