Skip to Content
Technical Articles

How to consume AWS services on SAP Cloud Platform?

[UPDATED – 02.02.2021]

Disclaimer: The Multi-Cloud Foundation guide on “Integrating AWS Services into Cloud Foundry on SAP Cloud Platform” is removed. Please use user-provided services, instead. See Creating User-Provided Service Instances. Hence some of the links in the blog below might not work anymore

Hi All,

Often, we are asked by our customers about the possibilities to integrate their SAP workloads with native hyperscaler services. SAP Cloud Platform’s cloud foundry environment provides a possibility to provision and to consume native hyperscaler services. In this blog post, let’s see how this is enabled with Amazon Web Services (AWS) using the AWS Service Broker.

The AWS Service Broker is an open source project which allows native AWS services to be exposed directly through application platforms, that implement the Open Service Broker API such as Cloud Foundry and Kubernetes. The Broker provides a simple integration of AWS Services directly within the application platform. This is based on standard Cloud Foundry patterns with service brokers. The step-by-step tutorial on how to achieve this is available in the official documentation. The following image depicts a high-level overview of the steps described in the documentation:

Once the above-depicted integration is implemented, AWS services such as AWS S3, Dynamo DB and so on are available in Cloud Foundry service marketplace as shown below:


With SAP’s multi-cloud strategy, we strive to provide our customers with seamless integration and reuse experience. Stay tuned for more use-cases and scenarios using the native services and I will be happy to hear your feedback as comments below.

All my best,


You must be Logged on to comment or reply to a post.
  • Hi Harini,

    have seen azure building native integration capabilities from ABAP layer itself for customers who decide to stay on ECC for some more time. Link here.

    Are you aware of any such initiatives from AWS.



  • You mention the tutorial is in line with the link to the official documentation. Is there a link to the tutorial you can add to the above information?

  • Hi Harini,

    Thanks for this great post, and the function provided here will be great.

    I am  following the guide you mentioned. For me its missing a little detail on the online help.

    When I create the Service Broker stack, I am creating the CloudFormation Stack in eu-west-1 in AWS – is this OK ? (I understand there will be a latency to eu-central-1 where SCP CF sits).
    I also note that the Stacks S3_REGION is us-east-1.

    The stack creates a user – so I assume the access and secret keys are for this user. Is this correct ?

    For the Security User name and password – Since the push is to Cloud Foundry, I assume these are just variables on the application aws-service-broker that it uses for the CLI authentication  ? If not can you let me know to authenticate the cf create-service-broker (see below, I am getting a 403)
    SECURITY_USER_PASSWORD: myuserpassword

    When I go to register the AWS Service Broker in the CLI, using the environment variables setup in the manifest and that show on the application I get a HTTP 403 (I used random-route on the push to get the unique route) :

    C:\Users\username\Box\PC\Code\nodejs\aws-sb-cf-cloudfoundry-app-1.0.1>cf create-service-broker aws-service-broker-generous-warthog myuser myuserpassword
    Creating service broker aws-service-broker-generous-warthog as
    Server error, status code: 403, error code: 10003, message: You are not authorized to perform the requested action

    NOTE – somehow above its using or retrieving my email address, and I would have expected it to use “myuser”.

    In summary, any help in letting me know how to register this would me much appreciated.



    • Hi Peter,


      For my case, in manifest.yml, i placed all required information from AWS account

      # Required
          AWS_DEFAULT_REGION: us-east-1

      PS C:\My work\SAP Technology\Cloud\AWS\service broker> cf push aws-sb-cf-cloudfoundry-app-1.0.1
      Pushing app aws-sb-cf-cloudfoundry-app-1.0.1 to org xxxxxxx / space aws as xxxxxxx...
      Getting app info...
      Updating app with these attributes...
      name:                aws-sb-cf-cloudfoundry-app-1.0.1
      path:                C:\My work\SAP Technology\Cloud\AWS\service broker
      disk quota:          1G
      health check type:   port
      instances:           1
      memory:              1G
      stack:               cflinuxfs3

      Updating app aws-sb-cf-cloudfoundry-app-1.0.1...

      and it update app automatically.

    • Hi Peter,

      As mentioned in the last step's note here, you probably need to execute the create service broker command with the space scoped parameter as below:

      cf create-service-broker aws-service-broker <SECURITY_USER_NAME> <SECURITY_USER_PASSWORD> <URL OF THE SERVICE BROKER> --space-scoped

  • Does anyone face the error of None of the buildpacks detected a compatible application ?


    Downloaded app package (8.6M)
    None of the buildpacks detected a compatible application
    Exit status 222
    Error staging application: An app was not successfully detected by any available buildpack

    TIP: Use 'cf.exe buildpacks' to see a list of supported buildpacks.
    PS C:\My work\SAP Technology\Cloud\AWS\service broker> cf buildpacks
    Getting buildpacks...

    buildpack                   position   enabled   locked   filename                                       stack
    staticfile_buildpack        1          true      false    cflinuxfs3
    java_buildpack              2          true      false            cflinuxfs3
    ruby_buildpack              3          true      false          cflinuxfs3
    sap_java_buildpack_1_9_1    4          true      false

  • Hi,

    when trying to push the app (v. 1.0.1) I get an issue with the property in the manifest file.

    Do you have any information on this? Thanks


    cf push
    Error reading manifest file:
    Property '${BROKER_ID}' found in manifest. This feature is no longer supported. Please remove it and try again.

  • Hi ,

    While creating the service broker I am getting error –

    Server error, status code: 500, error code: 10001, message: An unknown error occurred.

    Do anyone have any information about how to fix it?

    Command used to create service broker-

    cf create-service-broker aws-service-broker <SECURITY_USER_NAME> <SECURITY_USER_PASSWORD> –space-scoped



    • Hi Amit,

      I think you are missing one dash in "--space-scoped" and the URL should be in the format ""


      At least this just now worked for me.




      • Hi Alex,

        Thank you for the reply !

        I am using dash (it is not showing here in reply section 🙂 )

        I used the URL –

        cf create-service-broker amit-aws-service-broker <SECURITY_USER_NAME ><SECURITY_USER_PASSWORD> –space-scoped

        Here the <SECURITY_USER_NAME > is the user created after uploading yml file in AWS  and<SECURITY_USER_PASSWORD> is my AWS login password.The same user and password is used for deployment of application in SAP CF. Am I doing something wrong here?


        The error is still

        Server error, status code: 500, error code: 10001, message: An unknown error occurred.


  • Hi Harini Gunabalan,

    Peter Clancy has already asked this but this is still not really clear: which access key, secret and user password do we have to provide in the yaml file? A BrokerUser is created with the CloudFormation template, do we have to provide this user's details in the manifest or the details of the user used to create the stack?



    • Hi Pierre,

      I tested it. We use BrokerUser credentials which is created by CloudFormation to deploy broker. Here are the explanation to the environment.

      AWS_ACCESS_KEY_ID: BrokerUser access_key_id.
      AWS_SECRET_ACCESS_KEY:BrokerUser sercret_access_key.
      SECURITY_USER_NAME: basic auth username which is used to access broker api
      SECURITY_USER_PASSWORD: basic auth password which is used to access broker api

  • Hi Harini Gunabalan ,

    I updated my manifest.yml with

    AWS_ACCESS_KEY_ID: xxxxx
    SECURITY_USER_NAME: <username> <which is by cloudformation template in aws>
    SECURITY_USER_PASSWORD: <Genereted a password manuallay in aws >

    Can you please suggest me, Is this configuration is correct or do I need to modify anything?

    Getting app info...
    The app cannot be mapped to route because the route exists in a different space.

  • Hi,


    Anyone facing the following error? I have tried with the master, 1.01, and 1.02 versions of the service broker.  My CF missing any build packs?


    2020-08-02T10:12:20.11-0500 [CELL/0] OUT Starting health monitoring of container
    2020-08-02T10:12:20.40-0500 [APP/PROC/WEB/0] ERR bash: ./cfnsb: No such file or directory
    2020-08-02T10:12:20.43-0500 [APP/PROC/WEB/0] OUT Exit status 127
    2020-08-02T10:12:20.57-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 stopping instance 4f44b9f3-c673-4119-6b07-00f7
    2020-08-02T10:12:20.57-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 destroying container for instance 4f44b9f3-c673-4119-6b07-00f7
    2020-08-02T10:12:20.60-0500 [API/5] OUT Process has crashed with type: "web"
    2020-08-02T10:12:20.63-0500 [API/5] OUT App instance exited with guid 21f63ac4-d93e-47c7-bbbf-4d1419da9709 payload: {"instance"=>"4f44b9f3-c673-4119-6b07-00f7", "index"=>0, "cell_id"=>"ff54f2fb-6672-44d0-b963-c7bf04d31ee6", "reason"=>"CRASHED", "exit_description"=>"APP/PROC/WEB: Exited with status 127", "crash_count"=>3, "crash_timestamp"=>1596381140570544254, "version"=>"60bca7a1-d57f-4850-83a1-533e3fd07e3f"}
    2020-08-02T10:12:21.25-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 successfully destroyed container for instance 4f44b9f3-c673-4119-6b07-00f7