Skip to Content
Technical Articles
Author's profile photo Harini Gunabalan

How to consume AWS services on SAP Cloud Platform?

[UPDATED – 02.02.2021]

Disclaimer: The Multi-Cloud Foundation guide on “Integrating AWS Services into Cloud Foundry on SAP Cloud Platform” is removed. Please use user-provided services, instead. See Creating User-Provided Service Instances. Hence some of the links in the blog below might not work anymore

Hi All,

Often, we are asked by our customers about the possibilities to integrate their SAP workloads with native hyperscaler services. SAP Cloud Platform’s cloud foundry environment provides a possibility to provision and to consume native hyperscaler services. In this blog post, let’s see how this is enabled with Amazon Web Services (AWS) using the AWS Service Broker.

The AWS Service Broker is an open source project which allows native AWS services to be exposed directly through application platforms, that implement the Open Service Broker API such as Cloud Foundry and Kubernetes. The Broker provides a simple integration of AWS Services directly within the application platform. This is based on standard Cloud Foundry patterns with service brokers. The step-by-step tutorial on how to achieve this is available in the official documentation. The following image depicts a high-level overview of the steps described in the documentation:

Once the above-depicted integration is implemented, AWS services such as AWS S3, Dynamo DB and so on are available in Cloud Foundry service marketplace as shown below:


With SAP’s multi-cloud strategy, we strive to provide our customers with seamless integration and reuse experience. Stay tuned for more use-cases and scenarios using the native services and I will be happy to hear your feedback as comments below.

All my best,


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Sitakant Tripathy
      Sitakant Tripathy

      Hi Harini,

      have seen azure building native integration capabilities from ABAP layer itself for customers who decide to stay on ECC for some more time. Link here.

      Are you aware of any such initiatives from AWS.



      Author's profile photo Harini Gunabalan
      Harini Gunabalan
      Blog Post Author

      Hi Sitakant,

      I forwarded this query to the AWS folks. I will keep you posted once we have an update on this.

      Best regards,


      Author's profile photo KK Ramamoorthy
      KK Ramamoorthy

      Sitakant - Currently there is no ABAP SDK from AWS but there is a partner solution available for the same. Which AWS services would you like to access from ABAP?

      And stating the obvious, all AWS services are REST enabled, so you should be able to consume them using  HTTP client classes in ABAP.

      Thanks for your feedback.

      Author's profile photo Mario De Felipe
      Mario De Felipe

      Hi Sitakant

      On AWS, you have an Add-on to connect to AWS, certified by SAP.

      For any NetWeaver from 7.5 to 7.54, available for Amazon S3, SNS, SQS, Lambda, Athena, DynamoDB, and EC2 service for Autoscaling.

      Microsoft one is a Z program that gives a skeleton to build it for yourself.

      Regards. Mario


      Author's profile photo Josh Bentley
      Josh Bentley

      You mention the tutorial is in line with the link to the official documentation. Is there a link to the tutorial you can add to the above information?

      Author's profile photo Harini Gunabalan
      Harini Gunabalan
      Blog Post Author

      Hi Josh,

      The official documentation contains 3 tabs. The second has all the steps that that needs to be done on the AWS account side and the third has the necessary steps to be done on SCP side.


      Best regards,


      Author's profile photo Kevin Chu
      Kevin Chu

      The link doesn't seem to work, can you please check it?

      Author's profile photo Peter Clancy
      Peter Clancy

      Hi Harini,

      Thanks for this great post, and the function provided here will be great.

      I am  following the guide you mentioned. For me its missing a little detail on the online help.

      When I create the Service Broker stack, I am creating the CloudFormation Stack in eu-west-1 in AWS – is this OK ? (I understand there will be a latency to eu-central-1 where SCP CF sits).
      I also note that the Stacks S3_REGION is us-east-1.

      The stack creates a user – so I assume the access and secret keys are for this user. Is this correct ?

      For the Security User name and password – Since the push is to Cloud Foundry, I assume these are just variables on the application aws-service-broker that it uses for the CLI authentication  ? If not can you let me know to authenticate the cf create-service-broker (see below, I am getting a 403)
      SECURITY_USER_NAME: myuser
      SECURITY_USER_PASSWORD: myuserpassword

      When I go to register the AWS Service Broker in the CLI, using the environment variables setup in the manifest and that show on the application I get a HTTP 403 (I used random-route on the push to get the unique route) :

      C:\Users\username\Box\PC\Code\nodejs\aws-sb-cf-cloudfoundry-app-1.0.1>cf create-service-broker aws-service-broker-generous-warthog myuser myuserpassword
      Creating service broker aws-service-broker-generous-warthog as
      Server error, status code: 403, error code: 10003, message: You are not authorized to perform the requested action

      NOTE – somehow above its using or retrieving my email address, and I would have expected it to use “myuser”.

      In summary, any help in letting me know how to register this would me much appreciated.



      Author's profile photo Chan Jin Park
      Chan Jin Park

      Hi Peter,


      For my case, in manifest.yml, i placed all required information from AWS account

      # Required
          AWS_DEFAULT_REGION: us-east-1

      PS C:\My work\SAP Technology\Cloud\AWS\service broker> cf push aws-sb-cf-cloudfoundry-app-1.0.1
      Pushing app aws-sb-cf-cloudfoundry-app-1.0.1 to org xxxxxxx / space aws as xxxxxxx...
      Getting app info...
      Updating app with these attributes...
      name:                aws-sb-cf-cloudfoundry-app-1.0.1
      path:                C:\My work\SAP Technology\Cloud\AWS\service broker
      disk quota:          1G
      health check type:   port
      instances:           1
      memory:              1G
      stack:               cflinuxfs3

      Updating app aws-sb-cf-cloudfoundry-app-1.0.1...

      and it update app automatically.

      Author's profile photo Harini Gunabalan
      Harini Gunabalan
      Blog Post Author

      Hi Peter,

      As mentioned in the last step's note here, you probably need to execute the create service broker command with the space scoped parameter as below:

      cf create-service-broker aws-service-broker <SECURITY_USER_NAME> <SECURITY_USER_PASSWORD> <URL OF THE SERVICE BROKER> --space-scoped

      Author's profile photo Chan Jin Park
      Chan Jin Park

      Does anyone face the error of None of the buildpacks detected a compatible application ?


      Downloaded app package (8.6M)
      None of the buildpacks detected a compatible application
      Exit status 222
      Error staging application: An app was not successfully detected by any available buildpack

      TIP: Use 'cf.exe buildpacks' to see a list of supported buildpacks.
      PS C:\My work\SAP Technology\Cloud\AWS\service broker> cf buildpacks
      Getting buildpacks...

      buildpack                   position   enabled   locked   filename                                       stack
      staticfile_buildpack        1          true      false    cflinuxfs3
      java_buildpack              2          true      false            cflinuxfs3
      ruby_buildpack              3          true      false          cflinuxfs3
      sap_java_buildpack_1_9_1    4          true      false

      Author's profile photo Arthur Liebhardt
      Arthur Liebhardt

      Had the same problem, I used

      this fixed it for me.
      Author's profile photo Alexander Schonefeld
      Alexander Schonefeld


      when trying to push the app (v. 1.0.1) I get an issue with the property in the manifest file.

      Do you have any information on this? Thanks


      cf push
      Error reading manifest file:
      Property '${BROKER_ID}' found in manifest. This feature is no longer supported. Please remove it and try again.

      Author's profile photo Amitanshu Shekhar
      Amitanshu Shekhar

      Hi ,

      While creating the service broker I am getting error –

      Server error, status code: 500, error code: 10001, message: An unknown error occurred.

      Do anyone have any information about how to fix it?

      Command used to create service broker-

      cf create-service-broker aws-service-broker <SECURITY_USER_NAME> <SECURITY_USER_PASSWORD> –space-scoped



      Author's profile photo Alexander Schonefeld
      Alexander Schonefeld

      Hi Amit,

      I think you are missing one dash in "--space-scoped" and the URL should be in the format ""


      At least this just now worked for me.




      Author's profile photo Amitanshu Shekhar
      Amitanshu Shekhar

      Hi Alex,

      Thank you for the reply !

      I am using dash (it is not showing here in reply section 🙂 )

      I used the URL –

      cf create-service-broker amit-aws-service-broker <SECURITY_USER_NAME ><SECURITY_USER_PASSWORD> –space-scoped

      Here the <SECURITY_USER_NAME > is the user created after uploading yml file in AWS  and<SECURITY_USER_PASSWORD> is my AWS login password.The same user and password is used for deployment of application in SAP CF. Am I doing something wrong here?


      The error is still

      Server error, status code: 500, error code: 10001, message: An unknown error occurred.


      Author's profile photo Paige Ola
      Paige Ola

      Hi Amitanshu Shekhar ,

      I have got the same error, could you fix it somehow? I'm using trial account.

      Best regards!

      Author's profile photo Pierre Dominique
      Pierre Dominique

      Hi Harini Gunabalan,

      Peter Clancy has already asked this but this is still not really clear: which access key, secret and user password do we have to provide in the yaml file? A BrokerUser is created with the CloudFormation template, do we have to provide this user's details in the manifest or the details of the user used to create the stack?



      Author's profile photo Jerry Jia
      Jerry Jia

      Hi Pierre,

      I tested it. We use BrokerUser credentials which is created by CloudFormation to deploy broker. Here are the explanation to the environment.

      AWS_ACCESS_KEY_ID: BrokerUser access_key_id.
      AWS_SECRET_ACCESS_KEY:BrokerUser sercret_access_key.
      SECURITY_USER_NAME: basic auth username which is used to access broker api
      SECURITY_USER_PASSWORD: basic auth password which is used to access broker api

      Author's profile photo Ramesh Phisini
      Ramesh Phisini

      Hi Harini Gunabalan ,

      I updated my manifest.yml with

      AWS_ACCESS_KEY_ID: xxxxx
      SECURITY_USER_NAME: <username> <which is by cloudformation template in aws>
      SECURITY_USER_PASSWORD: <Genereted a password manuallay in aws >

      Can you please suggest me, Is this configuration is correct or do I need to modify anything?

      Getting app info...
      The app cannot be mapped to route because the route exists in a different space.

      Author's profile photo Robert Stumpe
      Robert Stumpe

      I have the same problem. please help!

      Author's profile photo Robert Stumpe
      Robert Stumpe

      ok:  "cf push --random-route" solves this issue

      Author's profile photo Gopal Vangala
      Gopal Vangala



      Anyone facing the following error? I have tried with the master, 1.01, and 1.02 versions of the service broker.  My CF missing any build packs?


      2020-08-02T10:12:20.11-0500 [CELL/0] OUT Starting health monitoring of container
      2020-08-02T10:12:20.40-0500 [APP/PROC/WEB/0] ERR bash: ./cfnsb: No such file or directory
      2020-08-02T10:12:20.43-0500 [APP/PROC/WEB/0] OUT Exit status 127
      2020-08-02T10:12:20.57-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 stopping instance 4f44b9f3-c673-4119-6b07-00f7
      2020-08-02T10:12:20.57-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 destroying container for instance 4f44b9f3-c673-4119-6b07-00f7
      2020-08-02T10:12:20.60-0500 [API/5] OUT Process has crashed with type: "web"
      2020-08-02T10:12:20.63-0500 [API/5] OUT App instance exited with guid 21f63ac4-d93e-47c7-bbbf-4d1419da9709 payload: {"instance"=>"4f44b9f3-c673-4119-6b07-00f7", "index"=>0, "cell_id"=>"ff54f2fb-6672-44d0-b963-c7bf04d31ee6", "reason"=>"CRASHED", "exit_description"=>"APP/PROC/WEB: Exited with status 127", "crash_count"=>3, "crash_timestamp"=>1596381140570544254, "version"=>"60bca7a1-d57f-4850-83a1-533e3fd07e3f"}
      2020-08-02T10:12:21.25-0500 [CELL/0] OUT Cell ff54f2fb-6672-44d0-b963-c7bf04d31ee6 successfully destroyed container for instance 4f44b9f3-c673-4119-6b07-00f7




      Author's profile photo Shwetank Verma
      Shwetank Verma

      Hi Harini Gunabalan


      I am also getting same error. Please guide.

      Author's profile photo Swapnil Galgali
      Swapnil Galgali

      Hi Harini Gunabalan,

      I am getting the same error.

      Let us know how to fix it.


      I did try to deploy by providing binary buildpack as a command attribute, but no luck.