cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How to send data to AWS S3 when S3 API are not exposed to internet ?

Cocquerel
Active Contributor

on ‎2021 Oct 28 2:36 PM

0 Kudos
1,098

Hello,

I would like to send data from an on-premise SAP ECC system to an S3 on AWS. I saw to SAP DI supports such use case but my issue is that, for security reason, our company AWS account is only accessible from our company LAN and not from internet. So, S3 APIs can not be called from SAP DI running on BTP.

A workaround could be to create an S3 locally on SAP AWS account linked to our BTP and then, grant access to it from our S3 company account using the following guide https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

I saw there is an indirect way to create S3 on BTP that is using "Object Store" service ( see https://help.sap.com/viewer/2ee77ef7ea4648f9ab2c54ee3aef0a29/Cloud/en-US/4236b942f67349d5a583773162d... )

Is it possible to allow such cross AWS account access ?

Can such local S3 be a target for SAP DI on BTP ?

Regards,

Michael

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
Lee
Participant
‎2021 Nov 09 7:09 AM
0 Kudos

Hi Michael

Have you tried the option of SAP Integration Suite on BTP and AWS adapter for the scenario? https://aws.amazon.com/blogs/awsforsap/integrating-sap-systems-with-aws-services-using-sap-business-...

Cocquerel
Active Contributor
‎2021 Nov 09 5:28 PM
0 Kudos

leenair3095_85
Thanks, I was not aware of this SAP Cloud Integration Adapter.

When looking at the following article https://api.sap.com/package/AmazonWebServicesAdapter/overview , it is mentioning a documentation called "SAP CP IS ADAPTER BASE PACK" that can be downloaded from SAP Software Download Center. Unfortunately, my account does not have access to this document probably because my company has currently no Cloud Integration subscription. Is there an alternative way to have a look to this documentation. I would like to check if, like the SAP DI AWS connecter, this adapter requires S3 access_key_id/secret_access_key and if this adapter could be used together with SAP Cloud Connecter as my S3 is not exposed to internet.

VinDevOps1
Participant
‎2025 Jan 24 9:53 AM
0 Kudos
Hi Michael, Did you get any solution to you problem. we also want to use S3 bucket using API end point and SAP cloud connector but We find any experiences on internet. It would great help if you could share your experience

Accepted Solutions (0)

Answers (2)

Answers (2)

MarioDeFelipe
Active Contributor
‎2021 Nov 02 10:30 AM
0 Kudos

Hi Michael I would check the cost of the Lambda+Cognito+ALB.

I would love to discuss that if you can send me an email to mario.defelipe@syntax.com we can see if we have an idea for a solution

Show replies
Show replies
MarioDeFelipe
Active Contributor
‎2021 Oct 29 12:41 PM
0 Kudos

Michel, did you consider AWS Connector?

https://aws.amazon.com/marketplace/pp/prodview-ulhiv7fq4p2ug

the S3 would be accessed by SAP system, from your LAN

What kind of data are you trying to send?

Show replies
Show replies
Cocquerel
Active Contributor
‎2021 Nov 01 9:52 PM

Thanks Mario.

I saw in the product documentation that this tool required to enter access_key_id/secret_access_key (https://docs.linkeit.com/connector/getstarted/install/#set-aws-credentials )

Unfortunately, for security reason, we are not authorized to create AWS IAM users and so, we can not generate such access_key_id/secret_access_key.

We are supposed to create API endpoints on AWS to interact with S3 and enable authentication via a solution called Mobile SSO

Ask a Question