Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 

We will go through step by step hands-on scenario to build virtual appliance for SAP HANA on AWS in this hands-on. It includes how to install SAP HANA on AWS and we will go through the steps required to install and configure SAP HANA on AWS. I hope the information contained in this hands-on provide you basic idea about what AWS services are and how to configure SAP HANA on AWS environment.


The hands-on is composed of following posts:

  1. Prior knowledge

  2. EC2 instance creation

  3. EC2 instance configuration

  4. SAP HANA installation for the master

  5. Adding worker to SAP HANA landscape.

We will try most steps in command line (awscli) but you should know that all tasks in this hands-on could be done on AWS console too.


1. Prior knowledge

You will encounter many terms used in AWS services or objects. It will be helpful to understand those terms before we go further in this hands-on. Installing awscli and connecting AWS services using awscli are also explained in this chapter.

1.1. Terms used in AWS

Before we start the hands-on, we need to prepare ourselves to understand terms which are dominantly used in AWS environment.


CIDR is a short for Classless Inter-Domain Routing and it, as an IP address representation, specifies the network address by adding the number of preceding <n> bits of IP address. Another bit values are used to identify hosts on the network. If two IP addresses have the same bit values in the first <n> bits, then those two share the same network.

For example, and are on the same network because the first 27 bits are the same (00001010.00001010.00000001.001). But is not on the same network as

CIDR Binary representation Same network as ? 00001010.00001010.00000001.00100000 00001010.00001010.00000001.00101100 YES 00001010.00001010.00000001.01010100 NO


Virtual Private Cloud (VPC), is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks(VPCs) in the AWS cloud. You provision a logically isolated section of the AWS Cloud where you can launch AWS resources. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. Simply, you can think VPC as your own data center.


Subnet is a subset of the VPC CIDR block and each subnet cannot span availability zones and must reside entirely within one Availability Zone.

Elastic IP:

There are two aspects in Elastic IP addresses, static and public.

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is allocated in your AWS account and is associated with EC2 instance. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another EC2 instance in your account.

An Elastic IP address also is a public IPv4 address, which is reachable from the internet. If your instance does not have a public IPv4 address yet, you have to allocate an Elastic IP address and associate it to your EC2 instance to enable communication with the internet.

NAT gateway:

You can use a NAT (network address translation) gateway to enable instances in your private subnet to connect to the internet or other subnets, but prevent the internet from initiating a connection to EC2 instances. In this hands-on, each private IP address will have one elastic (public) IP address mapping. So, we don’t need NAT gateway in this hands-on.


AWS services:

When you successfully logon to AWS console (, you will meet service lists as above. We will taste most of those services in this hands-on(actually , there are a tremendous number of services provided by AWS beside of above five services).

  • EC2 (Elastic Compute Cloud) service is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Simply speaking, it’s a virtual machine or a virtual hypervisor. More simply speaking, you may think EC2 as one server host.


  • From VPC service, you can manage VPC and Subnet. You can configure NAT gateway and internet gateway. We will use this service in creating our own subnet where EC2 instance will live.


  • S3 (Simple Storage Service) is like a file server. We will use S3 service for uploading and downloading SAP HANA image files.


  • CloudFormation enables you to describe your AWS resources (with properties) and provision the resources that are described in templates. You can automate AWS resource provisioning with CloudFormation in case you provide the template for the resources. We will not handle CloudFormation service in this hands-on.


  • IAM (Identity and Access Management) helps you securely control access to AWS resources. AWS account, as a root user in your AWS world, has complete access to all AWS services and resources. You also can create new users and grant required authorities using IAM for locking away root user credentials. We will visit IAM service to create access key.

1.2. Installing awscli

"awscli" is useful command line interface and we will use awscli broadly in this hands-on.

1.2.1. Installing awscli in Linux

You can install awscli in Linux environment with below commands. You can refer to

Python 2 version 2.6.5+ or Python 3 version 3.3+ is required as a prerequisite.
yourLinux:~ # mkdir /tmp/awscli_install
yourLinux:~ # cd /tmp/awscli_install
yourLinux:~ # wget
yourLinux:~ # unzip
yourLinux:~ # awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws

1.2.2. Installing awscli in Windows

You can download AWS Tools for Windows from

The installation is straightforward and I will skip the installation steps.

1.3. Configure AWS account

You need to configure aws account in your Linux or Windows. With “configure”, you can authenticate yourself against AWS services. For this, you have to know access key id and secret access key information of your AWS account.

1.3.1. Get access key id and secret access key.

This task requires us to visit IAM console. This is the only one task which should be done on AWS console in this hands-on.

  1. Open “IAM console” via the link,

  2. Click users, and then find your AWS account.

  3. From the Summary information, choose “Security Credentials” tab.

  4. You will find “Access Keys” section, then click [Create access key] button.

  5. You will meet a pop up and will find Access Key ID and Secret access key (Secret access key is hidden by default. You will browse the Secret access key by clicking “Show”). Download it into .CSV file and keep the information for future use.

Refer to for further information.

1.3.2. Configure credential setting

We need this step to configure credential settings which the AWS Command Line Interface uses whenever it accesses to EC2 services. We have to specify the security credential (access key id and secret access key which are taken in the previous "1.3.1. Get access key id and secret access key") and default region name.
yourLinux:~ # aws configure
AWS Access Key ID: <Access Key Id>
AWS Secret Access Key: <Secret Access Key>
Default region name: <region name>
Default output format [None]:

yourLinux:~ # aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************6YSA shared-credentials-file
secret_key ****************SHKl shared-credentials-file
region ap-northeast-2 config-file ~/.aws/config

You will find two files created, config and credentials, under ~/.aws directory. “credentials” file has aws_access_key_id and aws_secret_access_key in plain texts.

To confirm the correctness of your access key id and secret access key, you can try any awscli commands to connect to AWS services. For example, “aws ec2 describe-vpcs” to display your VPCs for test purpose.
yourLinux:~ # aws ec2 describe-vpcs

Now, you can connect to AWS service by your AWS account (precisely, by access key id and secret access key) and we can move to the next for creating EC2 instance.