AWS Inbound Integration

Cloud Integration with Amazon Web Services

Settings in AWS Console

Open your AWS Console and perform the following steps:

Procedure: Create an API User with minimum access to EC2

  1. Open the Identity and Access Management (IAM) service.

  2. Select Policies from the left-hand side and push the Create policy button.

  3. Switch to the JSON tab and paste the following in there:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowStartStopInstances",
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "arn:aws:ec2:*:*:instance/*"
        },
        {
            "Sid": "AllowDescribeInstances",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeInstanceStatus"
            ],
            "Resource": "*"
        }
    ]
}

    Push the Review Policy button.

  4. Fill in a Name (e.g. avantra-sync-and-start-stop-iam-policy), a Description, and push the Create Policy button.

  5. Select Users from the left-hand side and push the Add user button.

  6. Fill in a User name (e.g. avantra-sync-and-start-stop-iam-user), select Programmatic access for Access type, and push Next: Permissions.

  7. Choose Attach existing policies directly, click on Filter policies , and set the flag next to Customer managed.

  8. Set the flag next to the policy you created above (e.g. avantra-sync-and-start-stop-iam-policy) and push the Next: Tags button.

  9. Fill in tags if you desire, and push the Next: Review button.

  10. Push Create user and afterwards Download .cvs. Store the file in a safe location and push the Close button.

See also Tutorial: Create and Attach Your First Customer Managed Policy

Service Authentication settings for AWS in the UI

Open Avantra WebUI and perform the following steps:

Procedure: Creating Amazon Web Services Service Authentication

  1. Open Configuration  Integrations and choose New  AWS.

  2. Fill in a Name, an optional Description and select a Customer. Push the Finish button.

  3. Select the newly created entry and push Open.

  4. For User, Access Key ID, and Access Key Secret fill in the values from Procedure: Create an API User with minimum access to EC2.

  5. Push the Save button.

Synchronizing EC2 instances with Avantra

You can easily add synchronize Amazon EC2 instances with Avantra to include them as Server objects.

  1. Login to the Avantra UI as the admin user.

  2. Choose Administration  Synchronizations and select New  Inbound synchronization.

  3. For External Service choose AWS EC2, fill in a Name, e.g. AWS Synchronization, and push the Create button.

  4. In the newly created item, choose for AWS Authentication the value AWS Default.

    This entry has been automatically created during the launch of the stack.

  5. For AWS Region select an appropriate value, most likely the one you deployed Avantra for AWS into.

  6. In Filter, you may define one or more filter rules to restrict the set of Amazon EC2 instances considered for the synchronization. You can use the same syntax as used by the AWS CLI, which is described in AWS EC2aws ec2 describe-instances.

    By default, the value of the Name tag is used for the value Physical Server Name in Avantra, and the private IP address is used for FQDN or IP Address.

    Push the Apply followed by the Test Query button whenever you make changes and want to verify the filter.

    Best practice is to use Tags for all your AWS resources, and Amazon EC2 instances in particular.

    Example 1. Example using tag key

    • Filter Name: tag-key

    • Value(s): SAP

    will return all Amazon EC2 instances in the selected AWS Region that have a tag SAP set regardless of its value.

    Example 2. Example using tag key and value

    • Filter Name: tag:ApplicationType

    • Value(s): HANA

    will return all Amazon EC2 instances in the selected AWS Region that have a tag ApplicationType set with a value HANA.

  7. For System Type, choose Server, and select a Default Customer and a Default System Role. You can override these default settings on a per Server level as described below.

  8. In the Additional Attribute Mapping section add on the + button to add a new mapping. Choose the value DNS Alias for Avantra Attribute and fill in private-dns-name in AWS EC2 Instance Attribute.

    You can find the available EC2 instance attributes using Test Query.

  9. Select the value yes for Start Monitoring. Set the flags for Create Server and Update Server (if desired). Push the Apply button and afterwards the Sync button. Confirm that you have tested your query properly.

  10. If you want to synchronize periodically, set the flag next to Activate background synchronization and choose an appropriate value for the synchronization interval. Push the Apply button.

  11. Select System  Servers to verify the synchronization.

One of the major grouping mechanisms in Avantra is the Customer. If you have a complex VPC setup or you are using AWS PrivateLink, it may be helpful to create separate customers in Avantra that reflect the VPC layout. In this case, you may need to create multiple disjoint Synchronizations, unless you can extract the customer name from the EC2 instance attributes.

In particular, you should consider using separate customers for VPCs that are connected using AWS PrivateLink.

See Defining Customers how to create a customer in Avantra.

All synchronized instances that are directly reachable from the Avantra Server are now operational in Avantra. You can start to configure your SAP systems and databases.