AWS Inbound Integration
Cloud Integration with Amazon Web Services
Settings in AWS Console
Open your AWS Console and perform the following steps:
-
Open the Identity and Access Management (IAM) service.
-
Select Policies from the left-hand side and push the Create policy button.
-
Switch to the JSON tab and paste the following in there:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowStartStopInstances", "Effect": "Allow", "Action": [ "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*" }, { "Sid": "AllowDescribeInstances", "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeInstanceStatus" ], "Resource": "*" } ] }
Push the Review Policy button.
-
Fill in a Name (e.g.
avantra-sync-and-start-stop-iam-policy
), a Description, and push the Create Policy button. -
Select Users from the left-hand side and push the Add user button.
-
Fill in a User name (e.g.
avantra-sync-and-start-stop-iam-user
), select Programmatic access for Access type, and push Next: Permissions. -
Choose Attach existing policies directly, click on Filter policies , and set the flag next to Customer managed.
-
Set the flag next to the policy you created above (e.g.
avantra-sync-and-start-stop-iam-policy
) and push the Next: Tags button. -
Fill in tags if you desire, and push the Next: Review button.
-
Push Create user and afterwards Download .cvs. Store the file in a safe location and push the Close button.
Service Authentication settings for AWS in the UI
Open Avantra WebUI and perform the following steps:
-
Open
and choose . -
Fill in a Name, an optional Description and select a Customer. Push the Finish button.
-
Select the newly created entry and push Open.
-
For User, Access Key ID, and Access Key Secret fill in the values from Procedure: Create an API User with minimum access to EC2.
-
Push the Save button.
Synchronizing EC2 instances with Avantra
You can easily add synchronize Amazon EC2 instances with Avantra to include them as Server objects.
-
Login to the Avantra UI as the
admin
user. -
Choose
and select . -
For External Service choose
AWS EC2
, fill in a Name, e.g.AWS Synchronization
, and push the Create button. -
In the newly created item, choose for AWS Authentication the value
AWS Default
.This entry has been automatically created during the launch of the stack. -
For AWS Region select an appropriate value, most likely the one you deployed Avantra for AWS into.
-
In Filter, you may define one or more filter rules to restrict the set of Amazon EC2 instances considered for the synchronization. You can use the same syntax as used by the AWS CLI, which is described in AWS EC2aws ec2 describe-instances.
By default, the value of the
Name
tag is used for the value Physical Server Name in Avantra, and the private IP address is used for FQDN or IP Address.Push the Apply followed by the Test Query button whenever you make changes and want to verify the filter.
Best practice is to use Tags for all your AWS resources, and Amazon EC2 instances in particular.
Example 1. Example using tag key-
Filter Name:
tag-key
-
Value(s):
SAP
will return all Amazon EC2 instances in the selected AWS Region that have a tag
SAP
set regardless of its value.Example 2. Example using tag key and value-
Filter Name:
tag:ApplicationType
-
Value(s):
HANA
will return all Amazon EC2 instances in the selected AWS Region that have a tag
ApplicationType
set with a valueHANA
. -
-
For System Type, choose
Server
, and select a Default Customer and a Default System Role. You can override these default settings on a per Server level as described below. -
In the Additional Attribute Mapping section add on the + button to add a new mapping. Choose the value
DNS Alias
for Avantra Attribute and fill inprivate-dns-name
in AWS EC2 Instance Attribute.You can find the available EC2 instance attributes using Test Query. -
Select the value
yes
for Start Monitoring. Set the flags for Create Server and Update Server (if desired). Push the Apply button and afterwards the Sync button. Confirm that you have tested your query properly. -
If you want to synchronize periodically, set the flag next to Activate background synchronization and choose an appropriate value for the synchronization interval. Push the Apply button.
-
Select
to verify the synchronization.
One of the major grouping mechanisms in Avantra is the Customer. If you have a complex VPC setup or you are using AWS PrivateLink, it may be helpful to create separate customers in Avantra that reflect the VPC layout. In this case, you may need to create multiple disjoint Synchronizations, unless you can extract the customer name from the EC2 instance attributes. In particular, you should consider using separate customers for VPCs that are connected using AWS PrivateLink. See Defining Customers how to create a customer in Avantra. |
All synchronized instances that are directly reachable from the Avantra Server are now operational in Avantra. You can start to configure your SAP systems and databases.