# Amazon Launch Wizard for SAP
Launch Wizard for SAPAmazon Launch Wizard for SAP deployments with SAP ASE database

You can now deploy Amazon Launch Wizard for SAP systems with SAP ASE database.Amazon Launch Wizard for SAP integration with Amazon Service Catalog

You can create Amazon Service Catalog products from successful deployments with Amazon Launch Wizard.Amazon Launch Wizard for SAP support for custom IP address specification

You can specify a private IP address for each Amazon EC2 instance in your SAP deployment.Amazon Launch Wizard for SAP support for SAP application installation

You can install supported SAP applications using customer-provided SAP software.Amazon Launch Wizard for SAP support for custom pre-deployment and post-deployment scripts

You can run custom pre- and post-deployment configuration scripts using Amazon Launch Wizard for SAP.Amazon Launch Wizard for SAP support for application single-node deployments

You can deploy your SAP application on a single instance.Initial release

Initial release of Amazon Launch Wizard for SAP User Guide.Proxy server support

You can route outbound internet traffic for deployed EC2 instances through a proxy server. Route 53/DNS association support

You can provide your DNS domain name or Route53 hosted zone to enable DNS association for your deployed EC2 instances. SUSE/RHEL high availability for SAP applications

You can configure SUSE/RHEL high availability for SAP applications as part of your deployment with Amazon Launch Wizard. Amazon Launch Wizard for SAP support for cloning deployments

You can now clone your SAP deployments created after April 21, 2022.Proxy server example

You can deploy an SAP application with Amazon Launch Wizard using a proxy server such as, Squid.

Amazon Launch Wizard for SAP is a service that guides you through the sizing, configuration, and deployment of SAP applications on Amazon, and follows [Amazon cloud application best practices](https://docs.amazonaws.cn/wellarchitected/latest/framework/welcome.html).

Amazon Launch Wizard reduces the time it takes to deploy SAP applications on Amazon. You input your application requirements, including the database (SAP HANA or SAP ASE) settings, SAP landscape settings, and deployment details on the service console, and Launch Wizard identifies the appropriate Amazon resources to deploy and run your SAP application. Launch Wizard provides an estimated cost of deployment, which allows you to modify your resources and instantly view the updated cost. When you finalize your settings, Launch Wizard provisions and configures the selected resources. It then optionally installs SAP application/database software using customer-provided software.



You can create deployments from the Launch Wizard console or Amazon Launch Wizard APIs. For more information, see [Get started with Amazon Launch Wizard for SAP](launch-wizard-sap-getting-started.md).

After you deploy an SAP application, you can access it from the Amazon EC2 console. You can manage your SAP applications with [Amazon Systems Manager](https://docs.amazonaws.cn/systems-manager/latest/userguide/what-is-systems-manager.html).

## Supported deployments and features of Amazon Launch Wizard
Supported deployments and features

**Supported deployments**  
Amazon Launch Wizard currently supports the deployment of Amazon resources for the following SAP systems and patterns. SAP HANA database software and supported SAP application software are optionally installed and provided by the customer. 
+ **SAP HANA database on a single Amazon EC2 instance.** Deploy SAP HANA in a single-node, scale-up architecture, with up to 24TB of memory.
+ **SAP NetWeaver on SAP HANA system on a single Amazon EC2 instance.** Deploy an SAP application on the same Amazon EC2 instance as your SAP HANA database. 
+ **SAP NetWeaver on SAP ASE database on a single Amazon EC2 instance.** Deploy an SAP application on the same Amazon EC2 instance as your SAP ASE database.
+ **SAP HANA database on multiple EC2 instances.** Deploy SAP HANA in a multi-node, scale-out architecture.
+ **SAP NetWeaver on SAP HANA system on multiple EC2 instances.** Deploy an SAP NetWeaver system using a distributed deployment model, which includes an ASCS/PAS server, single/multiple SAP HANA servers running SAP HANA databases, and multiple application servers.
+ **SAP NetWeaver on SAP ASE system on multiple EC2 instances.** Deploy an SAP NetWeaver system using a distributed deployment model, which includes an ASCS/PAS server, multiple application servers, and single SAP ASE database server.
+ **Cross-AZ SAP HANA database high availability setup.** Deploy SAP HANA with high availability configured across two Availability Zones. 
+ **Cross-AZ SAP NetWeaver system setup.** Deploy Amazon EC2 instances for ASCS/ERS and SAP HANA databases across two Availability Zones, and spread the deployment of application servers across them.
+ **SUSE/RHEL cluster setup** For SAP HANA and NetWeaver on HANA high availability deployments, Launch Wizard for SAP configures SUSE/RHEL clustering when you provide SAP software and specify the deployment of SAP database or application software. For SAP HANA databases, clustering is enabled between the ASCS and ERS nodes.

**Topics**
+ [

### Instance selection and configuration
](#launch-wizard-sap-features-app-deployment)
+ [

### Amazon resource selection
](#launch-wizard-sap-features-resource-selection)
+ [

### Cost estimation
](#launch-wizard-sap-features-cost)
+ [

### Reusable infrastructure settings
](#launch-wizard-sap-features-code-templates)
+ [

### SNS notification
](#launch-wizard-sap-features-sns)
+ [

### Application resource groups
](#launch-wizard-sap-features-resource-groups)
+ [

### Amazon Data Provider for SAP
](#launch-wizard-sap-features-data-provider)
+ [

### Amazon Backint Agent for SAP HANA
](#launch-wizard-sap-features-backint)
+ [

### Custom deployment configuration scripts
](#launch-wizard-sap-features-scripts)
+ [

### Application software installation
](#launch-wizard-sap-features-software-install)
+ [

### Creation of Amazon Service Catalog products
](#launch-wizard-features-service-catalog)
+ [

### Amazon Systems Manager for SAP
](#launch-wizard-features-systems-manager-for-sap)
+ [

### Amazon Web Services Regions
](#launch-wizard-sap-regions)

### Instance selection and configuration


When you input the application requirements, Launch Wizard deploys the necessary Amazon resources for a production-ready application. This means that you do not have to figure out how to select the right instances and configure them to run supported SAP applications. 

### Amazon resource selection


Launch Wizard considers CPU/Memory or SAPS requirements that you provide to determine the most appropriate instance types and other resources for your SAP application. You can modify the recommended defaults. 

### Cost estimation


Launch Wizard provides a cost estimate for the complete deployment that is itemized for each individual resource being deployed. The estimated cost automatically updates each time you change a resource type configuration in the wizard. The provided estimates are only for general comparisons. They are based on On-Demand Instance costs. Actual costs may be lower.

### Reusable infrastructure settings


You can save the settings for your Amazon infrastructure for the SAP landscape to reuse when you want to deploy SAP systems that function similarly within a landscape. For example, a development configuration can be created for the first development instance, which can later be reused to deploy other development systems.

Some example scenarios for which DevOps and SAP architecture teams can create templates include:
+ Organize the SAP systems within a landscape.
+ Save infrastructure settings, including VPC, subnets, key pairs, and security groups to ensure that systems that must be deployed with the same settings are correctly deployed. 
+ Set up connectivity between the systems using the same configuration template so they can communicate with each other when security groups are created with Launch Wizard.
+ Use the same GID for SAPSYS group across different configuration templates to ensure that SAP transport files systems are mounted properly.

### SNS notification


You can provide an [ SNS topic](https://docs.amazonaws.cn/sns/latest/dg/welcome.html) so that Launch Wizard will send you notifications and alerts about the status of a deployment.

### Application resource groups


Launch Wizard creates a resource group for all of the Amazon resources created for your SAP system. You can manage the resources through the Amazon EC2 console or by using Systems Manager.

### Amazon Data Provider for SAP


Deploying and running the Amazon Web Services (Amazon) Data Provider for SAP is a prerequisite for running SAP systems on Amazon. Launch Wizard automatically deploys Amazon Data Provider for SAP on every Amazon EC2 instance that it launches. Amazon Data Provider for SAP is a tool that collects performance-related data from Amazon services. It makes this data available to SAP applications to help monitor and improve the performance of business transactions. Amazon Data Provider for SAP uses operating system, network, and storage data that is most relevant to the operation of the SAP infrastructure. Its data sources include Amazon EC2 and Amazon CloudWatch. 

### Amazon Backint Agent for SAP HANA


Launch Wizard deploys and configures Amazon Backint Agent for SAP HANA, an SAP-certified backup and restore application for SAP HANA workloads running on Amazon EC2 instances in the cloud. Launch Wizard supports the deployment and configuration of Backint Agent for single-node, multi-node, and high availability deployments for supported SAP HANA and SAP NetWeaver on SAP HANA applications.

You have the option to choose fully-managed backup or self-managed backup when deploying SAP applications using Launch Wizard for SAP workflow. Launch Wizard for SAP deploys Amazon Backint agent for Amazon Backup if fully-managed backup is selected or Amazon Backint agent for Amazon S3 if self-managed backup is selected as your backup method.

Once the deployment is complete, you must maintain Amazon Backint Agent for SAP HANA with latest releases and updated configurations. For more information, see [Amazon Backint Agent for SAP HANA](https://docs.amazonaws.cn/sap/latest/sap-hana/aws-backint-agent-sap-hana.html).

### Custom deployment configuration scripts


You can provide custom pre-deployment and post-deployment configuration scripts that can run on various instance tiers, such as SAP HANA Database, Primary Application Server, and Enqueue Replication Server during the pre-deployment and post-deployment configuration phases. Launch Wizard uses a standalone component manager application (EC2 TOE) to run the scripts. For more information, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts).

### Application software installation


Launch Wizard can install SAP application software that you have made available on Amazon S3, including SAP NetWeaver ABAP on SAP HANA and SAP ASE databases, SAP NetWeaver JAVA on SAP HANA and SAP ASE databases, SAP Solution Manager on SAP HANA and SAP ASE databases, SAP S/4HANA, and SAP BW/4HANA. For more details about which operating systems and database versions are supported for each deployment pattern, see [SAP applications](launch-wizard-sap-versions.md#launch-wizard-sap-versions-application). For supported software versions and installation details, see [Make SAP application software available for Amazon Launch Wizard to deploy SAP](launch-wizard-sap-software-install-details.md).

### Creation of Amazon Service Catalog products


Amazon Launch Wizard can create Amazon Service Catalog products from successful deployments. The Amazon Service Catalog products contain Amazon CloudFormation templates and associated application configuration scripts, which are stored in Amazon S3. You can use the Amazon Service Catalog products, along with integrations offered by Amazon Service Catalog, with third-party products, such as ServiceNow, Jira, or Terraform. Or, you can use the Amazon CloudFormation templates and application configuration scripts saved in Amazon S3 to deploy SAP applications that meet the requirements of organizational deployment and governance policies.

In addition to supporting deployments using Amazon CloudFormation templates, Amazon Service Catalog, and multiple deployment tools supported by Amazon Service Catalog, Amazon Launch Wizard creates a point-in-time snapshot of the code used to deploy and configure SAP applications at the time of the deployment. You can use the code in its current form for consistent repeated deployments, or you can use the code as a baseline and update it to meet specific application requirements.

### Amazon Systems Manager for SAP


You can register SAP HANA databases and SAP applications based on SAP HANA database with Amazon Systems Manager for SAP. It enables you to configure managed backups with Amazon Backup for SAP HANA at the time of deployment with Amazon Launch Wizard for SAP. These newly deployed applications have access to the management and operational capability that offered by Amazon Systems Manager for SAP.
+ SAP HANA single-node, SAP HANA high availability, and SAP NetWeaver on SAP HANA are supported. For more information, see [Supported versions for SAP deployments](https://docs.amazonaws.cn/ssm-sap/latest/userguide/supported-versions.html).
+ S/4HANA, S/4HANA Foundation, NetWeaver 7.5X, and BW/4HANA are the supported software stacks for SAP NetWeaver on SAP HANA deployments.
+ This feature is available in all commercial regions where Amazon Launch Wizard for SAP and Amazon Systems Manager for SAP supported backup for SAP HANA with Amazon Backup is available. For more information, see [Supported Regions](https://docs.amazonaws.cn/ssm-sap/latest/userguide/what-is-ssm-for-sap.html#supported-regions).

### Amazon Web Services Regions


Launch Wizard uses various Amazon services during the provisioning of the application's environment. Not every workload is supported in all Amazon Web Services Regions. For a current list of Regions where the workload can be provisioned, see [Amazon Launch Wizard workload availability](launch-wizard-workload-availability.md).

## Components


An SAP application deployed with Launch Wizard includes the following components.

**SAP applications:**
+ **SAP HANA Database** supports the following:
  + Single instance deployment 
  + Distributed instance deployment in a single Availability Zone
  + Cross-Availability Zone, high-availability deployment
+ **SAP applications based on SAP NetWeaver on SAP HANA database** supports the following:
  + Single instance deployment
  + Distributed instance deployment
  + cross-Availability Zone, high-availability deployment
+ **SAP applications based on SAP NetWeaver on SAP ASE database** supports the following:
  + Single instance deployment
  + Distributed instance deployment in a single Availability Zone
+ **SAP Web Dispatcher** supports the following:
  + All SAP deployment patterns, including with other SAP applications

**Security groups**  
Launch Wizard creates optional security groups to ensure that all of the systems sharing the same configuration template can communicate with each other and with systems and end users who access the SAP systems from an IP CIDR range, an external IP address, or security groups. For more information about how Launch Wizard creates security groups and how they are configured, see [Security groups in Amazon Launch Wizard for SAP](launch-wizard-sap-security-groups.md).

**SAP transport group configuration**  
You can create an SAP transport file system, or attach an existing transport file system that was created as part of a previous deployment with Amazon Launch Wizard. Transport file systems are created with Amazon Elastic File System. For more information, see [Amazon Elastic File System setup for transport directory](how-launch-wizard-sap-works.md#launch-wizard-sap-efs). 

## Related services


The following Amazon services are used when you deploy an SAP application with Amazon Launch Wizard.

**Topics**
+ [

### Amazon CloudFormation
](#launch-wizard-sap-related-services-cloudformation)
+ [

### Amazon Virtual Private Cloud security groups
](#launch-wizard-sap-related-services-vpc)
+ [

### Amazon Elastic File System
](#launch-wizard-sap-related-services-efs)
+ [

### Amazon Systems Manager
](#launch-wizard-sap-related-services-SSM)
+ [

### Amazon Simple Notification Service (SNS)
](#launch-wizard-related-services-sns)
+ [

### Amazon Route 53
](#launch-wizard-related-services-route53)
+ [

### Amazon Backint Agent for SAP HANA
](#launch-wizard-related-services-backint)
+ [

### EC2 Task Orchestrator and Executor
](#launch-wizard-related-services-ec2toe)
+ [

### Amazon FSx for NetApp ONTAP
](#launch-wizard-sap-related-services-fsx)
+ [

### Elastic Load Balancing
](#launch-wizard-sap-related-services-alb)
+ [

### Amazon Systems Manager for SAP
](#launch-wizard-sap-related-services-ssm)

### Amazon CloudFormation


[Amazon CloudFormation](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html) is a service that helps you model and set up your Amazon resources, and lets you spend more time focusing on your applications that run in Amazon. You create a template that describes all of the Amazon resources that you want (for example, Amazon EC2 instances or Amazon RDS DB instances), and Amazon CloudFormation takes care of provisioning and configuring those resources for you. With Amazon Launch Wizard for SAP, you don’t need to build Amazon CloudFormation templates to deploy your application. Instead, Amazon Launch Wizard combines infrastructure provisioning and application configuration (code that runs on EC2 instances to configure the application) into a unified Amazon CloudFormation template. The Amazon CloudFormation template is then invoked by Amazon Launch Wizard’s backend service to provision an application in your account.

### Amazon Virtual Private Cloud security groups


[Amazon Virtual Private Cloud security groups](https://docs.amazonaws.cn/vpc/latest/userguide/VPC_SecurityGroups.html) act as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instances. Amazon Launch Wizard displays the security groups that will be assigned to the EC2 instances that run the SAP applications. This allows the components to communicate.

### Amazon Elastic File System


[Amazon EFS](https://docs.amazonaws.cn//efs/latest/ug/whatisefs.htm) provides file storage in the Amazon Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system. For more information, see [Amazon Elastic File System setup for transport directory](how-launch-wizard-sap-works.md#launch-wizard-sap-efs).

### Amazon Systems Manager


[Amazon Systems Manager](https://docs.amazonaws.cn/systems-manager/latest/userguide/what-is-systems-manager.html) is an Amazon service that you can use to view and control your infrastructure on Amazon. Using the Amazon Systems Manager console, you can view operational data from multiple Amazon Web Services services and automate operational tasks across your Amazon resources. Systems Manager helps you maintain security and compliance by scanning your managed instances and reporting on, or taking corrective action on, any policy violations that it detects.

### Amazon Simple Notification Service (SNS)


[Amazon Simple Notification Service (SNS)](https://docs.amazonaws.cn/sns/latest/dg/welcome.html) is a highly available, durable, secure, fully managed pub/sub messaging service that provides topics for high-throughput, push-based, many-to-many messaging. Using Amazon SNS topics, your publisher systems can fan out messages to a large number of subscriber endpoints and send notifications to end users using mobile push, SMS, and email. You can use SNS topics for your Launch Wizard deployments to stay up-to-date on deployment progress. For more information, see the [https://docs.amazonaws.cn/sns/latest/dg/welcome.html](https://docs.amazonaws.cn/sns/latest/dg/welcome.html).

### Amazon Route 53


[Amazon Route 53](https://docs.amazonaws.cn/Route53/latest/DeveloperGuide/Welcome.html) is a highly available and scalable Domain Name System (DNS) web service. You can use Route 53 to perform three main functions in any combination: domain registration, DNS routing, and health checking. Launch Wizard integrates with Route 53 hosted zones, which are containers for records. The records contain information about how you want to route traffic for a specific domain, such as example.com, and its subdomains (acme.example.com, zenith.example.com). There are two types of hosted zones: public and private hosted zones. We recommend that you use private hosted zones for SAP applications unless an application must be directly accessible from the internet. 

### Amazon Backint Agent for SAP HANA


[Amazon Backint Agent for SAP HANA](https://docs.amazonaws.cn/sap/latest/sap-hana/aws-backint-agent-what-is.html) is an SAP-certified backup and restore application for SAP HANA workloads running on Amazon EC2 instances in the cloud. Amazon Backint Agent runs as a standalone application that integrates with your existing workflows to back up your SAP HANA database to Amazon S3 and to restore it using SAP HANA Cockpit, SAP HANA Studio, and SQL commands. Amazon Backint Agent supports full, incremental, and differential backup of SAP HANA databases. Additionally, you can back up log files and catalogs to Amazon S3. Amazon Backint Agent runs on an SAP HANA database server, where backups and catalogs are transferred from the SAP HANA database to the Amazon Backint Agent. The Amazon Backint Agent stores your files in the S3 bucket that is specified in the agent configuration file. To restore your SAP HANA database server, SAP HANA reads the catalog files stored in your S3 bucket using the Amazon Backint Agent. It then initiates a request to restore the required files from S3.

### EC2 Task Orchestrator and Executor


[EC2 Task Orchestrator and Executor](https://docs.amazonaws.cn/imagebuilder/latest/userguide/image-builder-component-manager.html) is component management application used to orchestrate complex workflows, modify system configurations, and test your systems without writing code. This application uses a declarative document schema. As a standalone application it does not require additional server setup. It can run on any cloud infrastructure and on premises. Amazon Launch Wizard uses this application to orchestrate the download of the pre- and post-configuration scripts, and to run them. 

### Amazon FSx for NetApp ONTAP


Amazon FSx for NetApp ONTAP is a fully managed service that provides highly reliable, scalable, high-performing, and feature-rich file storage built on NetApp's popular ONTAP file system. You can now deploy and operate SAP HANA on Amazon with Amazon FSx for NetApp ONTAP. For more information, see [Amazon FSx for NetApp ONTAP](https://www.amazonaws.cn/fsx/netapp-ontap/).

### Elastic Load Balancing


Elastic Load Balancing can be deployed as an optional component to load balance internet or intranet traffic between one or more SAP Web Dispatcher instances. Launch Wizard for SAP supports both Application Load Balancer and Network Load Balancer resources. For more information, see [What is Elastic Load Balancing?](https://docs.amazonaws.cn/elasticloadbalancing/latest/userguide/what-is-load-balancing.html) in the Elastic Load Balancing User Guide.

### Amazon Systems Manager for SAP


Amazon Systems Manager for SAP is a secure end-to-end management solution for resources on Amazon. It provides automation capabilities to help you manage and operate your SAP applications on Amazon more efficiently with features such as as managed backups with Amazon Backup for SAP HANA and graceful start/stop of SAP HANA.

# Supported versions for SAP deployments
Version support for SAP deployments

**Topics**
+ [

## Operating systems
](#launch-wizard-sap-ascs-support-os)
+ [

## Databases
](#launch-wizard-sap-versions-databases)
+ [

## SAP applications
](#launch-wizard-sap-versions-application)

## Operating systems


The following table provides details of the operating systems supported by Launch Wizard for SAP deployments.


****  

| Operating system | Supported deployment patterns | 
| --- | --- | 
| Red Hat Enterprise Linux (RHEL)\$1 8.4, 8.6, 8.8, 9.0, 9.2, and 9.4 | All | 
| SUSE Linux Enterprise Server for SAP Applications 12 SP5, 15 SP3, 15 SP4, 15 SP5, and 15 SP6 | All | 
| SUSE Linux Enterprise Server 12 SP5, 15 SP5, and 15 SP6 | All, except high availability patterns | 
| Bring Your Own Subscription Amazon Machine Image | All | 

\$1*RHEL is available with high availability and update services on [Amazon Web Services Marketplace](https://www.amazonaws.cn/marketplace/search/results?searchTerms=rhel+sap).*

**Note**  
Operating system versions are supported on the basis of SAP component types. For example, ASCS and ERS components for high availability are supported on SUSE Linux Enterprise Server for SAP Applications and Red Hat Enterprise Linux for SAP Solutions.

## Databases


The following table provides details of the database versions supported by Launch Wizard for SAP deployments.


****  

| Database | Versions | Service Pack Stack | 
| --- | --- | --- | 
| SAP HANA | 2.0 | SP05 Rev59, SP06, SP07, and SP08 | 
| SAP ASE | 16 | SP4 PL04 | 

For more information on the supported operating systems for SAP service pack stacks, see [SAP Note 2235581](https://launchpad.support.sap.com/#/notes/2235581) (requires access to the SAP portal).

## SAP applications


The following table provides details of SAP applications supported by Launch Wizard for SAP deployments.

For more information on the supported operating systems for SAP service pack stacks, see [SAP Product Availability Matrix](https://userapps.support.sap.com/sap(bD1lbiZjPTAwMQ==)/support/pam/pam.html#ts=49) (requires access to the SAP portal). The versions in the following tables link to the relevant sections of the SAP Product Availability Matrix.

**Topics**
+ [

### Applications supported with SAP HANA database
](#applications-hana)
+ [

### Applications supported with SAP ASE database
](#applications-ase)
+ [

### Supported versions of SAP Web Dispatcher
](#applications-ase)

### Applications supported with SAP HANA database



****  

| Applications | Versions | 
| --- | --- | 
| SAP NetWeaver on ABAP | [750](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3D%26o%3Dmost_viewed%257Cdesc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900000414%26pt%3Dg%257Cd%26ainstnr%3D73554900104900001064%26fclfilter%3D) and [752](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3Dfavorites%257CT%26o%3Dname%257Casc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900001597%26pt%3Dt%257CPLTFRM%26ainstnr%3D73554900104900003577%26fclfilter%3DG1%257CSAP%2520HANA%2520DATABASE%253BG2%257CLINUX%2520ON%2520X86_64) | 
| SAP BW4/HANA | [2.0](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3Dfavorites%257CT%26o%3Dname%257Casc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73555000100900003033%26pt%3Dg%257Cd%26ainstnr%3D73555000104900006672%26fclfilter%3D), [2021](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3Dfavorites%257CT%26o%3Dname%257Casc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73555000100900004721%26pt%3Dg%257Cd) and [2023](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3Dfavorites%257CT%26o%3Dname%257Casc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73555000100900004721%26pt%3Dg%257Cd) | 
| SAP S4/HANA | [1909](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3Dfavorites%257CT%26o%3Dname%257Casc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73555000100900004721%26pt%3Dg%257Cd), [2020](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3Dfavorites%257CT%26o%3Dname%257Casc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900005134%26pt%3Dg%257Cd), [2021](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3Dfavorites%257CT%26o%3Dname%257Casc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900005134%26pt%3Dg%257Cd), [2022](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3D%26o%3Dmost_viewed%257Cdesc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900005331%26pt%3Dg%257Cd), [2023](https://userapps.support.sap.com/sap(bD1lbiZjPTAwMQ==)/support/pam/pam.html#s=&filter=&o=most_viewed%7Cdesc&st=l&rpp=20&page=1&ts=2&pvnr=73554900100900005332&pt=g%7Cd), [2025](https://userapps.support.sap.com/sap(bD1lbiZjPTAwMQ==)/support/pam/pam.html#ts=1&pvnr=73555000100900007121&pt=g%7Cd) | 
| SAP S4/HANA Foundation | [2021](https://userapps.support.sap.com/sap/support/pam?hash=s%3DFoundation%26filter%3D%26o%3Dmost_viewed%257Cdesc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900005135%26pt%3Dg%257Cd), [2022](https://userapps.support.sap.com/sap/support/pam?hash=s%3DFoundation%26filter%3D%26o%3Dmost_viewed%257Cdesc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73555000100900005543%26pt%3Dg%257Cd), [2023](https://userapps.support.sap.com/sap(bD1lbiZjPTAwMQ==)/support/pam/pam.html#s=foundation&filter=&o=most_viewed%7Cdesc&st=l&rpp=20&ts=6&page=1&pvnr=73554900100900007081&pt=g%7Cd), [2025](https://userapps.support.sap.com/sap(bD1lbiZjPTAwMQ==)/support/pam/pam.html#ts=9&s=SAP%20S%2F4HANA%20FOUNDATION%202025&filter=&o=most_viewed%7Cdesc&st=l&rpp=20&page=1&pvnr=73555000100900007141&pt=g%7Cd) | 
| SAP Solution Manager | [7.2](https://userapps.support.sap.com/sap(bD1lbiZjPTAwMQ==)/support/pam/pam.html#pvnr=01200615320900006067&pt=g%7Cd&ts=0) | 
| SAP NetWeaver on JAVA | [750](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3D%26o%3Dmost_viewed%257Cdesc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900000414%26pt%3Dg%257Cd%26ainstnr%3D73554900104900001064%26fclfilter%3D) | 

### Applications supported with SAP ASE database



****  

| Applications | Versions | 
| --- | --- | 
| SAP NetWeaver on ABAP | [750](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3D%26o%3Dmost_viewed%257Cdesc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900000414%26pt%3Dg%257Cd%26ainstnr%3D73554900104900001064%26fclfilter%3D) and [752](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3Dfavorites%257CT%26o%3Dname%257Casc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900001597%26pt%3Dt%257CPLTFRM%26ainstnr%3D73554900104900003577%26fclfilter%3DG1%257CSAP%2520HANA%2520DATABASE%253BG2%257CLINUX%2520ON%2520X86_64) | 
| SAP NetWeaver on JAVA | [750](https://userapps.support.sap.com/sap/support/pam?hash=s%3D%26filter%3D%26o%3Dmost_viewed%257Cdesc%26st%3Dl%26rpp%3D20%26page%3D1%26pvnr%3D73554900100900000414%26pt%3Dg%257Cd%26ainstnr%3D73554900104900001064%26fclfilter%3D) | 
| SAP Solution Manager | [7.2](https://userapps.support.sap.com/sap(bD1lbiZjPTAwMQ==)/support/pam/pam.html#pvnr=01200615320900006067&pt=g%7Cd&ts=0) | 

### Supported versions of SAP Web Dispatcher


Launch Wizard for SAP supports SAP Web Dispatcher version 7.93. SAP Web Dispatcher is downward compatible however as the newest version can be used with all older backend systems. For more information, see [SAP Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation.

# How Amazon Launch Wizard for SAP works
How it works

Amazon Launch Wizard provisions and configures the infrastructure required to run SAP HANA database and SAP NetWeaver based SAP applications on SAP HANA or SAP ASE database on Amazon. You select the SAP deployment pattern and provide the specifications, such as operating system, instance size, and vCPU/memory. Or, Launch Wizard can make these selections for you according to [SAP Standard Application Benchmarks](https://www.sap.com/about/benchmark.html). You have the option to manually choose the instance. Based on your selections, Launch Wizard automatically provisions the necessary Amazon resources in the cloud. 

Launch Wizard recommends Amazon EC2 instances by evaluating the [SAP Standard Application Benchmarks](https://www.sap.com/about/benchmark.html) or vCPU/memory requirements against the performance of Amazon EC2 instances supported by Amazon. When new EC2 instances are released and certified for SAP, the sizing feature of Launch Wizard will take them into consideration when proposing recommendations.

Launch Wizard maintains a mapping rule engine built on the list of certified EC2 instances that are supported by SAP. When you enter your vCPU/memory or SAPS requirements, Launch Wizard recommends an Amazon EC2 instance that is certified for SAP workloads and offers performance that is no less than your input requirements. For certain workloads, such as SAP HANA in a production environment, Launch Wizard recommends instances based on the official SAP recommendations for SAP HANA database workloads. For workloads in a non-production environment, Launch Wizard recommends Amazon EC2 instances that meet SAP recommended requirements; however, the recommended instances are not enforced. You can change the instance types after deployment, or you can override the recommendation by making manual selections. 

In addition to launching instances based on the SAP system information that you provide, such as SAP System Number and SAP System Identifier (SAP SID), Launch Wizard performs the following operations:
+ Configures the operating system
+ Configures hostname
+ Attaches security groups so that the systems in the cluster that use the same configuration template, and also external systems, can communicate with the SAP systems that will be deployed on these instances.

Launch Wizard provides an estimated cost of deployment. You can modify your resources and instantly view an updated cost assessment. After you approve the deployment, Launch Wizard validates the inputs and flags inconsistencies. After you resolve the inconsistencies, Launch Wizard provisions and configures the resources. The result is a ready-to-use SAP application.

Launch Wizard creates a CloudFormation stack according to your infrastructure needs. For more information, see [Working With Stacks](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/stacks.html) in the *Amazon CloudFormation User Guide*.

Amazon Launch Wizard implements SAP deployments as follows.

**Topics**
+ [

## Storage for SAP systems
](#launch-wizard-sap-storage)
+ [

## Amazon Elastic File System setup for transport directory
](#launch-wizard-sap-efs)
+ [

## Amazon Elastic File System setup for SAP Central Services instances configured for high availability
](#launch-wizard-sap-efs-ha)
+ [

## Bring your own image (BYOI)
](#launch-wizard-sap-byoi)
+ [

## Specify private IP address
](#launch-wizard-sap-private-ip)
+ [

## Configuration settings
](#launch-wizard-sap-config)
+ [

## Custom deployment configuration scripts
](#launch-wizard-sap-how-it-works-scripts)
+ [

## Manual cleanup activities
](#launch-wizard-sap-manual-cleanup)
+ [

## Default Quotas
](#launch-wizard-sap-default-quotas)
+ [

## Amazon Regions and Endpoints
](#launch-wizard-sap-regions-endpoints)

## Storage for SAP systems


Storage capacity and performance are key aspects of any SAP system installation. Launch Wizard provides storage type options for the SAP NetWeaver application tier, SAP HANA database tiers, and SAP ASE database tiers.

Amazon Elastic Block Store (Amazon EBS) volumes are included in the architecture to provide durable, high-performance storage. Amazon EBS volumes are network-attached disk storage, which you can create and attach to EC2 instances. When attached, you can create a file system on top of these volumes, run a database, or use them in any way that you would use a block device. Amazon EBS volumes are placed in a specific Availability Zone, where they are automatically replicated to protect you from the failure of a single component.

[General Purpose EBS Volumes](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ebs-volume-types.html#EBSVolumeTypes_gp2) offer storage for a broad range of workloads. These volumes deliver single-digit millisecond latencies and the ability to burst to 3,000 IOPS for extended periods of time. Between a minimum of 100 IOPS (at 33.33 GiB and below) and a maximum of 16,000 IOPS (at 5,334 GiB and above), baseline performance scales linearly at 3 IOPS per GiB of volume size. 

[Provisioned IOPS Amazon EBS volumes](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/EBSVolumeTypes.html#EBSVolumeTypes_piops) offer storage with consistent and low-latency performance. They are backed by solid state drives (SSDs) and designed for applications with I/O intensive workloads, such as databases. Amazon EBS-optimized instances, such as the R4 instance type, deliver dedicated throughput between Amazon EC2 and Amazon EBS.

By default, Launch Wizard deploys Amazon EBS volumes for the SAP HANA database that meet the storage KPIs for SAP as listed in [Storage Configuration for SAP HANA](https://docs.amazonaws.cn/sap/latest/sap-hana/hana-ops-storage-config.html).

For NetWeaver database stacks, you can choose between a `gp2`, `gp3`, `io1`, or `io2` volume for the `usr/sap/SAPSID` and `/sapmnt` (for non-HA deployment architectures) file systems, whereas other configurations are deployed with `gp3` volumes. The `gp3` volumes are used by default.

Launch Wizard also supports the use of Amazon FSx for NetApp ONTAP for SAP HANA databases. FSx for ONTAP file systems can be used for `data`, `log`, and `shared` (`hana-shared` and `usr-sap`) file systems. For more information, see [SAP HANA on Amazon with Amazon FSx for NetApp ONTAP](https://docs.amazonaws.cn/sap/latest/sap-hana/sap-hana-amazon-fsx.html).

In an SAP landscape, development occurs in the development system and is then imported into the QA and follow-on systems. For this import to occur successfully, a shared file system is required for SAP systems in the landscape. Amazon EFS is used to create the SAP Transport file system that is shared between multiple SAP systems in the landscape. 

## Amazon Elastic File System setup for transport directory


The SAP transport directory is a shared file system between SAP systems (for example, Development, Quality, and Production) that are part of the same SAP Transport Domain for releasing and importing SAP transports. To avoid a single point of failure, Launch Wizard creates a file system with Amazon Elastic File System or reuses existing file systems. It mounts the file systems on the SAP systems that you select based on the role of the system. The transport file system is mounted on all of the applications servers included in the deployment.

When systems within the same SAP Transport Domain are created in one VPC and need to be attached to SAP systems in other VPCs (for example, if Development and Quality are deployed in a VPC tagged as Non\$1Prod, and Production is deployed in a VPC tagged as Prod), a prerequisite for using VPC Peering/Transit Gateway is that you must enable the VPCs to be able to communicate. This allows Launch Wizard to attach the transport directory created in one VPC to instance(s) in other VPCs using a mount target in the same Availability Zone or other Availability Zones, as applicable. If the VPCs are not permitted to communicate, then the deployment will fail when it attempts to mount the transport file system created in one VPC to systems in another VPC.

**Note**  
When a transport files system is created with Amazon Elastic File System, Launch Wizard considers it a shared resource and will not delete it when you delete the deployment or if the deployment is rolled back.

## Amazon Elastic File System setup for SAP Central Services instances configured for high availability


The SAP Central Services instances that make up a NetWeaver high availability deployment, ABAP Central Server (ASCS) and Enqueue Replication Server (ERS) instances, must contain the following file systems to be highly available: `/sapmnt`, `/usr/sap/<SAPSID>/ASCS<XX>`, and `/usr/sap/<SAPSID>/ERS<XX>`. These file systems are built with Amazon EFS to avoid a single point of failure for the SAP system. Launch Wizard creates these file systems for the NetWeaver high availability pattern using a single Amazon Elastic File System. 

The following table contains information about how a single Amazon EFS is configured and mounted on an ASCS, ERS, Primary Application Server (PAS), and Additional Application Server (AAS). 


| EFS ID | EFS DNS name | Instance mounted on | File System name | Server mounted on | 
| --- | --- | --- | --- | --- | 
| fs-123A456B | fs-123A456B.efs.<Amazon Region>.amazonaws.com | fs-123A456B.efs.<Amazon Region>.amazonaws.com:/SAPMNT-<SAPSID> | /sapmnt | SAP ASCS, ERS, Primary and Additional Application servers | 
| fs-123A456B | fs-123A456B.efs.<Amazon Region>.amazonaws.com | fs-123A456B.efs.<Amazon Region>.amazonaws.com:/ASCS-<SAPSID> |  `/usr/sap/<SAPSID>/` `ASCS<XX>`  | SAP ASCS Server | 
| fs-123A456B | fs-123A456B.efs.<Amazon Region>.amazonaws.com | fs-123A456B.efs.<Amazon Region>.amazonaws.com:/ERS-<SAPSID> |  `/usr/sap/<SAPSID>/` `ERS<XX>`  | SAP ERS Server | 

## Bring your own image (BYOI)


You can bring your own images to deploy and configure EC2 instances for SAP with Amazon Launch Wizard. During launch, in order to continue with a deployment, Launch Wizard verifies whether the operating system version selected on the front end matches the operating system version of the instance. If the versions do not match, the deployment fails with an error. 

**Note**  
If your own image has a volume size less than `50GB`, Launch Wizard automatically creates a root volume with `50GB`. If the image has a volume size bigger than `50GB`, then Launch Wizard creates the root volume with that size.

When building your own image, consider the following:
+ Launch Wizard configures the operating systems with OS-level parameters and utilities required by SAP
+ Refer to SAP installation documents to ensure that operating system prerequisites are in place so that Launch Wizard deployments do not fail.
+ Launch Wizard accesses standard repositories provided by OS vendors. Do not block access to them. 
+ Deployments by Launch Wizard use OS utilities and programs, such as zipper, yum, grep, printf, awk, sed, autofs, python, saptune, and tuned-profiles in the deployment script to configure SAP application and database servers. We recommend that you do not delete standard utilities. 

## Specify private IP address


You can specify available IP addresses that are already approved by your internal security and governance for each Amazon EC2 instance in your SAP deployment. The SAP environment is accessible as soon as the deployment is successful.

Launch Wizard, by default, auto-selects available IP addresses when a custom IP address is not provided.

When specifying a custom IP address, verify that it is within the range of the subnet of the instance that you are deploying.

## Configuration settings


The following configuration settings are applied when deploying an SAP application with Launch Wizard.


| Setting | Applies to | 
| --- | --- | 
| SSM Agent |  All SAP systems and patterns  | 
| EBS volumes for SAP application tier |  All SAP systems and patterns  | 
| EBS volumes for SAP HANA database, log and backup file systems |  All SAP systems and patterns  | 
| EBS volumes for SAP ASE database, log and backup file systems |  All SAP systems and patterns  | 
| EFS volumes for /hana/shared and /backup |  | 
| EFS volumes for SAP transport file systems | All SAP systems and patterns | 
| EFS volumes for SAP central services: sapmnt, /usr/sap/<SID>/ASCS<XX>, and /usr/sap/<SID>/ERS<XX | ASCS and ERS systems | 
|  OS parameters required based on the operating system chosen for database  |  All SAP systems and patterns  | 
| Security groups created and assigned for accessing the SAP system |  All SAP systems and patterns  | 
|  SSM Session Manager to remotely access the server for administrator activities  |  All SAP systems and patterns  | 
|  Time zone settings at the OS level  |  All SAP systems and patterns  | 

## Custom deployment configuration scripts


You can use custom shell scripts during the pre-deployment and post-deployment configuration phases. You provide the scripts stored on Amazon S3 or locally. During provisioning, Launch Wizard installs the EC2 TOE application. When there are custom scripts to run, Launch Wizard creates an EC2 TOE document that downloads the scripts from the location specified and then runs the scripts. The success of the custom scripts is a customer responsibility. Check the CloudWatch log streams for detailed execution logs or failure information after the scripts are deployed.

The number of configuration scripts you can use depends on the deployment model. For SAP HANA deployments, you can use one script, which runs on all of the HANA instances (both primary and worker nodes). For NetWeaver stack on SAP HANA database, the following script limits apply:
+ *NetWeaver stack on SAP HANA or SAP ASE single-instance deployment *— Because all tiers are installed on the same database instance, you can use only one script.
+ *NetWeaver stack on SAP HANA distributed-instance deployment* — You can use one script per each instance tier selected, including for ASCS/SCS Server and Primary Application Server (PAS), Database (DB) Server, and Additional App Servers (AAS).
+ *NetWeaver stack on SAP HANA high availability deployment* — You can use one script per each instance tier selected, including for Primary Application Server (PAS), ABAP System Central Services (ASCS) Server, Database (DB) Server, Additional App Servers (AAS), and Enqueue Replication Server (ERS).

**Pre-deployment configuration scripts**  
Pre-deployment configuration scripts run after the instances are launched and the baseline Launch Wizard configuration tasks, such as deploying Amazon CloudWatch, Amazon EC2 Systems Manager agents, and the Amazon CLI, are complete. If you want to run multiple pre-deployment configuration scripts, Launch Wizard runs them in parallel on each EC2 instance in the order in which they are specified. Pre-deployment configuration scripts can be used to perform tasks such as OS hardening or deploying security and logging software. The maximum runtime for all pre-deployment configuration scripts on a single EC2 instance is 45 minutes.

**Post-deployment configuration scripts**  
Post-deployment configuration scripts run when Launch Wizard completes configuration tasks specific to the application on all of the instances in a deployment. Before the provisioning process completes, post-configuration scripts run on all of the specified instance tiers. Launch Wizard uses SSM and Amazon Lambda to trigger running post-deployment scripts on all selected SAP instances in the order in which they are specified. They can be used to perform tasks such as installing monitoring and management software, and for updating your DNS with entries for the newly deployed SAP servers and the domains joining them. The maximum runtime for all post-deployment configuration scripts on a single instance is 2 hours.

## Manual cleanup activities


If you choose to delete a deployment, or a deployment fails during the deployment phase and rolls back, Launch Wizard deletes the Amazon EC2 and Amazon EBS volumes that it launches as part of the deployment. It also removes the EC2 TOE application. The following resources are considered shared resources and are created without the deletion flag.
+ The Amazon Elastic File System file system that is created for the SAP transport files system `/usr/sap/trans`.
+ The Amazon Elastic File System that is created for storing SAP software and media.
+ The security groups that you create.

These resources must be manually verified to ensure that they are not being used by other systems in the landscape. They must then be manually deleted from either the Amazon Elastic File System or Amazon EC2 consoles, or by using APIs. 

## Default Quotas


To view the default quotas for Amazon Launch Wizard, see [Amazon Launch Wizard Endpoints and Quotas](https://docs.amazonaws.cn/general/latest/gr/launchwizard.html).

## Amazon Regions and Endpoints


To view the service endpoints for Amazon Launch Wizard, see [Amazon Launch Wizard Endpoints and Quotas](https://docs.amazonaws.cn/general/latest/gr/launchwizard.html).

# Get started with Amazon Launch Wizard for SAP
Get startedAmazon Launch Wizard APIs are available

Amazon Launch Wizard APIs are now available for creating SAP deployments. You can also list details about existing deployments using new Launch Wizard API operations. For more information, see [Deploying an SAP application (Amazon CLI)](https://docs.amazonaws.cn/launchwizard/latest/userguide/launch-wizard-sap-deploying-cli.html).Amazon Launch Wizard for SAP support for no rollback on failure

When you select "No rollback on failure" for your Amazon Launch Wizard deployments, if a deployment fails, Launch Wizard does not delete the Amazon resources that were created for the deployment.

 This topic contains information to help you set up your environment and deploy Amazon resources with Launch Wizard, such as:
+ How to create an IAM policy and attach it to your IAM user identity
+ Configuration settings to apply to your environment
+ How to deploy an SAP application from the Amazon Web Services Management Console



**Topics**
+ [

# Set up for Amazon Launch Wizard for SAP
](launch-wizard-sap-setting-up.md)
+ [

# Deploy an SAP application with Amazon Launch Wizard
](launch-wizard-sap-deploying.md)
+ [

# Monitor Launch Wizard for SAP deployments
](launch-wizard-sap-monitoring.md)
+ [

# Deploying SAP Web Dispatcher
](launch-wizard-sap-deploy-web-dispatcher.md)
+ [

# Amazon Launch Wizard for SAP tutorials
](launch-wizard-sap-tutorials.md)

# Set up for Amazon Launch Wizard for SAP
Set Up

This section describes the prerequisites that you must verify to deploy an SAP application with Amazon Launch Wizard. 

**Topics**
+ [General](#launch-wizard-sap-prerequisites)
+ [IAM](#launch-wizard-sap-iam)

## General prerequisites
General

The following general prerequisites must be met to deploy an application with Launch Wizard.
+ You must create a VPC that consists of private subnet(s) in a minimum of two Availability Zones. The subnets must have outbound internet access. For more information on how to create and set up a VPC, see [Getting Started with Amazon VPC](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-getting-started.html) in the *Amazon VPC User Guide*.
+ You must create a user or role and attach the **AmazonLaunchWizardFullAccessV2** policy. See the [following sections](#launch-wizard-sap-iam) for the steps to attach the policy to the user or role.
+ When using Amazon Backup to back up databases on Amazon EC2 instances,

  1. You must set up the required permissions in the role `AmazonEC2RoleForLaunchWizard` for Amazon EC2 to backup and restore SAP HANA database when setting up Amazon Systems Manager for SAP with fully-managed backup for SAP HANA with Amazon Backup.

     [The policies](https://docs.amazonaws.cn/aws-backup/latest/devguide/security-iam-awsmanpol.html#aws-managed-policies) (that need to be attached to the role `AmazonEC2RoleForLaunchWizard`) containing these required permissions are:
     + `AWSBackupDataTransferAccess`
     + `AWSBackupRestoreAccessForSAPHANA`
     + `AWSBackupServiceRolePolicyForBackup`

     For more information, see [Set up required permissions for Amazon EC2 instance for backup and restore of SAP HANA database ](https://docs.amazonaws.cn/ssm-sap/latest/userguide/get-started.html#backup-permissions).

  1. If you intend to assign one or more backup plans through LaunchWizard, ensure your account has the role [https://docs.amazonaws.cn/aws-backup/latest/devguide/iam-service-roles.html#creating-default-service-role-console](https://docs.amazonaws.cn/aws-backup/latest/devguide/iam-service-roles.html#creating-default-service-role-console) to ensure the HANA database is successfully assigned to the chosen backup plan and that the resulting managed backups are successful. This role is not required if you do not choose a backup plan though the LaunchWizard workflow.
+ To run custom pre- and post-configuration deployment scripts, you must add the permissions listed in [Add permissions to run custom pre- and post-deployment configuration scripts](#launch-wizard-sap-iam-scripts) to the `AmazonEC2RoleForLaunchWizard` role. 
+ If you want to install SAP software, you must download the software from the SAP Software Download page and upload it to an Amazon S3 bucket. For steps on how to download the software and upload it to an Amazon S3 bucket, see [Make SAP HANA software available for Amazon Launch Wizard to deploy a HANA database](launch-wizard-sap-structure.md).
+ Depending on the operating system version you want to use for the SAP deployment, an SAP Marketplace subscription may be required. For a complete list of supported operating system versions, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).

## Amazon Identity and Access Management (IAM)
IAM

Establishing the Amazon Identity and Access Management (IAM) role and setting up users with the required permissions is typically performed by **an IAM administrator** for your organization. The steps are as follows: 
+ A one-time creation of IAM roles that Launch Wizard uses to deploy SAP systems on Amazon.
+ The creation of users or roles who can grant permission for Launch Wizard to deploy applications.

**Topics**
+ [

### Sign up for an Amazon Web Services account
](#sign-up-for-aws)
+ [

### Secure IAM users
](#secure-an-admin)
+ [

### One-time creation of IAM role
](#launch-wizard-sap-iam-role)
+ [

### Enable users to use Launch Wizard
](#launch-wizard-user-setup)
+ [

### Add permissions to use Amazon KMS keys
](#launch-wizard-sap-iam-encryption)
+ [

### Add permissions to run custom pre- and post-deployment configuration scripts
](#launch-wizard-sap-iam-scripts)
+ [

### Add permissions to save deployment artifacts to Amazon S3
](#launch-wizard-sap-iam-s3-artifacts)

### Sign up for an Amazon Web Services account


If you do not have an Amazon Web Services account, use the following procedure to create one.

**To sign up for Amazon Web Services**

1. Open [http://www.amazonaws.cn/](http://www.amazonaws.cn/) and choose **Sign Up**.

1. Follow the on-screen instructions.

Amazon sends you a confirmation email after the sign-up process is complete. At any time, you can view your current account activity and manage your account by going to [http://www.amazonaws.cn/](http://www.amazonaws.cn/) and choosing **My Account**.

### Secure IAM users


After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see [Enable a virtual MFA device for an IAM user (console)](https://docs.amazonaws.cn/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-iam-user) in the *IAM User Guide*.

To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.

For more information about creating and securing IAM users, see the following topics in the *IAM User Guide*: 
+ [Creating an IAM user in your Amazon Web Services account](https://docs.amazonaws.cn//IAM/latest/UserGuide/id_users_create.html)
+ [Access management for Amazon resources](https://docs.amazonaws.cn/IAM/latest/UserGuide/access.html)
+ [Example IAM identity-based policies](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_policies_examples.html)

### One-time creation of IAM role


On the **Choose Application** page of Launch Wizard, under **Permissions**, Launch Wizard displays the IAM role required for the Amazon EC2 instances created by Launch Wizard to access other Amazon services on your behalf. When you select **Next**, Launch Wizard attempts to discover the IAM role in your account. If the role exists in your account, it is attached to the instance profile for the Amazon EC2 instances that Launch Wizard launches from your account. If the role does not exist, Launch Wizard attempts to create the role with the same name, `AmazonEC2RoleForLaunchWizard`.

The `AmazonEC2RoleForLaunchWizard` role is comprised of two IAM managed policies: `AmazonSSMManagedInstanceCore` and `AmazonEC2RolePolicyForLaunchWizard`. The `AmazonEC2RoleForLaunchWizard` role is used by the instance profile for the Amazon EC2 instances that Launch Wizard launches into your account as part of the deployment. 

If you want to deploy Amazon Backint Agent as a backup and restore solution for your application, you must attach a policy to the `AmazonEC2RoleForLaunchWizard` so that Launch Wizard can perform Backint Agent operations on your behalf. The required policy and instructions can be found in [ Step 2 of the Backint Agent IAM documentation](https://docs.amazonaws.cn/sap/latest/sap-hana/aws-backint-agent-prerequisites.html#aws-backint-agent-iam). During a deployment, Launch Wizard provides the policy as well as the steps to update the role, taking user specifications into account. 

After the IAM roles are created, the IAM administrator can either continue with the deployment process or optionally delegate the application deployment process to another user, as described in the following section. At this point in the IAM set up process, the IAM administrator can exit the Launch Wizard service. 

### Enable users to use Launch Wizard


To deploy an SAP system with Launch Wizard, your user must have the permissions provided by the **AmazonLaunchWizardFullAccessV2** policy. The following guidance is provided for IAM administrators to provide permissions for users to access and deploy applications from Launch Wizard using the **AmazonLaunchWizardFullAccessV2** policy.

To provide access, add permissions to your users, groups, or roles:
+ Users managed in IAM through an identity provider:

  Create a role for identity federation. Follow the instructions in [Create a role for a third-party identity provider (federation)](https://docs.amazonaws.cn//IAM/latest/UserGuide/id_roles_create_for-idp.html) in the *IAM User Guide*.
+ IAM users:
  + Create a role that your user can assume. Follow the instructions in [Create a role for an IAM user](https://docs.amazonaws.cn//IAM/latest/UserGuide/id_roles_create_for-user.html) in the *IAM User Guide*.
  + (Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in [Adding permissions to a user (console)](https://docs.amazonaws.cn//IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the *IAM User Guide*.

**Important**  
You must log in with the user or assume the role associated with this IAM policy when you use Launch Wizard.

### Add permissions to use Amazon KMS keys


Amazon Launch Wizard uses Amazon default encryption keys to encrypt Amazon EBS volumes. In addition, Launch Wizard supports the use of KMS keys created and maintained in Amazon KMS. You can choose to either create new keys or use preexisting keys to encrypt your EBS volumes. You must add permissions to the KMS key policy for your key so that Launch Wizard can use your KMS key for encryption.

**How to add permissions to your KMS key policy so that Launch Wizard can use your key for encryption**

1. Sign in to the Amazon Web Services Management Console and open the Amazon Key Management Service (Amazon KMS) console at [https://console.amazonaws.cn/kms](https://console.amazonaws.cn/kms).

1. To change the Amazon Web Services Region, use the Region selector in the upper-right corner of the page.

1. Choose **Customer managed keys** in the left navigation pane.

1. Select the alias of the KMS key that you want to use to encrypt your EBS volumes.

1. Under **Key users**, choose **Add**.

1. Select the check box next to `AmazonEC2RoleForLaunchWizard` and the role your users assume with Launch Wizard full access permissions.

1. Choose **Add**. Verify that `AmazonEC2RoleForLaunchWizard` and the user or role with Launch Wizard full access permissions appear in the **Key users** list.

### Add permissions to run custom pre- and post-deployment configuration scripts


To run custom pre- and post-configuration deployment scripts, you must add the following permissions to the `AmazonEC2RoleForLaunchWizard` role. The following steps guide you through the process of adding the required permissions for using custom scripts to the `AmazonEC2RoleForLaunchWizard` role.

1. Sign in to the Amazon Web Services Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.amazonaws.cn//iam).

1. In the navigation pane, choose Policies, Create policy.

1. On the **Create policy** page, choose **JSON**, then copy and paste the following policy into the **JSON** tab. Enter the S3 paths where your scripts are stored.

------
#### [ JSON ]

****  

   ```
   {
       "Version":"2012-10-17",		 	 	 
       "Statement": [
           {
               "Sid": "VisualEditor0",
               "Effect": "Allow",
               "Action": [
                   "s3:GetObject",
                   "s3:GetBucketLocation"
               ],
               "Resource": [
                   "arn:aws-cn:s3:::<S3bucket1>/<S3prefix1>/<script1>",
                   "arn:aws-cn:s3:::<S3bucket2>/<S3prefix2>/<script2>",
                   "arn:aws-cn:s3:::<S3bucket1>",
                   "arn:aws-cn:s3:::<S3bucket2>"
               ]
           }
       ]
   }
   ```

------

1. Choose **Next: Tags** and create any tags you require.

1. Choose **Next: Review** and enter a **Name** for the policy.

1. Choose **Create Policy**.

1. Verify that the correct policy is listed, and then choose **Policy actions**.

1. Choose **Attach**.

1. Search for the policy named **AmazonEC2RoleForLaunchWizard** and select the check box to the left of the policy name.

1. Choose **Attach policy**.

If the pre- or post-deployment configuration deployment scripts are expected to run additional Amazon services, the permissions to use the services must also be manually added as policy to the `AmazonEC2RoleForLaunchWizard`.

### Add permissions to save deployment artifacts to Amazon S3


To create Amazon Service Catalog products from successful deployments, which include Amazon CloudFormation templates and application configuration scripts, you must provide access to an Amazon S3 location to save the generated artifacts. 

The following steps guide you through adding the required permissions for saving deployment artifacts to Amazon S3. These permissions are required in addition the ones provided by the `AmazonLaunchWizardFullAccessV2` role. If the S3 bucket that you want to use to save deployment artifacts does not contain the prefix `launchwizard` in its name, you must perform the following steps to attach the required policy to the IAM role that will be used for performing the deployments.

1. Sign in to the Amazon Web Services Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.amazonaws.cn//iam).

1. In the navigation pane, choose Policies, Create policy.

1. On the **Create policy** page, choose **JSON**, then copy and paste the following policy into the **JSON** tab. Enter the S3 path where you want to store your artifacts in the policy.

------
#### [ JSON ]

****  

   ```
   {
       "Version":"2012-10-17",		 	 	 
       "Statement": [
         
         {
             "Sid": "SaveLaunchWizardDeploymentArtifacts",
             "Effect": "Allow",
             "Action": [
               "s3:PutObject"
             ],
             "Resource": [
                 "arn:aws-cn:s3:::${bucketName}/${bucketFolder}*"
             ]
         }
       ]
     }
   ```

------

1. Choose **Next: Tags** and create any tags you require.

1. Choose **Next: Review** and enter a **Name** for the policy.

1. Choose **Create Policy**.

1. Verify that the correct policy is listed, and then choose **Policy actions**.

1. Choose **Attach**.

1. Search for the role your users assume with Launch Wizard full access permissions and select the check box to the left of the policy name. 

1. Choose **Attach policy**.

# Deploy an SAP application with Amazon Launch Wizard
Deploy an application with Launch Wizard

This section contains steps for deploying an SAP application with Launch Wizard. It includes steps for various deployment paths for NetWeaver stack on SAP HANA database and SAP HANA database.

**Topics**
+ [

# Deploying an SAP application (Console)
](launch-wizard-sap-deploying-console.md)
+ [

# Deploying an SAP application (Amazon CLI)
](launch-wizard-sap-deploying-cli.md)

# Deploying an SAP application (Console)


You can deploy an SAP application using the Amazon Launch Wizard console.

**Topics**
+ [

## Access Amazon Launch Wizard
](#accessing-launch-wizard-sap)
+ [

## Deploy an SAP application with Amazon Launch Wizard
](#deploy-console-launch-wizard-sap)
+ [

## Clone deployment
](#clone-deployment-sap)

## Access Amazon Launch Wizard


You can launch Amazon Launch Wizard from the Amazon Launch Wizard console located at [https://console.aws.amazon.com/launchwizard](https://console.amazonaws.cn/launchwizard).

## Deploy an SAP application with Amazon Launch Wizard


The following steps guide you through deploying an SAP application with Amazon Launch Wizard after you have launched it from the console.

### Create a deployment


1. From the Amazon Launch Wizard landing page, choose **Create deployment**.

1. Choose **SAP**.

1. Under **Permissions**, Launch Wizard displays the Amazon Identity and Access Management (IAM) roles required for Launch Wizard to access other Amazon services on your behalf. For more information about these roles and setting up IAM for Launch Wizard, see [Identity and Access Management for Amazon Launch Wizard](launch-wizard-security.md#identity-access-management). Choose **Next**.

### Define infrastructure


On the **Define infrastructure** page, define your deployment name and infrastructure settings.

1. Under the **General** subheading, define the following:
   + **Deployment name**. Enter a unique application name for your deployment.
   + **Description (Optional)**. Provide an optional description of your deployment.
   + **Enable rollback on failed deployment**. By default, if a deployment fails, your provisioned resources will not be rolled back/deleted. This default configuration helps you to troubleshoot errors at the resource level as you debug deployment issues. If you want your provisioned resources to be immediately deleted if a deployment fails, select the check box.
   + **Create an Amazon Service Catalog product**. Select the check box to package and export Amazon CloudFormation templates and associated application configuration scripts to Amazon S3 and create an Amazon Service Catalog product. You use these scripts to deploy and configure Amazon infrastructure resources for SAP applications. If you select this option, the templates and scripts are saved to the specified Amazon S3 path. You can use the saved Amazon CloudFormation templates and Amazon Service Catalog products for repeated deployments of the SAP applications using CloudFormation, Amazon Service Catalog, and third-party applications integrated with Amazon Service Catalog.
   + **Tags (Optional)**. Enter a key and value to assign metadata to your deployment. For help with tagging, see [Tagging Your Amazon EC2 Resources](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/Using_Tags.html).

1. Under the **Infrastructure – SAP landscape** subheading, configure the following infrastructure settings for your SAP landscape.

------
#### [ Configuration options ]
   + Under **Configuration type**, choose whether to **Create new configuration** or **Apply saved configuration**. 
   +  Enter the following information: 
     + **Configuration name**. Enter a name or short description to identify your configuration. You can save this configuration for future use.
     + **Deployment environment**. (**Create new configuration**, only) Choose whether to deploy into a **Production** or **Non-Production** environment.

------
#### [ Configuration details ]

   If you choose to create a new configuration, enter the following information. 
   + **Key pair name**. Choose an existing key pair from the dropdown list or select the link to create one. If you select **Create new key pair name**, you are directed to the Amazon EC2 console. From the Amazon EC2 console, under **Network and Security**, choose **Key Pairs**. Choose **Create a new key pair**, enter a name for the key pair, and then choose **Download Key Pair**.
**Important**  
This is the only time that you can save the private key file, so download and save it in a safe place. You must specify the name of your key pair when you launch an instance, and provide the corresponding private key each time that you connect to the instance.

     Return to the Launch Wizard console, and choose the refresh button next to the **Key Pair name** dropdown list. The new key pair appears in the dropdown list. For more information about key pairs, see [Amazon EC2 Key Pairs](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-key-pairs.html).
   + **Virtual Private Cloud**. Choose a VPC from the dropdown list or select the **Create VPC** link. If you select **Create VPC**, you are redirected to the VPC console to create a VPC.
   + **Availability Zone and private subnets**. You can deploy into one or two Availability Zones with up to two private subnets per Availability Zone. Different requirements are needed for different systems in the landscape. You must select two Availability Zones with a required primary and optional secondary subnet for each Availability Zone. These selections are used for each deployment according to the deployment model that you selected. 

     From the dropdown lists, choose the **Availability Zones ** within which you want to deploy your SAP systems and choose the private subnets. The private subnets must have outbound connectivity to the internet and to other Amazon services, such as Amazon S3, Amazon CloudFormation, and CloudWatch Logs. They must also be able to access the Linux repositories required for instance configuration. 

     For high availability deployments, the following subnets must share a common route table: 
     +  subnet 1 in Availability Zone 1 and subnet 1 in Availability Zone 2
     + subnet 2 in Availability Zone 1 and subnet 2 in Availability Zone 2

**To create a private subnet**
     + If a subnet doesn't have a route to an internet gateway, the subnet is known as a private subnet. Use the following procedure to create a private subnet. We recommend that you enable the outbound connectivity for each of your selected private subnets using a NAT gateway. To enable outbound connectivity from private subnets with public subnets, [create a NAT Gateway](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in your chosen public subnet. Then, follow the steps in [Updating Your Route Table](https://docs.amazonaws.cn/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-create-route) for each of your private subnets.
       + Follow the steps in [Creating a Subnet](https://docs.amazonaws.cn/vpc/latest/userguide/working-with-vpcs.html#AddaSubnet) in the Amazon VPC User Guide using the existing VPC that you will use in Launch Wizard.
       + When you create a VPC, it includes a main route table by default. On the **Route Tables** page in the Amazon VPC console, you can view the main route table for a VPC by looking for **Yes** in the **Main** column. The main route table controls the routing for all subnets that are not explicitly associated with any other route table. If the main route table for your VPC has an outbound route to an internet gateway, then any subnet created using the previous step, by default, becomes a public subnet. To ensure the subnets are private, you may need to create separate route tables for your private subnets. These route tables must not contain any routes to an internet gateway. Alternatively, you can create a custom route table for your public subnet and remove the internet gateway entry from the main route table.
   + **Verify Connectivity**. Select the check box to verify that your private subnets have outbound internet connectivity.
   + **Security groups**. You can choose already existing security groups or Launch Wizard can create security groups that will be assigned to the EC2 instances that Launch Wizard deploys. If you choose already existing security groups, you must ensure that all of the necessary ports required to access the SAP and SAP HANA databases are open. If you choose to allow Launch Wizard to create the security groups, the security groups are created to enable the components of the cluster to communicate. Systems that are deployed with the same configuration settings can also communicate. 

     If you choose an existing security group, Launch Wizard displays the security groups that will be assigned to the EC2 instances that Launch Wizard deploys. This enables the components to communicate and systems that are deployed with the same configuration settings to communicate.
   + **Connectivity to external systems or users**. If you allowed Launch Wizard to create the security groups, then choose the **Connection type** and **Value** of the IP address or security groups required to access the SAP systems. These values can be a network segment from which the end users access the SAP systems, or downstream/upstream systems assigned a different security group in Amazon or on premises.
   + **Proxy setting**. During the launch process, the deployed Amazon EC2 instances require outbound internet access in order to:
     + Access the operating system (SUSE/RHEL) repositories.
     + Access Amazon services, such as Amazon S3, CloudWatch and Systems Manager.

     An [internet gateway](https://docs.amazonaws.cn/vpc/latest/userguide/VPC_Internet_Gateway.html) is typically configured for outbound internet access. If you want to route internet traffic through a proxy server, enter the proxy server details. When proxy server information is provided, Launch Wizard will make the necessary environment changes to the EC2 instances during launch so that outbound internet traffic is routed through the proxy server. 
     + **PROXY**. Enter the proxy server name and port, for example `http://10.0.0.140:3128` or `https://10.0.0.140.3128`.
     + **NO\$1PROXY**. When a proxy server is used for outbound communication, the `NO_PROXY` environment variable is used to route traffic without using the proxy for the following types of traffic:
       + local communication
       + traffic to other instances within the VPC
       + traffic to other Amazon services for which VPC endpoints are created

       Enter a list of comma-separated values to denote hostnames, domain names, or a combination of both.

     We recommend that you add all Amazon service endpoints (if defined) to the `NO_PROXY` environment variable so that a private connection between the VPC and the service endpoint can be established in the Amazon VPN. For more information on Amazon service endpoints, see [Amazon service endpoints](https://docs.amazonaws.cn/general/latest/gr/rande.html). 

     `NO_PROXY` is an optional parameter. If no value is entered, the following default URLs are added to the environment. Values entered for `NO_PROXY` at a later time are added to this list.

     ```
     NO_PROXY="localhost,127.0.0.1,169.254.169.254,.internal,{VPC_CIDR_RANGE}"
     ```

**Default `NO_PROXY` URL details**
     + **localhost**—loopback hostname
     + **127.0.0.1**—loopback adapter IP
     + **169.254.169.254**—EC2 metadata link-local address
     + **.internal**—default DNS for the VPC
     + **\$1VPC\$1CIDR\$1RANGE\$1**—CIDR block of the VPC, for example, 10.0.0.0/24
   + **Time zone**. Choose the time zone settings to configure the timezone on the instances from the dropdown list.
   + **EBS encryption**. From the dropdown list, choose whether or not to enable EBS encryption for all of the EBS volumes that are created for the SAP systems. For more information, see [Amazon EBS Encryption](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/EBSEncryption.html).
   + **Domain name (DNS) settings (Optional)**. Select **Domain Name** or **Route 53** from the **DNS type** dropdown list. 
     + If you select **Domain Name**, you have the option to enter a domain name to maintain a Fully Qualified Domain Name (FQDN) in the `/etc/hosts` file for each instance that is launched and configured by Launch Wizard.
     + If you select **Route 53**, select a Route 53 hosted zone from the dropdown list. Launch Wizard will create a DNS entry for each EC2 instance launched.
**Note**  
Before you use a Route 53 hosted zone, verify that the hosted zone is [integrated with the VPC](https://docs.amazonaws.cn/Route53/latest/DeveloperGuide/hosted-zones-private.html), and that the [VPC DHCP options](https://docs.amazonaws.cn/vpc/latest/userguide/VPC_DHCP_Options.html) are correctly set up.
   + **SAP landscape settings**. Enter the system settings for your SAP landscape.
     + **SAP System Admin User ID**. Enter the user ID for the SAP system administrator.
     + **SAP System Admin Group ID**. Enter the group ID for SAPSYS. We recommend that you replicate this number across all of your SAP systems because SAPSYS GID must be the same between systems that are part of the transport domain.
     + **SAPINST Group ID**. Enter the group ID for the SAPINST.
   + **Simple Notification Service (SNS) topic ARN (Optional)**. Specify an SNS topic where Launch Wizard can send notifications and alerts. For more information, see the [Amazon Simple Notification Service Developer Guide](https://docs.amazonaws.cn/sns/latest/dg/welcome.html). You can also choose **Create SNS topic** and then create one in the Amazon SNS console. After you create an SNS topic, you can enter it in the Launch Wizard SNS field.
   + After you specify the infrastructure settings, choose **Next**. 

------

### Application and deployment settings


The following steps show the deployment paths for **NetWeaver stack on SAP HANA database** and **SAP HANA database**. Please follow the deployment steps for your deployment path.

**Topics**
+ [

#### NetWeaver stack on SAP HANA database
](#netweaver-on-hana)
+ [

#### SAP HANA database
](#launch-wizard-hana)
+ [

#### NetWeaver stack on SAP ASE database
](#netweaver-on-ase)

#### NetWeaver stack on SAP HANA database


------
#### [ Application settings  ]

On the **Configure application settings** page, enter your NetWeaver stack on SAP HANA database application settings.

1. **Application type**. Select **NetWeaver stack on SAP HANA database**. This configuration includes:
   + NetWeaver stack for a single instance , distributed instance, or multi-AZ for high availability (HA) deployment.
   + EC2 instances for the NetWeaver application tier
   + EC2 instances for SAP HANA database and optional SAP HANA database install

1. **General settings – SAP system**. Enter the settings for your SAP system.
   + **SAP System ID (SAPSID)**. An identifier for your system. The ID must be a three character, alphanumeric string.
   + **EBS Volume Type for NetWeaver application stack instances**. Choose which volume type to use for the NW application file system `/usr/sap/SAPSID` from the dropdown list.
   + **Transport Domain Controller**. Specify whether the SAP system will be the domain controller for the SAP landscape. If not, select the transport file system of the domain controller to be mounted.
   + **SAP Web Dispatcher**. Specify whether to deploy SAP Web Dispatcher to load balance incoming web connections for your SAP application server instances.

1. **General Settings – SAP HANA**. Enter the settings for your SAP HANA installation.
   + **SAP HANA System ID.** Enter the identifier for your SAP HANA database. The ID must be a three character, alphanumeric string.
   + **SAP HANA Instance number.** Enter the instance number to be used for the SAP HANA installation and setup. The ID must be a two-digit number.
   + **EBS Volume Type for SAP HANA**. Select the EBS volume types to use for **SAP HANA Data**, **SAP HANA Logs**, and **SAP Others** from the dropdown lists.
**Note**  
gp3 volumes are not supported for HANA production databases running on Xen instances (X1, X1e, R4, and R3). When you deploy HANA databases with Xen instances after choosing **Production** as the **Deployment environment** under the **Configuration options**, gp2 volumes will be used to set up SAP HANA Data and Logs on the instances you selected for the HANA database.
   + Select *Make this selection to use Amazon FSx for NetApp ONTAP for all SAP HANA database file systems, except root, backup, and media file systems.*

     Your chosen Amazon EBS volume type is used for the application layer.

1. After you enter your application settings, choose **Next**. 

(Use the tab for **Single instance deployment**, **Distributed instance deployment**, or **High availability deployment**, depending on your configuration)

------
#### [ Single instance deployment ]

On the **Configure deployment model** page, enter the deployment details for a single instance deployment.

1. **Deployment details**. Launch Wizard supports single instance deployments, distributed instance deployments, and high availability deployments. Select **Single instance deployment**. 

1. **ASCS, PAS, and DB on one EC2 instance**. Enter the deployment settings for your instance.
   + **Instance details**.
     + Under **Instance sizing**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
     + **Operating System**. Select a supported operating system version for the ASCS instance. For a complete list of operating system versions supported for ASCS, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
     + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown. 
     + **Host name**. Enter the host name for the EC2 instance.
     + **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address**.
       + **Auto-assign (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
       + **Private IP address**. When you select this option, you can enter a single IP address. Verify that this IP address is within the subnet range of the instance you are launching. 
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
     + **SAP Web Dispatcher ID (SID)**. The SID to use for SAP Web Dispatcher. This value must be unique throughout your SAP system's landscape.
     + **SAP Web Dispatcher Admin User ID**. The user ID number for the SAP Web Dispatcher administrator user (sid-adm).
   + Under **Instance sizing**, choose whether to **Use Amazon recommended resources** or **Choose instance**.
     + **Use Amazon recommended resources**.
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections and the EBS volumes that will be created and attached to the launched instances. This is an estimate of Amazon costs to deploy additional resources and does not include any image costs, EC2 reservations, applicable taxes, or discounts.
   + Under **Amazon FSx for NetApp ONTAP storage**, enter your desired volume sizes for SAP HANA data, log, and other file systems. The displayed default values are based on your selection of the instance type.

1. 

**Pre- and post-deployment configuration scripts — optional**

   You can run pre- and post-deployment configuration scripts during application provisioning. For more information about how Launch Wizard accesses and deploys these scripts, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts). 

**Pre-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Pre-deployment configuration scripts must finish running in 45 minutes or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

**Post-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Post-deployment configuration scripts must finish running in 2 hours or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

1. After you have entered your deployment settings, choose **Next**.

(See the **SAP software installation settings** tab.)

------
#### [ Distributed instance deployment ]

On the **Configure SAP HANA deployment model** page, enter the deployment details for a distributed instance deployment.

1. **Deployment details**. Launch Wizard supports single instance deployments, distributed instance deployments, and high availability deployments. Select **Distributed instance deployment**. 

1. **ASCS/SCS Server and Primary Application Server (PAS)**. Enter the deployment settings for your instance.
   + **Instance details**. 
     + Under **Instance sizing**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the ASCS and PAS instances. For a complete list of operating system versions supported for ASCS, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown. 
     + **Host name**. Enter the host name for the EC2 instances.
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + Under **Instance sizing**, choose whether to Use **Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include any applicable taxes or discounts.

1. **Settings for Database (DB) Server**. Enter the deployment settings for your instance.
   + **Instance details**. 
     + Under **Instance sizing**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the ASCS and PAS instances. For a complete list of operating system versions supported for ASCS, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown. 
     + **Scale up and Scale out**. Select an upgrade strategy for your system hardware to upgrade for increased data and workload. 
       + **Scale-up deployment**.If you choose this deployment upgrade model, enter the host name for the database
       + **Scale-out deployment**. If you choose this deployment upgrade model, enter the **SAP HANA master host name**, the **Number of worker nodes**, and the **Worker node hostname prefix** under **Instance sizing**. 
   + Under **Instance sizing**, choose whether to **Use Amazon recommended resources** or **Choose instance**.
     + **Use Amazon recommended resources**.
       + **Define requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Instance type**. Choose the instance type from the dropdown list.
     + **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address**.
       + **Auto-assign (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
       + **Private IP address**. When you select this option, you can enter a single IP address. If you have selected multiple worker nodes, enter the IP addresses to assign to the instance for each selected node. Separate more than one IP address with commas. Verify that the IP addresses are within the subnet range of the instance you are launching. You must enter the same number of IP addresses as the number of nodes selected.
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
     + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include any applicable taxes or discounts.
   + Under **Amazon FSx for NetApp ONTAP storage**, enter your desired volume sizes for SAP HANA data, log, and other file systems. The displayed default values are based on your selection of the instance type.

1. **Settings for SAP Web Dispatcher**. Enter the deployment settings for your SAP Web Dispatcher instance.
   + **Instance details**. 
     + Under **Image type**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the SAP Web Dispatcher instances. For a complete list of operating system versions supported for SAP Web Dispatcher, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown. 
     + **Private subnet**. The private subnet to provision SAP Web Dispatcher instances in.
     + **SAP Web Dispatcher ID (SID)**. The SID to use for SAP Web Dispatcher. This value must be unique throughout your SAP system's landscape.
     + **SAP Web Dispatcher Admin User ID**. The user ID number for the SAP Web Dispatcher administrator user (sid-adm).
     + **Hostname**. The hostname to use for the EC2 instance where SAP Web Dispatcher is deployed.
   + **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address**.
     + **Auto-assign IP address (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
     + **Custom IP address**. When you select this option, you can enter a single IP address.
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + Under **Instance sizing**, choose whether to **Based on infrastructure requirements** or **Based on instance type**.
     + **Based on infrastructure requirements**
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
           + **vCPU**. The amount of vCPUs cores required by the instance.
           + **Memory (GB)**. The amount of memory required for each instance.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types.
           + **SAPS**. We will recommend SAP certified instance types which offer SAPS ratings for the value you enter.
       + **Based on instance type**
         + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include any applicable taxes or discounts.

1. **Settings for Additional App Servers (AAS) - *optional***. Enter the deployment settings for your AAS instances.
   + **Instance details**. 
     + **Number of Additional App Servers (AAS)**. Enter the number of additional application servers. 
     + **Naming convention for host name**. Enter the naming convention for the host name.
     +  **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + Under **Instance sizing**, choose whether to Use **Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Define requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include any applicable taxes or discounts.

1. 

**Pre- and post-deployment configuration scripts — optional**

   You can run pre- and post-deployment configuration scripts during application provisioning. For more information about how Launch Wizard accesses and deploys these scripts, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts). 

**Pre-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, choose whether to proceed with the deployment. If you do not select this option, then when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Pre-deployment configuration scripts must finish running in 45 minutes or less.
   + **Configuration script**. You can add one or more configuration scripts depending on the number of servers you select to run scripts during the launch phase. 
     + For each pre-deployment configuration script that you want to run, choose to use a script located in Amazon S3 and enter the URL path of the script, or upload a script file.
     + Select the servers to run the pre-deployment configuration scripts during the launch phase. You can choose to run pre-deployment scripts on **ASCS/SCS Server and Primary Application Server (PAS)**, **Database (DB) Server**, and **Additional App Servers (AAS)**. You can add a script for each server selected.
     + To remove a configuration script, choose **Remove script**. To add more configuration scripts, choose **Add another script**.

**Post-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure, choose whether to proceed with the deployment. If you do not select this option, then when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Post-deployment configuration scripts must finish running in 2 hours or less.
   + **Configuration script**. You can add one or more configuration scripts depending on the number of servers you select to run scripts during the post-deployment phase. 
     + For each post-deployment configuration script that you want to run, choose to use a script located in Amazon S3 and enter the URL path of the script, or upload a script file.
     + Select the servers to run the post-deployment configuration scripts when an EC2 instance has been configured for use. You can choose to run the post-deployment scripts on **ASCS/SCS Server and Primary Application Server (PAS)**, **Database (DB) Server**, and **Additional App Servers (AAS)**. You can add a script for each server selected.
     + To remove a configuration script, choose **Remove script**. To add more configuration scripts, choose **Add another script**.

1. After you have entered your additional settings, choose **Next**.

(See the **SAP software installation settings** tab.)

------
#### [ High availability deployment ]

On the **Configure SAP HANA deployment model** page, enter the deployment details for the high availability deployment.

1. **Deployment details**. Launch Wizard supports single instance deployments, distributed instance deployments, and high availability deployments. Select **High availability deployment**. 

1. **Settings for ABAP System Central Services (ASCS) server**. Enter the deployment settings for your instance.
   + **Instance details**. 
     + Under **Image type**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the ASCS instances. For a complete list of operating system versions supported for ASCS, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown list. 
     + **Host name**. Enter the host name for the EC2 instance.
     + **ASCS instance number**. Enter the instance number for the SAP installation and setup, and to open up ports for security groups. 
   + Under **Instance sizing**, choose whether to **Use Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4 TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
       + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance type.
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
   + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources. It does not include any applicable taxes or discounts.
   + Under **Amazon FSx for NetApp ONTAP storage**, enter your desired volume sizes for SAP HANA data, log, and other file systems. The displayed default values are based on your selection of the instance type.

1. **Settings for Enqueue Replication Server (ERS)**. Enter the deployment settings for your ERS.
   + **Instance details**. 
     + Under **Instance sizing**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the ERS instance. 
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown list. 
     + **Host name**. Enter the host name for the EC2 instance.
     + **ERS instance number**. Enter the instance number for the SAP installation and setup, and to open up ports for security groups. 
   + Under **Instance sizing**, choose whether to **Use Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
       + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance type.
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
   + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include any applicable taxes or discounts.

1. **Settings for database (DB) Server**. Enter the deployment settings for your database.
   + Under **Instance sizing**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
     + **Instance details.**
       + **Operating System**. Select a supported operating system version for the ERS instance. 
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown list. 
   + **Primary and secondary instance details**. Enter details for both the primary and secondary instances.
     + **SAP HANA host name**. Enter the host name for the SAP HANA primary and secondary instances.
     + **Server site name**. Enter the primary and secondary site name for the SAP HANA system replication. 

**Private IP address settings**
     + **Primary instance details**

       **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address** for your primary instance.
       + **Auto-assign (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
       + **Private IP address**. When you select this option, you can enter a single IP address. Verify that this IP address is within the subnet range of the instance you are launching. 
     + **Secondary instance details**

       **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address** for your secondary instance.
       + **Auto-assign (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
       + **Private IP address**. When you select this option, you can enter a single IP address. Verify that this IP address is within the subnet range of the instance you are launching. 
   + **Overlay IP address**. Enter the overlay IP address to assign to the active node. The IP address should be outside of the VPC CIDR and must not be used by any other HA cluster. It is configured to always point to the active SAP HANA node. 
   + **Pacemaker tag name**. Enter the tag to assign to each EC2 instance. This tag is used by the pacemaker component of SLES HAE and RHEL for SAP high availability solutions and must not be used by any other EC2 instance in your account. 
   + Under **Instance sizing**, choose whether to **Use Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4 TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
       + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance type.
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
   + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources. It does not include any applicable taxes or discounts.

1. **Primary Application Server (PAS)**. Enter the deployment settings for your instance.
   + **Instance details**. 
     + Under **Image type**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the ERS instance. 
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown list. 
     + **Host name**. Enter the host name for the EC2 instance.
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable Amazon EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + Under **Instance sizing**, choose whether to **Use Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Define requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources. It does not include any applicable taxes or discounts.

1. **Settings for SAP Web Dispatcher**. Enter the deployment settings for your SAP Web Dispatcher instances.
   + **Instance details**. 
     + Under **Image type**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the SAP Web Dispatcher instances. For a complete list of operating system versions supported for SAP Web Dispatcher, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown.
     + **SAP Web Dispatcher ID (SID)**. The SID to use for SAP Web Dispatcher. This value must be unique throughout your SAP system's landscape.
     + **SAP Web Dispatcher Admin User ID**. The user ID number for the SAP Web Dispatcher administrator user (sid-adm).
   + Enter the following information for both the primary and secondary instance:
     + **Private subnet**. The private subnet to provision SAP Web Dispatcher instances in.
     + **Hostname**. The hostname to use for the EC2 instance where SAP Web Dispatcher is deployed.
     + **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address**.
       + **Auto-assign IP address (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
       + **Custom IP address**. When you select this option, you can enter a single IP address.
       + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + Under **Instance sizing**, choose whether to **Based on infrastructure requirements** or **Based on instance type**.
     + **Based on infrastructure requirements**
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
           + **vCPU**. The amount of vCPUs cores required by the instance.
           + **Memory (GB)**. The amount of memory required for each instance.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types.
           + **SAPS**. We will recommend SAP certified instance types which offer SAPS ratings for the value you enter.
       + **Based on instance type**
         + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include any applicable taxes or discounts.

1. **Settings for Additional App Servers (AAS) - *optional***. Enter the deployment settings for your AAS instances. 
   + **Instance details**
     + **Number of Additional App Servers (AAS)**. Enter the number of additional application servers. 
     + **Naming convention for host name**. Enter the naming convention for the host name.
     +  **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable Amazon EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + Under **Instance sizing**, choose whether to **Use Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4 TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources. It does not include any applicable taxes or discounts.

1. 

**Pre- and post-deployment configuration scripts — optional**

   You can run pre- and post-deployment configuration scripts during application provisioning. For more information about how Launch Wizard accesses and deploys these scripts, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts). 

**Pre-deployment configuration script — optional**
   + **Deployment settings**. Choose whether to proceed with the deployment if a configuration script fails or times out. If you do not select this option, if the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Pre-deployment configuration scripts must finish running in 45 minutes or less.
   + **Configuration script**. You can add one or more configuration scripts depending on the number of servers that you select to run scripts during the launch phase. 
     + For each pre-deployment configuration script that you want to run, choose to use a script located in Amazon S3 and enter the URL path of the script, or upload a script file.
     + Select the servers to run the pre-deployment configuration scripts during the launch phase. You can choose to run pre-deployment scripts on **Primary Application Server (PAS)**, **ABAP System Central Services (ASCS) Server**, **Database (DB) Server**, **Additional App Servers (AAS)**, and **Enqueue Replication Server (ERS)**. You can add a script for each server selected.
     + To remove a configuration script, choose **Remove script**. To add more configuration scripts, choose **Add another script**.

**Post-deployment configuration script — optional**
   + **Deployment settings**. Choose whether to proceed with the deployment if a configuration script fails. If you do not select this option, if the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Post-deployment configuration scripts must finish running in 2 hours or less.
   + **Configuration script**. You can add one or more configuration scripts depending on the number of servers that you select to run scripts during the post-deployment phase. 
     + For each post-deployment configuration script that you want to run, choose to use a script located in Amazon S3 and enter the URL path of the script, or upload a script file.
     + Select the servers to run the post-deployment configuration scripts when an EC2 instance has been configured for use. You can choose to run the post-deployment scripts on **Primary Application Server (PAS)**, **ABAP System Central Services (ASCS) Server**, **Database (DB) Server**, **Additional App Servers (AAS)**, and **Enqueue Replication Server (ERS)**. You can add a script for each server selected.
     + To remove a configuration script, choose **Remove script**. To add more configuration scripts, choose **Add another script**.

1. After you have entered all of your deployment settings, choose **Next**.

(See the **SAP software installation settings** tab.)

------
#### [ SAP software installation settings ]

On the **Configure SAP application software installation** page, enter the software installation details for a single instance, distributed instance, or high availability deployment.

1. **SAP application software**. Choose whether to install the SAP installation software.
   + If you choose **No**, choose whether to install HANA software. If you want to install HANA software, enter the **S3 location for HANA media** and the **HANA password**. Then, proceed to **Step 6**. If you don't want to install HANA software, proceed to **Step 9**.
   + If you choose **Yes**, provide the information listed in the following steps.

1. **Application** and **Version**. If you choose to install the SAP application software, select the supported application and version of the software you want to install. The following configuration fields will change based on your application software and version selections. For supported application versions, see [SAP applications](launch-wizard-sap-versions.md#launch-wizard-sap-versions-application).

1. **Load balancer for SAP Web Dispatcher**. You can select **Add Load balancer for SAP Web Dispatcher** to launch a load balancer to distribute incoming traffic to your SAP Web Dispatcher instances.
   + **Load balancer type**. Choose the type of load balancer to deploy. For more information, see [Load balancers for SAP Web Dispatcher](launch-wizard-sap-deploy-web-dispatcher.md#launch-wizard-sap-deploy-web-dispatcher-load-balancers).
   + **Scheme**. Choose whether the load balancer should be internet-facing or intranet-facing. For more information, see [Architectures for SAP Web Dispatcher](launch-wizard-sap-deploy-web-dispatcher.md#launch-wizard-sap-deploy-web-dispatcher-architectures).
   + **Load balancer secure communication**. You can enable this option to configure an HTTPS/TLS listener for your load balancer. This option will terminate the HTTPS/TLS connection at the load balancer. For more information, see [Enable HTTPS communication](launch-wizard-sap-deploy-web-dispatcher.md#launch-wizard-sap-deploy-web-dispatcher-post-deployment-enable-https).
     + **ACM certificate ARN**. Enter the ARN of a certificate in Amazon Certificate Manager (ACM) to use for the load balancer HTTPS/TLS listener.
   + **Availability Zones(AZ) and subnet**. The public or private subnets to deploy the load balancer in.
     + **Availability Zone 1**. Choose the first availability zone to use.
     + **Availability Zone 2**. Choose the second availability zone to use.
     + **Load balancer security group**. Choose the security group to assign to the load balancer.

1. **SAP application software location**. In order to install the SAP application software, Launch Wizard requires access to the relevant software and files. For instructions to provide Launch Wizard access to the application software and associated files, see [Make SAP application software available for Amazon Launch Wizard to deploy SAP](launch-wizard-sap-software-install-details.md).
   + **SAPCAR location**. Enter the Amazon S3 path where the SAPCAR is located.
   + **Software Provisioning Manager (SWPM) location**. Enter the Amazon S3 path where the SWPM is located.
   + **Kernel software location**. Enter the Amazon S3 path where the unextracted kernel with media label is located.
   + **Installation export location**. Enter the Amazon S3 path where the installation export is located.
   + **HANA database software location**. Enter the Amazon S3 path where the SAP HANA database software is located.
   + **SAP HANA client software location**. Enter the Amazon S3 path where the SAP HANA client software is located.

1. 

**Installation details**

   The following fields may vary according to the application selected.
   + **Schema name** and **Master password**. Enter the schema name and password to use for the HANA database.
   + **PAS instance number**. Enter the PAS instance number.
   + **ASCS virtual host name**. Enter the ASCS virtual host name used to set up high availability.
   + **ASCS virtual IP address**. Enter the ASCS virtual IP address.
   + **Enqueue Replication Server (ERS) instance number**. Enter the instance number to use for the ERS instance.
   + **Enqueue Replication Server (ERS) virtual IP address**. Enter the virtual IP address used to set up high availability.
   + **Enqueue Replication Server (ERS) virtual host name**. Enter the virtual host name used to set up high availability.
   + **ASCS instance number**. Enter the ASCS instance number.
   + **Database installation**. Choose whether or not to install the HANA database.
   + **Database virtual host name**. Enter the database virtual host name used to set up high availability.
   + **Software**. Select the software type that you want to install. You can install SQL or SAP software.
   + **Host name**. Enter the Central Instance, ASCS, ASCS virtual IP, or Enqueue Replication Server (ERS) host name.

1. **Additional installation details**. Select the parameter name and values to use for your software installation. The following fields may vary according to the application selected.
   + **Number of batch processes**. Enter the maximum number of batch processes. 
   + **Number of dialog processes**. Enter the maximum number of dialog processes.
   + **UID for SAP host agent**. Enter the UID for the SAP host agent.
   + **Create a DBA Cockpit user**. Choose whether to create a DBA Cockpit user.

1. **Amazon Backint Agent**. Select the check box to install Amazon Backint Agent. For more information, see [Amazon Backint Agent for SAP HANA](https://docs.amazonaws.cn/sap/latest/sap-hana/aws-backint-agent-sap-hana.html).

   1. **S3 file path**. Select or enter the Amazon S3 location to store the SAP HANA backup files.

   1. **Amazon KMS key ARN**. Select the ARN of the KMS key that can be used by Amazon Backint Agent to encrypt the backup files. For more information, see the [Amazon Backint Agent for SAP documentation](https://docs.amazonaws.cn/sap/latest/sap-hana/aws-backint-agent-prerequisites.html#aws-backint-agent-s3).

   1. **Agent version**. Select the Amazon Backint Agent version you want to install.

1. 

****Additional preferences**.**

   1. When you use Amazon Backint Agent, the HANA backup files are stored in Amazon S3, which eliminates the requirement for local EBS backup volumes. If you want Launch Wizard to provision local EBS backup volumes for file-based backups that can be configured manually after deployments, select the check box. 

   1. By default, a Launch Wizard deployment rolls back when the Amazon Backint Agent installation fails. If you want to continue with a Launch Wizard deployment when the Amazon Backint Agent installation fails, select the check box. This option does not apply to high availability deployments. 

1. **IAM permissions**. To deploy an application successfully, Launch Wizard must be allowed to perform operations in other Amazon services on your behalf. To do this, the Launch Wizard IAM role, `AmazonEC2RoleForLaunchWizard`, must have permissions attached to perform these operations, which include Amazon Backint Agent operations, running pre- and post-deployment configuration scripts, and downloading the SAP installation media from Amazon S3. If the required policy is not attached to the Launch Wizard role, the Launch Wizard deployment can fail. Select the check box to verify that you have attached the required permissions before deploying. 

   For steps to attach the required permissions to `AmazonEC2RoleForLaunchWizard`, see [Amazon Identity and Access Management (IAM)](launch-wizard-sap-setting-up.md#launch-wizard-sap-iam) in this guide.

1. Choose **Deploy**

(See the **Review** tab)

------
#### [ Review  ]
+ On the **Review ** page, review your infrastructure, application, and deployment model settings. If you are satisfied with your selections, choose **Deploy**. If you want to change settings, choose **Previous**.
+ When you choose **Deploy**, you are redirected to the **Deployments** page, where you can view the status of your deployment, and also the deployment details.

------

#### SAP HANA database


------
#### [ Application settings  ]

On the **Configure application settings** page, enter your SAP HANA database application settings.

1. **Application type**. Select **SAP HANA database**. This configuration includes:
   + EC2 instances for an SAP HANA database 
   + Optional installation of SAP HANA database software

1. **General Settings – SAP HANA**. Enter the settings for your SAP HANA database installation.
   + **SAP HANA System ID (SID)**. Enter the SAP HANA system ID for your system. The HANASID must be different from SAPSID if you are configuring a single instance deployment.
   + **SAP HANA Instance number**. Enter the instance number to use for your SAP HANA system. This must be a two-digit number from 00 through 99.
   + **EBS Volume Type for SAP HANA**. Select the EBS volume types that you want to use for **SAP HANA Data**, **SAP HANA Logs**, and **SAP Others** from the dropdown lists.
**Note**  
gp3 volumes are not supported for HANA production databases running on Xen instances (X1, X1e, R4, and R3). When you deploy HANA databases with Xen instances after choosing **Production** as the **Deployment environment** under the **Configuration options**, gp2 volumes will be used to set up SAP HANA Data and Logs on the instances you selected for the HANA database.
   + Select *Make this selection to use Amazon FSx for NetApp ONTAP for all SAP HANA database file systems, except root, backup, and media file systems.*

     Your chosen Amazon EBS volume type is used for the application layer.
   + **SAP HANA software install**. Select whether you want to download the SAP HANA software.
     + If you select **Yes**, enter the Amazon S3 location where the SAP HANA software is located. The S3 bucket must have the prefix “launchwizard” in the bucket name to ensure that the Launch Wizard IAM role policy for EC2 has read-only access to the bucket. For steps to set up the folder structure for your S3 bucket, see [Make SAP HANA software available for Amazon Launch Wizard to deploy a HANA database](launch-wizard-sap-structure.md). Enter a password to use for your SAP HANA installation.
       + **Amazon Backint Agent.** Select the check box if you want to deploy Amazon Backint Agent for backup and recover along with the application. For more information about Amazon Backint Agent, see [Amazon Backint Agent for SAP HANA](https://docs.amazonaws.cn/sap/latest/sap-hana/aws-backint-agent-sap-hana.html).
         + **S3 URI.** Enter the URI of the S3 bucket where you want to store your SAP HANA backup files. For example, `s3://<bucket-name>`.
         + **S3 Encryption (Amazon KMS key ARN).** Select the ARN of the KMS key that Amazon Backint Agent can use to encrypt the backup files stored in your Amazon S3 bucket.
         + **Agent version.** Select the version number of the agent that you want to install. If you do not enter a version number, the latest published version of the agent is installed.
         + **Additional Backint preferences.** 
           + If you selected to use Amazon Backint agent, the agent backs up files to S3, which removes the requirement for EBS backup volumes. Select this check box to provision local EBS backup volumes for file-level backups.
           + By default, Launch Wizard rolls back a deployment when the Amazon Backint Agent installation fails. Select the check box if you want Launch Wizard to continue with non-HA application deployments when the Backint installation fails. 
         + **Verify that you have attached the required policy for Backint operations to the following role.** Select this check box after you have attached the required policy to the `AmazonEC2RoleForLaunchWizard`. This policy allows Launch Wizard to perform Backint Agent operations on your behalf. The policy and instructions to attach the policy to the role are provided by Launch Wizard during deployment. This information can also be found in [ Step 2 of the Backint Agent IAM documentation](https://docs.amazonaws.cn/sap/latest/sap-hana/aws-backint-agent-prerequisites.html#aws-backint-agent-iam).
     + If you select **No**, only the Amazon infrastructure is provisioned so you can manually deploy an SAP HANA database post deployment .

1. After you enter your application settings, choose **Next**.

(Use the tab for **Single instance deployment**, **Multiple instance deployment**, or **High availability deployment**, depending on your configuration)

------
#### [ Single instance deployment ]

On the **Configure deployment model** page, enter the deployment details for the SAP HANA database deployment.

1. **Deployment model**. Launch Wizard supports single instance deployments, multiple instance deployments, and high availability deployments. Select **Single instance deployment**. 

1. **Settings for SAP HANA database on one instance**
   + **Instance details.**
     + Under **Image type**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the ERS instance. 
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown.
     + **Host name**. Enter the host name for the EC2 instance.
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see Recover Your Instance in the Amazon EC2 User Guide.
   + Under **Instance sizing**, choose **Use Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Define requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include applicable taxes or discounts.
   + Under **Amazon FSx for NetApp ONTAP storage**, enter your desired volume sizes for SAP HANA data, log, and other file systems. The displayed default values are based on your selection of the instance type.

1. 

**Pre- and post-deployment configuration scripts — optional**

   You can run pre- and post-deployment configuration scripts during application provisioning. For more information about how Launch Wizard accesses and deploys these scripts, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts). 

**Pre-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Pre-deployment configuration scripts must finish running in 45 minutes or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

**Post-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Post-deployment configuration scripts must finish running in 2 hours or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

1. After you enter your deployment settings, choose Next.

(See the **Review** tab)

------
#### [ Multiple instance deployment ]

On the **Configure deployment model** page, enter the deployment details for the SAP HANA database deployment.

1. **Deployment model**. Launch Wizard supports single instance deployments, multiple instance deployments, and high availability deployments. Select **Multiple instance deployment**. 

1. 

**SAP HANA on multiple EC2 instances**
   + **Instance details.**
     + Under **Instance sizing**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
       + **Operating System**. Select a supported operating system version for the SAP HANA servers. 
       + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown.
   + Under **Instance sizing**, choose **Use Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
     + **Host Name for SAP system**. Enter the host name for the EC2 instance.
     + **Number of worker nodes**. Enter the number of EC2 instances to be configured as worker nodes for this SAP HANA system. 
     + **Worker node hostname prefix**. Enter the hostname prefix for the worker nodes.
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see Recover Your Instance in the Amazon EC2 User Guide.
     + **Recommended Resources**. Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include applicable taxes or discounts.
   + Under **Amazon FSx for NetApp ONTAP storage**, enter your desired volume sizes for SAP HANA data, log, and other file systems. The displayed default values are based on your selection of the instance type.

1. 

**Pre- and post-deployment configuration scripts — optional**

   You can run pre- and post-deployment configuration scripts during application provisioning. For more information about how Launch Wizard accesses and deploys these scripts, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts). 

**Pre-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Pre-deployment configuration scripts must finish running in 45 minutes or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

**Post-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Post-deployment configuration scripts must finish running in 2 hours or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

1. After you enter your deployment settings, choose **Next**.

(See **Review** tab)

------
#### [ High availability deployment ]

On the **Configure deployment model** page, enter the deployment details for the SAP HANA database deployment.

1. **Deployment model**. Launch Wizard supports single instance deployments, multiple instance deployments, and high availability deployments. Select **High availability deployment**. 

1. **Instance details.**
   + Under **Instance details**, choose whether to use **Amazon/Marketplace/Community images** or **Bring your own images (BYOI)**.
     + **Operating System**. Select a supported operating system version for the SAP HANA servers. 
     + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown.
   + **Primary and secondary instance details**. Enter details for both the primary and secondary instances.
     + **SAP HANA host name**. Enter the host name for the SAP HANA primary and secondary instances.
     + **Server site name**. Enter the primary and secondary site name for the SAP HANA system replication. 
   + **Overlay IP address**. Enter the overlay IP address to assign to the active node. The IP address should be outside of the VPC CIDR and must not be used by any other HA cluster. It is configured to always point to the active SAP HANA node. 
   + **Pacemaker tag name**. Enter the tag to assign to each EC2 instance. This tag is used by the pacemaker component of SLES HAE and RHEL for SAP high availability solutions and must not be used by any other EC2 instance in your account. 
   + Under **Instance sizing**, choose **Use Amazon recommended resources** or **Choose your instance**.
     + **Use Amazon recommended resources**.
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
     + **Recommended Resources**. Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections. This is an estimate of Amazon costs to deploy additional resources and does not include applicable taxes or discounts.
   + Under **Amazon FSx for NetApp ONTAP storage**, enter your desired volume sizes for SAP HANA data, log, and other file systems. The displayed default values are based on your selection of the instance type.

1. 

**Pre- and post-deployment configuration scripts — optional**

   You can run pre- and post-deployment configuration scripts during application provisioning. For more information about how Launch Wizard accesses and deploys these scripts, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts). 

**Pre-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Pre-deployment configuration scripts must finish running in 45 minutes or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

**Post-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Post-deployment configuration scripts must finish running in 2 hours or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

1. After you enter your deployment settings, choose **Next**.

(See **Review** tab)

------
#### [ Review ]
+ On the **Review** page, review your infrastructure, application, and deployment model settings. If you are satisfied with your selections, choose **Deploy** . If you want to change settings, choose **Previous**.
+ When you choose **Deploy** , you are redirected to the **Deployments page**, where you can view the status of your deployment, and also the deployment details.

------

#### NetWeaver stack on SAP ASE database


------
#### [ Application settings  ]

On the **Configure application settings** page, enter your NetWeaver stack on SAP ASE database application settings.

1. **Application type**. Select **NetWeaver stack on SAP ASE database**. This configuration includes:
   + NetWeaver stack for a single instance.
   + EC2 instances for the NetWeaver application tier
   + SAP NetWeaver ABAP or JAVA software install.

1. **General settings – SAP system**. Enter the settings for your SAP system.
   + **SAP Application ID**. Select the application you want to deploy from the dropdown. The options include, SAP NetWeaver ABAP, SAP NetWeaver JAVA, and SAP Solution Manager.
   + **SAP System ID (SAPSID)**. An identifier for your system. The ID must be a three character, alphanumeric string.
   + **SAP System Admin User ID**. The user ID number for the SAP system admin (`<sid>adm`). The minimum number is 100, and the maximum allowed number is 65536.
   + **EBS Volume Type for NetWeaver application stack instances**. Choose which volume type to use for the NetWeaver application file system `/usr/sap/SAPSID` from the dropdown list.
   + **Transport Domain Controller**. Specify whether the SAP system will be the domain controller for the SAP landscape. If not, select the transport file system of the domain controller to be mounted.

1. **General Settings – SAP Adaptive Server Enterprise (ASE)**. Enter the settings for your SAP ASE database.
   + **SAP ASE User ID number.** Enter the user ID number for the SAP ASE database admin (`syb<SAPSID>`). The minimum number is 100, and the maximum allowed number is 65536.
   + **EBS Volume Type for SAP ASE filesystems**. Select the EBS volume types to use for **SAP ASE Data**, **SAP ASE Logs**, and **SAP ASE Backup** filesystems from the dropdown lists.

1. After you enter your application settings, choose **Next**. 

Use the tab for **Single instance deployment** for further information.

------
#### [ Single instance deployment ]

On the **Configure deployment model** page, enter the deployment details for a single instance deployment.

1. **ASCS, PAS, and DB on one EC2 instance**. Enter the deployment settings for your instance.
   + **Instance details**.
     + Under **Image type**, choose whether to use **Amazon/Marketplace/Community image** or **Bring your own image (BYOI)**.
     + **Operating System and version**. Select a supported operating system version for the ASCS instance. For a complete list of operating system versions supported for ASCS, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
     + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown.
     + **Host name**. Enter the host name for the EC2 instance.
     + **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address**.
       + **Auto-assign (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
       + **Private IP address**. When you select this option, you can enter a single IP address. Verify that this IP address is within the subnet range of the instance you are launching. 
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + **Instance sizing**.

     Under **Instance sizing type**, choose **Based on infrastructure requirements** or **Based on instance type**.
     + **Use Amazon recommended resources**.
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
   + **Storage Sizing**. Enter the size, IOPS, and throughput for the data, log, and backup filesystems. You can have upto 6 data filesystems, 1 log filesystem, and 1 backup filesystem.
   + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections and the EBS volumes that will be created and attached to the launched instances. This is an estimate of Amazon costs to deploy additional resources and does not include any image costs, EC2 reservations, applicable taxes, or discounts.

1. 

**Pre- and post-deployment configuration scripts — optional**

   You can run pre- and post-deployment configuration scripts during application provisioning. For more information about how Launch Wizard accesses and deploys these scripts, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts). 

**Pre-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Pre-deployment configuration scripts must finish running in 45 minutes or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

**Post-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Post-deployment configuration scripts must finish running in 2 hours or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

1. After you have entered your deployment settings, choose **Next**.

See the **SAP software installation settings** tab for further information.

------
#### [ SAP software installation settings ]

On the **Configure SAP application software installation** page, enter the software installation details for a single instance.

1. **SAP application software**. Choose whether to install the SAP installation software.

   If you choose **Yes**, provide the information listed in the following steps.

1. **Application** and **Version**. If you choose to install the SAP application software, select the supported application and version of the software you want to install. The following configuration fields will change based on your application software and version selections. For supported application versions, see [SAP applications](launch-wizard-sap-versions.md#launch-wizard-sap-versions-application).

1. **SAP application software location**. In order to install the SAP application software, Launch Wizard requires access to the relevant software and files. For instructions to provide Launch Wizard access to the application software and associated files, see [Make SAP application software available for Amazon Launch Wizard to deploy SAP](launch-wizard-sap-software-install-details.md).
   + **SAPCAR location**. Enter the Amazon S3 path where the SAPCAR is located.
   + **Software Provisioning Manager (SWPM) location**. Enter the Amazon S3 path where the SWPM is located.
   + **Kernel software location**. Enter the Amazon S3 path where the unextracted kernel with media label is located.
   + **Installation export location**. Enter the Amazon S3 path where the installation export is located.
   + **SAP ASE database software location**. Enter the Amazon S3 path where the SAP ASE database software is located.

1. 

**Installation details**

   The following fields may vary according to the application selected.
   + **Master password**. Enter the password to use for the SAP ASE database.
   + **PAS instance number**. Enter the PAS instance number.
   + **ASCS instance number**. Enter the ASCS instance number.

1. **Additional installation details**. Select the parameter name and values to use for your software installation. The following fields may vary according to the application selected.
   + **Number of batch processes**. Enter the maximum number of batch processes. 
   + **Number of dialog processes**. Enter the maximum number of dialog processes.
   + **UID for SAP host agent**. Enter the UID for the SAP host agent.

1. **IAM permissions**. To deploy an application successfully, Launch Wizard must be allowed to perform operations in other Amazon services on your behalf. To do this, the Launch Wizard IAM role, `AmazonEC2RoleForLaunchWizard`, must have permissions attached to perform these operations, which include Amazon Backint Agent operations, running pre- and post-deployment configuration scripts, and downloading the SAP installation media from Amazon S3. If the required policy is not attached to the Launch Wizard role, the Launch Wizard deployment can fail. Select the check box to verify that you have attached the required permissions before deploying. 

   For steps to attach the required permissions to `AmazonEC2RoleForLaunchWizard`, see [Amazon Identity and Access Management (IAM)](launch-wizard-sap-setting-up.md#launch-wizard-sap-iam) in this guide.

1. Choose **Deploy**

See the **Review** tab for futher information.

------
#### [ Multiple instance deployment ]

On the **Configure deployment model** page, enter the deployment details for an SAP ASE deployment.

1. **Settings for ASCS/SCS and PAS Server**. Enter the deployment settings for your application instance.
   + **Instance details**.
     + Under **Image type**, choose whether to use **Amazon/Marketplace/Community image** or **Bring your own image (BYOI)**.
     + **Operating System and version**. Select a supported operating system version for the ASCS instance. For a complete list of operating system versions supported for ASCS, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
     + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown.
     + **Host name**. Enter the host name for the EC2 instance.
     + **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address**.
       + **Auto-assign (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
       + **Private IP address**. When you select this option, you can enter a single IP address. Verify that this IP address is within the subnet range of the instance you are launching. 
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + **Instance sizing**.

     Under **Instance sizing type**, choose **Based on infrastructure requirements** or **Based on instance type**.
     + **Use Amazon recommended resources**.
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
   + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections and the EBS volumes that will be created and attached to the launched instances. This is an estimate of Amazon costs to deploy additional resources and does not include any image costs, EC2 reservations, applicable taxes, or discounts.

1. **Settings for ASE database instance**. Enter the deployment settings for your application instance.
   + **Instance details**.
     + Under **Image type**, choose whether to use **Amazon/Marketplace/Community image** or **Bring your own image (BYOI)**.
     + **Operating System and version**. Select a supported operating system version for the ASCS instance. For a complete list of operating system versions supported for ASCS, see [Operating systems](launch-wizard-sap-versions.md#launch-wizard-sap-ascs-support-os).
     + **AMI ID**. For BYOI, select the AMI that you want to use from the dropdown.
     + **Host name**. Enter the host name for the EC2 instance.
     + **Private IP address**. Choose whether to use an **Auto-assigned (default)** IP address or a **Custom IP address**.
       + **Auto-assign (default)**. When you select this option, an IP addressed will be assigned for you. This is the default option.
       + **Private IP address**. When you select this option, you can enter a single IP address. Verify that this IP address is within the subnet range of the instance you are launching. 
     + **Auto Recovery**. Auto recovery is an Amazon EC2 feature to increase instance availability. Select the check box to enable EC2 automatic recovery for the instance. For more information, see [Recover Your Instance](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/ec2-instance-recover.html) in the Amazon EC2 User Guide.
   + **Instance sizing**.

     Under **Instance sizing type**, choose **Based on infrastructure requirements** or **Based on instance type**.
     + **Use Amazon recommended resources**.
       + **Infrastructure requirements**. Choose the requirements for your recommended resources from the dropdown list.
         + **Based on CPU/Memory**. If you select this option, enter the required number of vCPU **Cores** and **Memory**. Amazon EC2 supports up to 1920 logical processors. If the amount of memory required exceeds 4TB, [dedicated hosts](https://docs.amazonaws.cn/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html) are required.
         + **SAPS (SAP Application Performance Standard)**. If you select this option, enter the **SAPS** rating for the SAP certified instance types. 
     + **Choose your instance**.
       + **Instance type**. Choose the instance type from the dropdown list.
   + **Storage Sizing**. Enter the size, IOPS, and throughput for the data, log, and backup filesystems. You can have upto 6 data filesystems, 1 log filesystem, and 1 backup filesystem.
   + **Recommended Resources**. Amazon Launch Wizard displays the **Estimated monthly cost of operation** based on your instance sizing selections and the EBS volumes that will be created and attached to the launched instances. This is an estimate of Amazon costs to deploy additional resources and does not include any image costs, EC2 reservations, applicable taxes, or discounts.

1. 

**Pre- and post-deployment configuration scripts — optional**

   You can run pre- and post-deployment configuration scripts during application provisioning. For more information about how Launch Wizard accesses and deploys these scripts, see [Custom deployment configuration scripts](how-launch-wizard-sap-works.md#launch-wizard-sap-how-it-works-scripts). 

**Pre-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Pre-deployment configuration scripts must finish running in 45 minutes or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

**Post-deployment configuration script — optional**
   + **Deployment settings**. In the event of a configuration script failure or time out, select whether to ignore all failures and proceed with the deployment. If you do not select this option, when the configuration scripts fail or time out, Launch Wizard will roll back the workload and delete all of the Amazon resources created by Launch Wizard. Post-deployment configuration scripts must finish running in 2 hours or less.
   + **Configuration script**. Choose to use a script located in Amazon S3 and enter the URL path of the script, or enter a script manually by uploading a script file. To remove the configuration script, choose **Remove script**. 

1. After you have entered your deployment settings, choose **Next**.

See the **SAP software installation settings** tab for further information.

------
#### [ Review  ]
+ On the **Review ** page, review your infrastructure, application, and deployment model settings. If you are satisfied with your selections, choose **Deploy**. If you want to change settings, choose **Previous**.
+ When you choose **Deploy**, you are redirected to the **Deployments** page, where you can view the status of your deployment, and also the deployment details.

------

## Clone deployment


You can now clone your SAP deployments created after April 21, 2022.

1. Sign in to [https://console.aws.amazon.com/launchwizard](https://console.amazonaws.cn/launchwizard). 

1. In the Deployments pane on the left, select **SAP**.

1. Choose an existing deployment from the list of deployments and select **Actions** > **Clone deployment**.

### Cloning inputs


With a cloned deployment, the following inputs must be provided.
+ Enter a unique name for the cloned deployment.
+ For SAP landscape infrastructure, you must define the configuration type.
  + You can **Create new configuration** by entering a new **Configuration name** and checking the **Verify connectivity** box.
  + To use the same configuration, select **Apply saved configuration** and choose a configuration from the list.
+ The application and database credentials are not carried over. Enter your application and database passwords when prompted.

# Deploying an SAP application (Amazon CLI)


You can deploy, describe, and delete SAP applications you create using Launch Wizard with the Amazon CLI. For more information on the Amazon Launch Wizard APIs, see the [Amazon Launch Wizard API reference](https://docs.amazonaws.cn/launchwizard/latest/APIReference/Welcome.html).

**Topics**
+ [

## Prerequisites
](#launch-wizard-sap-deploying-cli-prerequisites)
+ [

## Amazon CLI examples
](#launch-wizard-sap-deploying-cli-examples)

## Prerequisites


The following requirements must be met before you can use the Amazon CLI to create Launch Wizard deployments.
+ Install or update the Amazon CLI. For more information, see [Install or update the latest version of the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/getting-started-install.html).
+ Complete the getting started requirements in [Set up for Amazon Launch Wizard for SAP](launch-wizard-sap-setting-up.md).

## Amazon CLI examples


The following examples demonstrate how you can use the Launch Wizard API operations with the Amazon CLI.

------
#### [ Create a deployment ]

You can create a deployment for your SAP application using the `CreateDeployment` Launch Wizard API operation. You can use the [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListWorkloadDeploymentPatterns.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListWorkloadDeploymentPatterns.html) operation to discover the supported values for the `--workload-name` and `--deployment-pattern-name` parameters. SAP applications deployed using this API operation can't be cloned from the Amazon Launch Wizard console. For more information, see [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_CreateDeployment.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_CreateDeployment.html).

**Tip**  
You can pass inputs to the `specifications` parameter for your deployment as a file for easier usage. For more information on the available specifications for each deployment pattern, including examples, see [Deployment specifications](https://docs.amazonaws.cn/launchwizard/latest/APIReference/launch-wizard-specifications.html).

```
$ aws launch-wizard create-deployment --workload-name SAP --deployment-pattern-name SapHanaSingle --name ExampleName --region us-east-1 --specifications file://hana-single-specifications.json

{
    "deploymentId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
```

------
#### [ Delete a deployment ]

You can delete an SAP deployment using the `DeleteDeployment` Launch Wizard API operation. For more information, see [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_DeleteDeployment.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_DeleteDeployment.html).

```
$ aws launch-wizard delete-deployment --deployment-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 --region us-east-1

{
    "status": "DELETE_INITIATING",
    "statusReason": "Finished processing DeleteApp request"
}
```

------
#### [ Get deployment details ]

You can get deployment details for an SAP deployment using the `GetDeployment` Launch Wizard API operation. For more information, see [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_GetDeployment.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_GetDeployment.html).

```
$ aws launch-wizard get-deployment --deployment-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 --region us-east-1

{
    "deployment": {
        "name": "ExampleName",
        "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
        "workloadName": "SAP",
        "patternName": "SapHanaSingle",
        "status": "COMPLETED",
        "createdAt": "2023-10-10T17:18:49.150000-07:00",
        "specifications": {
            "ApplicationSecurityGroupId": "sg-1234567890abcdef0",
            "AvailabilityZone1PrivateSubnet1Id": "subnet-1234567890abcdef0",
            "CreateSecurityGroup": "No",
            "DatabaseAmiId": "ami-1234567890abcdef0",
            "DatabaseAutomaticRecovery": "Yes",
            "DatabaseDataVolumeType": "gp3",
            "DatabaseHostCount": "1",
            "DatabaseInstanceType": "r3.2xlarge",
            "DatabaseLogVolumeType": "gp3",
            "DatabaseOperatingSystem": "SuSE-Linux-12-SP5-HVM",
            "DatabaseOthersVolumeType": "gp3",
            "DatabasePrimaryHostname": "sapci",
            "DatabaseSecurityGroupId": "sg-1234567890abcdef0",
            "DatabaseSystemId": "HDB",
            "DisableDeploymentRollback": "true",
            "Ec2InstanceRoleName": "AmazonEC2RoleForLaunchWizard",
            "EnableCloudwatchLogs": "Yes",
            "EnableEbsVolumeEncryption": "Yes",
            "EnvironmentType": "production",
            "InstallDatabaseSoftware": "No",
            "KeyPairName": "canary-test",
            "NewSecurityGroupRules": "[{\"type\":\"ip\",\"value\":\"10.0.0.0/32\"}]",
            "PrimaryAZ": "us-east-1a",
            "SapInstanceNumber": "00",
            "SaveDeploymentArtifacts": "false",
            "SnsTopicArn": "arn:aws:sns:us-east-1:111122223333:ExampleTopic",
            "Timezone": "UTC",
            "VpcId": "vpc-1234567890abcdef0"
        },
        "resourceGroup": "LaunchWizard-SapHanaSingle-ExampleGroup-abcd1234"
    }
}
```

------
#### [ Get workload details ]

You can get workload details for an SAP deployment using the `GetWorkload` Launch Wizard API operation. For more information, see [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_GetWorkload.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_GetWorkload.html).

```
$ aws launch-wizard get-workload --workload-name SAP --region us-east-1

{
    "workload": {
        "workloadName": "SAP",
        "displayName": "SAP",
        "description": "Amazon Launch Wizard for SAP is a service that guides you through the sizing, configuration, and deployment of SAP applications on Amazon.",
        "documentationUrl": [https://docs.amazonaws.cn/launchwizard/latest/userguide/launch-wizard-sap.html](https://docs.amazonaws.cn/launchwizard/latest/userguide/launch-wizard-sap.html),
        "iconUrl": "https://example.com/example.png",
        "status": "ACTIVE"
    }
}
```

------
#### [ List deployments ]

You can list an SAP deployment using the `ListDeployments` Launch Wizard API operation. For more information, see [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListDeployments.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListDeployments.html).

```
$ aws launch-wizard list-deployments --filter name=DEPLOYMENT_STATUS,values=IN_PROGRESS --region us-east-1

{
    "deployments": [
        {
            "name": "ExampleName",
            "id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
            "workloadName": "SAP",
            "patternName": "SapHanaSingle",
            "status": "IN_PROGRESS",
            "createdAt": "2023-04-24T13:10:09.857000-07:00"
        }
    ]
}
```

------
#### [ List deployment events ]

You can list SAP deployment events using the `ListDeploymentEvents` Launch Wizard API operation. For more information, see [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListDeployments.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListDeployments.html).

```
$ aws launch-wizard list-deployment-events --deployment-id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 --region us-east-1

{
    "deploymentEvents": [
        {
            "name": "Create secure parameter",
            "description": "Creates a new secure parameter",
            "status": "COMPLETED",
            "statusReason": "",
            "timestamp": "2021-12-22T16:35:17.227000-08:00"
        },
        {
            "name": "Create resource group",
            "description": "Creates a resource group with all the application resources",
            "status": "COMPLETED",
            "statusReason": "",
            "timestamp": "2021-12-22T16:35:17.909000-08:00"
        },
        {
            "name": "Delete application resource group",
            "description": "Deletes the application resource group",
            "status": "COMPLETED",
            "statusReason": "",
            "timestamp": "2023-05-10T15:50:51.156000-07:00"
        },
        {
            "name": "Delete secure parameters",
            "description": "Deletes a secure parameter",
            "status": "COMPLETED",
            "statusReason": "",
            "timestamp": "2023-05-10T15:50:51.451000-07:00"
        }
    ]
}
```

------
#### [ List workloads ]

You can list workload details for SAP deployments using the `ListWorkloads` Launch Wizard API operation. For more information, see [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListWorkloads.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListWorkloads.html).

```
$ aws launch-wizard list-workloads --region us-east-1

{
    "workloads": [
        {
            "displayName": "SAP",
            "workloadName": "SAP"
        },
        {
            "displayName": "Exchange Server",
            "workloadName": "ExchangeServer"
        },
        {
            "displayName": "MS SQL Server",
            "workloadName": "SQL"
        },
        {
            "displayName": "Amazon EKS",
            "workloadName": "EKS"
        },
        {
            "displayName": "Microsoft Active Directory",
            "workloadName": "MicrosoftActiveDirectory"
        },
        {
            "displayName": "Microsoft IIS",
            "workloadName": "IIS"
        },
        {
            "displayName": "Remote Desktop Gateway",
            "workloadName": "RDGW"
        }
    ]
}
```

------
#### [ List workload deployment patterns ]

You can list the available patterns for SAP workloads using the `ListWorkloadDeploymentPatterns` Launch Wizard API operation. For more information, see [https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListWorkloadDeploymentPatterns.html](https://docs.amazonaws.cn/launchwizard/latest/APIReference/API_ListWorkloadDeploymentPatterns.html).

```
$ aws launch-wizard list-workload-deployment-patterns --workload-name SAP --region us-east-1

{
    "workloadDeploymentPatterns": [
        {
            "workloadName": "SAP",
            "deploymentPatternName": "SapHanaHA",
            "workloadVersionName": "2023-10-30-23-00-00",
            "displayName": "Cross-AZ SAP HANA database high availability setup",
            "description": "Deploy SAP HANA with high availability configured across two Availability Zones.",
            "status": "ACTIVE"
        },
        {
            "workloadName": "SAP",
            "deploymentPatternName": "SapHanaMulti",
            "workloadVersionName": "2023-10-30-23-00-00",
            "displayName": "SAP HANA database on multiple EC2 instances",
            "description": "Deploy SAP HANA in a multi-node, scale-out architecture.",
            "status": "ACTIVE"
        },
        {
            "workloadName": "SAP",
            "deploymentPatternName": "SapHanaSingle",
            "workloadVersionName": "2023-10-30-23-00-00",
            "displayName": "SAP HANA database on a single Amazon EC2 instance",
            "description": "Deploy SAP HANA in a single-node, scale-up architecture, with up to 24TB of memory.",
            "status": "ACTIVE"
        },
        {
            "workloadName": "SAP",
            "deploymentPatternName": "SapNWOnHanaHA",
            "workloadVersionName": "2023-10-30-23-00-00",
            "displayName": "Cross-AZ SAP NetWeaver system setup",
            "description": "Deploy Amazon EC2 instances for ASCS/ERS and SAP HANA databases across two Availability Zones, and spread the deployment of application servers across them.",
            "status": "ACTIVE"
        },
        {
            "workloadName": "SAP",
            "deploymentPatternName": "SapNWOnHanaMulti",
            "workloadVersionName": "2023-10-30-23-00-00",
            "displayName": "SAP NetWeaver system on multiple EC2 instances",
            "description": "Deploy an SAP NetWeaver system using a distributed deployment model, which includes an ASCS/PAS server, single/multiple SAP HANA servers running SAP HANA databases, and multiple application servers.",
            "status": "ACTIVE"
        },
        {
            "workloadName": "SAP",
            "deploymentPatternName": "SapNWOnHanaSingle",
            "workloadVersionName": "2023-10-30-23-00-00",
            "displayName": "SAP NetWeaver on SAP HANA system on a single Amazon EC2 instance",
            "description": "Deploy an SAP application on the same Amazon EC2 instance as your SAP HANA Database.",
            "status": "ACTIVE"
        }
    ]
}
```

------

# Monitor Launch Wizard for SAP deployments


You can monitor your Launch Wizard for SAP deployments using the Amazon Launch Wizard console and Amazon CLI.

**Topics**
+ [

## Monitoring SAP deployments (Console)
](#launch-wizard-sap-monitoring-console)
+ [

## Monitor SAP deployments (Amazon CLI)
](#launch-wizard-sap-monitoring-cli)

## Monitoring SAP deployments (Console)


Once you have deployed an application, you can monitor it using the Launch Wizard console.

**To monitor SAP deployments using the console**

1. Access the Amazon Launch Wizard console located at [https://console.aws.amazon.com/launchwizard](https://console.amazonaws.cn/launchwizard).

1. On the left panel, under **Deployments**, choose **SAP**.

1. Under **Application name**, choose the application's name that you are deploying.

1. You can now review the information in the **Details** pane and the **Deployment events** for your application.

## Monitor SAP deployments (Amazon CLI)


You can monitor your Launch Wizard for SAP deployments using the Amazon CLI.

### Prerequisites


The following prerequisites are required in order to use the Amazon CLI to monitor your Launch Wizard deployment.
+ Install or update the Amazon CLI, see [Install or update the latest version of the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/getting-started-install.html).
+ Determine the deployment name used for the deployment to monitor. The name was specified during the deployment creation wizard, or as the input for the `CreateDeployment` operation. You can discover the name using the Launch Wizard console, or the `GetDeployment` operation.

### Monitoring SAP deployments (Amazon CLI)


You can use the `DescribeLogStreams` operation to find the available log streams for the deployment. Once you have the log stream names, you can use the **GetEventLogs** operation to list log events for your deployment related to the log stream you specify.

**To monitor SAP deployments using the Amazon CLI**

1. List the log streams available for the deployment. The streams include the logs and scripts that are run on instances launched for the deployment.

   ```
   $ aws logs describe-log-streams --region us-east-1 --log-group-name LaunchWizard-DeploymentName
   
   "logStreams": [
           {
               "logStreamName": "/var/lib/amazon/ssm/packages/AWSSAP-Backint/2.0.4.768/aws-backint-agent-install-20231027153332.log",
               "creationTime": 1698420842081,
               "firstEventTimestamp": 1698420837015,
               "lastEventTimestamp": 1698420842015,
               "lastIngestionTime": 1698420842277,
               "uploadSequenceToken": "111122223333EXAMPLE",
               "arn": "arn:aws:logs:us-east-1:111122223333:log-group:LaunchWizard-b2gtehPp:log-stream:/var/lib/amazon/ssm/packages/AWSSAP-Backint/2.0.4.768/aws-backint-agent-install-20231027153332.log",
               "storedBytes": 0
           },
           {
               "logStreamName": "i-1234567890abcdef0",
               "creationTime": 1698418980895,
               "firstEventTimestamp": 1698418975818,
               "lastEventTimestamp": 1698420271819,
               "lastIngestionTime": 1698420276842,
               "uploadSequenceToken": "111122223333EXAMPLE",
               "arn": "arn:aws:logs:us-east-1:111122223333:log-group:LaunchWizard-b2gtehPp:log-stream:i-1234567890abcdef0",
               "storedBytes": 0
           },
           ...
   ]
   ```

1. Get the log events for the relevant log stream. By default, this operation returns as many log events as can fit in a response size of 1 MB (up to 10,000 log events). You can get additional log events by specifying one of the tokens in a subsequent call.

   ```
   $ userprompt;aws logs get-log-events --region us-east-1 --log-group-name LaunchWizard-DeploymentName --log-stream-name LogStreamName
   
   {
       "events": [
           {
               "timestamp": 1698418975818,
               "message": "[ 10/27/2023 03:02:45 PM] [        main:  29] [   INFO] process stated.",
               "ingestionTime": 1698418981051
           },
           {
               "timestamp": 1698418975818,
               "message": "[ 10/27/2023 03:02:45 PM] [        main:  30] [   INFO] python version 3.8",
               "ingestionTime": 1698418981051
           },
           ...
       ],
       "nextBackwardToken": "b/31961209122358285602261756944988674324553373268216709120",
       "nextForwardToken": "f/31961209122447488583055879464742346735121166569214640130",
   }
   ```

1. Repeat these steps as necessary to review all of the relevant log streams.

If you find that your deployment has experienced issues, or you want to know more about other logs generated during an SAP deployment, see [Troubleshoot Amazon Launch Wizard for SAP](launch-wizard-sap-troubleshooting.md).

# Deploying SAP Web Dispatcher


Amazon Launch Wizard supports the deployment of SAP Web Dispatcher as an optional component for Netweaver stack on HANA deployments. SAP Web Dispatcher is deployed in front of your SAP Application Servers to act as the entry point for HTTP(S) request traffic destined for your SAP Application Servers. SAP Web Dispatcher accepts or rejects the request traffic that arrives. Accepted traffic is load balanced among your Application Servers. You can use SAP Web Dispatcher in systems with the following application stacks:
+ Advanced Business Application Programming (ABAP) only
+ Java only
+ ABAP and Java (dual-stack)

**Topics**
+ [

## Architectures for SAP Web Dispatcher
](#launch-wizard-sap-deploy-web-dispatcher-architectures)
+ [

## Post-deployment configuration activities
](#launch-wizard-sap-deploy-web-dispatcher-post-deployment)

## Architectures for SAP Web Dispatcher


SAP Web Dispatcher is available for singe instance, multiple instance, and high availability deployments of Netweaver stack on HANA. The deployment type you specify affects the placement of the component in your architecture.

### Single instance deployment


Launch Wizard deploys the component as a standalone component on the same instance where the SAP application and database are deployed.

The following diagram depicts an SAP Web Dispatcher deployment using a single instance.

![\[A SAP Web Dispatcher deployment that uses a single instance.\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/images/sap-wd-single.png)


### Distributed instances deployment


Launch Wizard deploys the component on a separate instance in the same Availability Zone (AZ) where the SAP application and database components are deployed.

The following diagram depicts an SAP Web Dispatcher deployment using a multiple instances.

![\[A SAP Web Dispatcher deployment that uses multiple instances.\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/images/sap-wd-multi.png)


### High availability (HA) deployment


Launch Wizard deploys the component on two Amazon EC2 instances, each in a different Availability Zone (AZ). Each AZ also the SAP application and database components. For more information, see [High Availability of the SAP Web Dispatcher](https://help.sap.com/doc/saphelp_nw74/7.4.16/en-us/48/9a9a6b48c673e8e10000000a42189b/content.htm?no_cache=true) in the SAP documentation.

The following diagram depicts a highly available SAP Web Dispatcher deployment using multiple instances behind an internet-facing load balancer.

![\[A SAP Web Dispatcher deployment that is highly available and accessible from the internet.\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/images/sap-wd-ha-internet.png)


The following diagrams depicts a highly available SAP Web Dispatcher deployment using multiple instances behind an intranet-facing load balancer.

![\[A SAP Web Dispatcher deployment that is highly available and accessible from your intranet.\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/images/sap-wd-ha-intranet.png)


### Load balancers for SAP Web Dispatcher


You can optionally deploy an Application Load Balancer or Network Load Balancer with all deployment patterns. The load balancer can be used to accept internet or intranet traffic based on your application requirements. For more information about Elastic Load Balancing, see [What is Elastic Load Balancing?](https://docs.amazonaws.cn/elasticloadbalancing/latest/userguide/what-is-load-balancing.html) in the *Elastic Load Balancing User Guide*.

Network Load Balancer operate at the TCP layer and can handle traffic such as the RFC protocol for system interfaces and File Transfer Protocol (FTP). If your applications need additional context such as HTTP headers, or you plan to integrate other Amazon services in your architecture, consider using an Application Load Balancer. Deploying an Application Load Balancer allows you to integrate various other services such as [Amazon WAF](https://docs.amazonaws.cn/waf/latest/developerguide/waf-chapter.html), [Amazon Certificate Manager](https://docs.amazonaws.cn/acm/latest/userguide/acm-overview.html) (ACM), and [Amazon CloudFormation](https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/Introduction.html).

In Launch Wizard, you will have the option to implement the SSL/TLS termination at load balancer. You must first [request a public SSL in ACM ](https://docs.amazonaws.cn/acm/latest/userguide/gs-acm-request-public.html) or [import your own SSL Certificate into ACM](https://docs.amazonaws.cn/acm/latest/userguide/import-certificate.html) to use this option. If you need to do end-to-end HTTPS encryption, you can follow the post-deployment configuration activities. For more information on configuring your deployed resources to support HTTS traffic, see [Post-deployment configuration activities](#launch-wizard-sap-deploy-web-dispatcher-post-deployment).

## Post-deployment configuration activities


After your Launch Wizard for SAP deployment with the SAP Web Dispatcher component completes, you must perform several manual configurations to finalize the deployment. These additional configurations are in the customer portion of the [Amazon Shared Responsibility Model](https://www.amazonaws.cn/compliance/shared-responsibility-model/). You should ensure that the changes you make meet your specific security requirements.

**Topics**
+ [

### Validate HTTP(S) listeners are set up
](#launch-wizard-sap-deploy-web-dispatcher-post-deployment-https-listeners)
+ [

### Activate HTTP(S) services
](#launch-wizard-sap-deploy-web-dispatcher-post-deployment-activate)
+ [

### Validate target group checks are set up
](#launch-wizard-sap-deploy-web-dispatcher-post-deployment-checks)
+ [

### Validate SAP Web Dispatcher functionality
](#launch-wizard-sap-deploy-web-dispatcher-post-deployment-validate)
+ [

### Enable HTTPS communication
](#launch-wizard-sap-deploy-web-dispatcher-post-deployment-enable-https)

### Validate HTTP(S) listeners are set up


HTTP(S) listeners must be set up in the SAP System. You can check whether the Internet Communication Framework (ICF) is configured according to your requirements (transaction SMICM for ABAP). All HTTP(S) listeners must use the correct port settings and be in the **Active **status. For more information, see [Displaying and Changing Services](https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/89f3ee33b11b5ae10000000a42189c/content.htm?no_cache=true) in the SAP documentation.

### Activate HTTP(S) services


For SAP Web Dispatcher and load balancing to function properly, you must activate the following services in the HTTP service tree (transaction SICF for ABAP):
+ /sap/public/icman
+ /sap/public/icf\$1info/\$1
+ /sap/public/ping

For ABAP installations, you must activate **/sap/public/ping** to allow load balancers to perform health checks through SAP Web Dispatcher. This prevents the routing of traffic to unhealthy application servers.

For Java installations, you must use **/startPage** as the starting point for the health check endpoint. Once you have full installed and configured the Portal Usage Type, you can adjust this value to **/irj/portal**.

For more information, see [Operating SAP Web Dispatcher](https://help.sap.com/docs/ABAP_PLATFORM_NEW/683d6a1797a34730a6e005d1e8de6f22/4899d231ee2b73e7e10000000a42189b.html) in the SAP documentation.

### Validate target group checks are set up


After you configure load balancing, the target group for your load balancer might end up with unhealthy SAP Web Dispatcher endpoints. You can reregister your SAP Web Dispatcher instances with the correct ports to ensure the load balancer is properly routing traffic. For more information, see [Register or deregister targets](https://docs.amazonaws.cn/elasticloadbalancing/latest/application/target-group-register-targets.html#register-deregister-targets) in the *Elastic Load Balancing User Guide*.

### Validate SAP Web Dispatcher functionality


After you configure and validate the related SICF services and validate that the load balancer target groups are healthy, you can validate SAP Web Dispatcher with a web browser.

**To access SAP Web Dispatcher**

1. Open a web browser on a device that can access the instance running SAP Web Dispatcher.

1. Access your SAP Web Dispatcher web console, replacing values as necessary:

   ```
   http://load-balancer-dns-endpoint:listener-port/sap/wdisp/admin/public/default.html
   ```

1. For **user**, enter **webadm**.

1. For **password**, enter the password you specified in the Launch Wizard deployment.

1. Login to the web console.

1. Choose **Monitor Application Servers** and ensure that you can see all of your Application Servers and that they are using port 80.

1. Choose **Monitor Server Groups** and ensure that you can see all of your server groups.

    For more information, see [Area Menu](https://help.sap.com/saphelp_snc700_ehp01/helpdata/en/48/7f579f7df935e1e10000000a42189c/frameset.htm) in the SAP documentation.

### Enable HTTPS communication


To provide you with the most flexibility to meet your own requirements, SAP Web Dispatcher is deployed behind an Application Load Balancer with only the HTTP protocol enabled by default. Launch Wizard can implement SSL/TLS termination at the load balancer during deployment, or you can implement end-to-end encryption after the deployment completes.

#### Enable SSL/TLS termination


With SSL/TLS termination, HTTPS traffic from the end user is decrypted at the load balancer. This traffic is then forwarded to SAP Web Dispatcher and your application servers using the HTTP protocol. Launch Wizard can configure SSL/TLS termination at the load balancer during deployment. To use this option, you will need to specify a load balancer and ACM certificate while configuring the deployment. For more information, see [Deploy an SAP application with Amazon Launch Wizard](launch-wizard-sap-deploying-console.md#deploy-console-launch-wizard-sap).

#### Enable end-to-end HTTPS encryption


With end-to-end HTTPS encryption, traffic is encrypted to the load balancer and then traffic is re-encrypted at the SAP Web Dispatcher and Application Server instances. You must obtain a certificate from a 3rd party provider before following this procedure.

**To configure end-to-end encryption**

1. Apply your own certificate to your application servers.

   1. If you have a SAP ABAP application server, apply your certificate to it. For more information, see [Configuring the ABAP Platform to Support TLS](https://help.sap.com/docs/ABAP_PLATFORM_NEW/e73bba71770e4c0ca5fb2a3c17e8e229/4923501ebf5a1902e10000000a42189c.html) in the SAP documentation.

   1. If you have a SAP NetWeaver Java application server, apply your certificate to it. For more information, see [Configuring Transport Layer Security on SAP NetWeaver AS for Java](https://help.sap.com/docs/SAP_NETWEAVER_750/a42446bded624585958a36a71903a4a7/4a015cc68d863132e10000000a421937.html?version=7.5.27) in the SAP documentation.

1. Apply your own certificate to the SAP Web Dispatcher instance. For more information, see [Configure SAP Web Dispatcher to Support SSL](https://help.sap.com/docs/ABAP_PLATFORM_NEW/683d6a1797a34730a6e005d1e8de6f22/493db10a19341067e10000000a42189c.html) in the SAP documentation.

1. Import the certificate that you used in the previous steps into ACM. For more information, see [Importing a certificate](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate-api-cli.html) in the *Amazon Certificate Manager User Guide*.

1. Create a listener for your Load Balancer.

   1. If you use Application Load Balancer, you create a HTTPS listener with your certificate imported into ACM as the default certificate. For more information, see [Create an HTTPS listener for your Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html) in the *User Guide for Application Load Balancers*.

   1. If you use Network Load Balancer, you create a TLS Listener. For more information, see [TLS listeners for your Network Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html) in *User Guide for Network Load Balancers*.

1. Configure an alias or CNAME DNS record for your load balancer using your preferred domain name. For example, your domain name might resemble the following:

   ```
   example.yourdomain.com
   ```

   1.   
**Example**  

      If you use Amazon Route 53, create an Alias record. For more information, see [Creating records by using the Amazon Route 53 console](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html) in the *Amazon Route 53 Developer Guide*.

   1. If you use a different DNS provider, create a CNAME record with the provider. For more information, refer to your DNS provider’s documentation.

1. Confirm the configuration is working by accessing your endpoint by the DNS name over HTTPS. 

   1. For ABAP systems, your URL with the custom DNS name might resemble the following:

      ```
      https://example.yourdomain.com/sap/public/ping
      ```

   1. For Java systems, your URL with the custom DNS name might resemble the following:

      ```
      https://example.yourdomain.com/startPage
      ```

# Amazon Launch Wizard for SAP tutorials
Tutorials

The following tutorials can help you get started with deploying an application with Amazon Launch Wizard.

**Topics**
+ [

## Deploy SAP HANA with Amazon Launch Wizard
](#launch-wizard-sap-tutorials-sap-hana)
+ [

## Deploy SAP S/4HANA with high availability
](#launch-wizard-sap-tutorials-HA-deploy)
+ [

## Automate a high availability configuration for SAP HANA
](#launch-wizard-sap-tutorials-failover)

## Deploy SAP HANA with Amazon Launch Wizard


For more information about how to deploy an SAP HANA database on Amazon that applies Amazon and SAP best practices, watch the following video.

[![AWS Videos](http://img.youtube.com/vi/https://www.youtube.com/embed/-EHJLBwDBgU/0.jpg)](http://www.youtube.com/watch?v=https://www.youtube.com/embed/-EHJLBwDBgU)


## Deploy SAP S/4HANA with high availability


For more information about how to automate the configuration of a high availability SAP S/4HANA application on Amazon using Amazon Launch Wizard, watch the following video.

[![AWS Videos](http://img.youtube.com/vi/https://www.youtube.com/embed/0VyvrE2fvmc/0.jpg)](http://www.youtube.com/watch?v=https://www.youtube.com/embed/0VyvrE2fvmc)


## Automate a high availability configuration for SAP HANA


For more information about how to automate a high availability configuration for an SAP HANA database on Amazon and then test the failover of the system with Amazon Launch Wizard, watch the following video.

[![AWS Videos](http://img.youtube.com/vi/https://www.youtube.com/embed/g6E-Hua0WzE/0.jpg)](http://www.youtube.com/watch?v=https://www.youtube.com/embed/g6E-Hua0WzE)


# Manage application resources with Amazon Launch Wizard for SAP
Manage application resources

After you have deployed an SAP application, you can manage and update it as follows:

**Topics**
+ [

# Manage deployments
](launch-wizard-sap-managing-manage.md)
+ [

# Delete infrastructure configuration
](launch-wizard-sap-managing-delete-config.md)

# Manage deployments


1. From the left navigation pane, choose **SAP**.

1. Under the **Deployments** tab, select the check box next to the application that you want to manage, and then choose **Actions**. You can do the following:

   1. **Manage resources on the EC2 console**. You are directed to the Amazon EC2 console, where you can view and manage your SAP application resources, such as Amazon EC2, Amazon EBS, Amazon VPC, Subnets, NAT Gateways, and Elastic IPs. 

   1. **View resource group with Systems Manager**. In the Systems Manager console, you can manage your application with built-in integrations through resource groups. Launch Wizard automatically tags your deployment with resource groups. When you access Systems Manager through Launch Wizard, the resources are automatically filtered for you based on your resource group. You can manage, patch, and maintain your applications in Systems Manager.

   1. **View CloudWatch application logs.** You are directed to the CloudWatch dashboard, where you can view your logs.

   1. **View CloudFormation template.** You are directed to the Amazon CloudFormation to view the templates created for this deployment.

   1. **View Service Catalog product. ** You are directed to the Amazon Service Catalog console to view the Amazon Service Catalog product that was created for this deployment.

1. Select the check box next to the application that you want to manage, and then choose **Manage Application**:
   + You are redirected to the **Application Detail** page in Application Manager if the deployment is complete, and the application is supported and onboarded to Amazon Systems Manager for SAP.
   + You are redirected to the **Register Application** page in Application Manager if the deployment is complete, the application is supported but not onboarded to Amazon Systems Manager for SAP.
   + **Manage Application** is disabled if the deployment is not complete, or if the application is unsupported by Amazon Systems Manager for SAP.

1. To delete a deployment, select the application that you want to delete, and select **Delete**. You are prompted to confirm the deletion.
**Important**  
When you delete a deployment, Launch Wizard attempts to delete only the Amazon resources it created in your account as part of the deployment. Launch Wizard considers certain resources, such as security groups, infrastructure configuration templates created during a deployment, and EFS file systems created for a transport directory, as shared resources between multiple deployments. Shared resources are not deleted when you delete a deployment.

1. For more information about your application resources, choose the **Application name**. You can then view the **Deployment events** and **Summary** details for your application using the tabs at the top of the page.

# Delete infrastructure configuration


1. From the left navigation pane, choose **SAP**.

1. Under **Saved infrastructure configurations** tab, select the configuration name you want to delete, and then choose **Delete**. You are prompted to confirm the deletion. 
**Important**  
When you delete an infrastructure configuration, it will not be available for future deployments. Resources created from the configuration, such as VPCs, availability groups, subnets, and key pair names are not deleted. 

1. For more information about an infrastructure configuration, choose the **Configuration name**. 

# Make SAP HANA software available for Amazon Launch Wizard to deploy a HANA database
Make SAP HANA software available to Launch Wizard

This section describes steps to download the SAP HANA software and upload it to Amazon S3 to make it available for Launch Wizard to deploy a HANA database.

**Topics**
+ [

## Download SAP HANA software
](#launch-wizard-sap-install)
+ [

## Upload SAP HANA software to Amazon S3
](#launch-wizard-sap-s3)

## Download SAP HANA software
Download SAP software

To download the SAP HANA software, go to the **SAP Software Downloads** page and download the installation files directly to your local drive.

1. Navigate to the [SAP Software Downloads](http://support.sap.com/swdc) page and log in to your account.

1. Under **Installation and Upgrades**, choose **Access Downloads**>**A-Z index**.

1. Choose **H** in the **Installations and Upgrades** window, and select **SAP HANA Platform Edition** from the list.

1. Choose **SAP HANA Platform Edition**>**Installation**.

1. In the **Downloads** window, find the revision you want to download and download each file to your local drive. 
**Note**  
If you do not have access to the software and believe you should, contact the [SAP Global Support Customer Interaction Center](http://support.sap.com/contactus). 
**Important**  
Do not extract the downloaded HANA software. Instead, stage the files in your Amazon S3 bucket as is. Launch Wizard will extract the media and install the software for you.

## Upload SAP HANA software to Amazon S3
Upload SAP HANA to Amazon S3

To upload the SAP HANA software to your Amazon S3 bucket, you must create and set up your destination bucket.

**Set up destination bucket**

1. Navigate to the Amazon S3 console at [https://console.aws.amazon.com/s3](https://console.amazonaws.cn/s3).

1. Choose **Create Bucket**.

1. In the **Create Bucket** dialog box, provide a name for your new S3 bucket with the prefix `launchwizard`. Choose the **Amazon Web Services Region** where you want to create the S3 bucket, which should be a Region that is close to your location, and then choose **Create Bucket**. For detailed information about bucket names and Region selection, see [Create a Bucket ](https://docs.amazonaws.cn/AmazonS3/latest/gsg/CreatingABucket.html)in the **Amazon S3 Getting Started Guide**.

1. Choose the bucket that you created and, from the **Overview** tab, **Create folder**s to organize your SAP HANA downloads. We recommend that you create a folder for each version of SAP HANA.

1. To add the unextracted SAP HANA files to the appropriate folder, choose **Upload** from the **Overview** tab. 

 If the path for the specific version of SAP HANA software is `s3://launchwizardhanamedia/SP23` or `s3://launchwizardhanamedia/SP24`, then use this path in the Amazon S3 URL for SAP HANA software (HANAInstallMedia) parameter. 

**Note**  
We recommend that you place only the main SAP HANA installation files in the S3 bucket. Do not place multiple SAP HANA versions in the same folder. SAP provides the software as a single .zip file or as multiple files depending on the SAP HANA version (one .exe file and multiple .rar files). Upload them to the version-specific folder that you created. 

**Important**  
If you're using a SAP HANA SAR file as SAP HANA installer, the following files are required to be in the same S3 location:  
`IMDB_SERVERXX_XXX_X-XXXXXXXX.SAR`
`IMDB_CLIENTXX_XXX_XX-XXXXXXXX.SAR`
`SAPCAR_XXXX-XXXXXXXX.EXE`

# Make SAP application software available for Amazon Launch Wizard to deploy SAP
Make SAP application software available to Launch Wizard

This section describes steps to upload the SAP application software to Amazon S3 to make it available for Launch Wizard to deploy SAP.

Amazon Launch Wizard supports the following software versions. To install a software version, you must provide the SAP software files to Launch Wizard by downloading them from the [SAP Support Portal](https://support.sap.com/en/index.html) and then uploading them to Amazon S3 (storage class - Standard). To access and use the files for installation, Launch Wizard requires them to be formatted according to the Amazon S3 file path syntax listed in the following table.

**Note**  
The software versions and CD numbers listed in the following table should be used as a reference for all of the software components required to deploy SAP, as well as for how to format the Amazon S3 path to make the software available for Launch Wizard to deploy SAP. Launch Wizard supports NetWeaver 7.50, NetWeaver 7.52, S/4 HANA 1909, S/4 HANA 2020, and BW/4HANA 2.0. You can source the latest SAP software using a script or determine the latest CD numbers of supported applications to use from SAP manually.  
For more information about running a pre-deployment configuration script to source the latest SAP software, refer to the [software\$1download](https://github.com/awslabs/aws-sap-automation/tree/main/software_download) portion of the **aws-sap-automation** repository.
For more information about finding the latest software from SAP, refer to [SAP Maintenance Planner](https://support.sap.com/en/alm/solution-manager/processes-72/maintenance-planner.html) or [SAP Software Downloads](https://support.sap.com/en/my-support/software-downloads.html).

**Topics**
+ [

## Making software available for SAP HANA based applications
](#nw-on-hana)
+ [

## Making software available for SAP ASE based applications
](#nw-on-ase)

## Making software available for SAP HANA based applications


**Note**  
SAP Host Agent 7.22 PL62 or a later version is recommended in a high availability setup for SAP HANA site replication to avoid a known issue with the host agent.

------
#### [ NetWeaver 7.52 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 1.0 latest version  | SWPM20SP16\$12-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | SAPCAR\$11200-70007716.EXE |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | NW 7.52  | 51051806\$1part1.exe 51051806\$1part2.rar | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.53 and later |  `igsexe_0-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_66-70006642.SAR`  `SAPEXEDB_66-70006641.SAR` `SAPHOSTAGENT59_59-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.5  | IMDB\$1CLIENT20\$1005\$1111-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB versions are supported (ZIP files only).

**Note**  
The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| hana-20-sp05  | 51058046 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp06 | 51056431 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp07 | 51057071 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp08 | 51058521 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 

------
#### [ NetWeaver 7.50 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 1.0 latest version  | SWPM10SP42\$11-20009701.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | SAPCAR\$11010-70006178.exe |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | NW 7.50 | 51050829\$13.ZIP   | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.53 and later |  `igsexe_12-80003187.sar` `igshelper_17-10010245.sar` `SAPEXE_700-80002573.SAR`  `SAPEXEDB_700-80002572.SAR` `SAPHOSTAGENT49_49-20009394.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.5  | IMDB\$1CLIENT20\$1005\$1111-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB versions are supported (ZIP files only).

**Note**  
The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| hana-20-sp05  | 51058046 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp06 | 51056431 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp07 | 51057071 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp08 | 51058521 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 

------
#### [ NetWeaver 750 (JAVA) ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 1.0 latest version  | SWPM10SP42\$11-20009701.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | NW 7.50 | 51055106.ZIP  | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.53 and later |  `igsexe_12-80003187.sar` `igshelper_17-10010245.sar` `SAPEXE_700-80002573.SAR`  `SAPEXEDB_700-80002572.SAR` `SAPHOSTAGENT49_49-20009394.SAR` `SAPJVM8_89-80000202.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.5  | IMDB\$1CLIENT20\$1005\$1111-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB versions are supported (ZIP files only).

**Note**  
The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| hana-20-sp05  | 51056441 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp06 | 51058046 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp07 | 51057071 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp08 | 51058521 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 

------
#### [ BW/4HANA 2023 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP19\$11-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | SAPCAR\$11010-70006178.exe |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | BW4HANA300 | BW4HANA400\$1INST\$1EXPORT\$11.zip through BW4HANA400\$1INST\$1EXPORT\$19.zip  | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 785 or later |  `igsexe_0-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_101-70007807.SAR`  `SAPEXEDB_101-70007806.SAR` `SAPHOSTAGENT54_54-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.22 | IMDB\$1CLIENT20\$1022\$132-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ BW/4HANA 2021 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP10\$13-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | SAPCAR\$11010-70006178.exe |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | BW4HANA300 | BW4HANA300\$1INST\$1EXPORT\$11.zip through BW4HANA300\$1INST\$1EXPORT\$18.zip  | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 785 or later |  `igsexe_0-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_50-80005374.SAR`  `SAPEXEDB_50-80005373.SAR` `SAPHOSTAGENT54_54-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.11 | IMDB\$1CLIENT20\$1011\$114-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ BW/4HANA 2.0 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP07\$10-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | SAPCAR\$11010-70006178.exe |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | BW4HANA 2.0  | BW4HANA200\$1INST\$1EXPORT\$11.zip through BW4HANA200\$1INST\$1EXPORT\$17.zip  | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.77 |  `igsexe_12-80003187.sar` `igshelper_17-10010245.sar` `SAPEXE_300-80004393.SAR`  `SAPEXEDB_300-80004392.SAR` `SAPHOSTAGENT49_49-20009394.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.5  | IMDB\$1CLIENT20\$1005\$1111-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ S/4HANA 2025 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP22\$16-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 109 |  S4CORE109\$1INST\$1EXPORT\$11.zip through S4CORE109\$1INST\$1EXPORT\$134.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 916 or later |  `igsexe_0-70008564.sar` `igshelper_17-10010245.sar` `SAPEXE_81-70008102.SAR`  `SAPEXEDB_81-70008101.SAR` `SAPHOSTAGENT69_69-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.24 | IMDB\$1CLIENT20\$1024\$121-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

**Note**  
\$1 SAP HANA installation can also be performed using SAR files.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SAP HANA database software | hana-20-sp08-rev89 | N/A | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 

------
#### [ S/4HANA Foundations 2025 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  |  `SWPM20SP22_6-80003424.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 109 | S4FND109\$1INST\$1EXPORT\$11.zip through S4FND109\$1INST\$1EXPORT\$110.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 916 or later |  `igsexe_0-70008564.sar` `igshelper_17-10010245.sar` `SAPEXE_81-70008102.SAR`  `SAPEXEDB_81-70008101.SAR` `SAPHOSTAGENT69_69-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.24 | IMDB\$1CLIENT20\$1024\$121-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

**Note**  
\$1 SAP HANA installation can also be performed using SAR files.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SAP HANA database software | hana-20-sp08-rev89 | N/A | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 

------
#### [ S/4HANA 2023 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP16\$10-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 108 |  S4CORE108\$1INST\$1EXPORT\$11.zip through S4CORE108\$1INST\$1EXPORT\$130.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 785 or later |  `igsexe_4-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_60-70007807.SAR`  `SAPEXEDB_60-70007806.SAR` `SAPHOSTAGENT62_62-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.11 | IMDB\$1CLIENT20\$1011\$114-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SAP HANA database software | hana-20-sp07 | 51057071 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 

------
#### [ S/4HANA Foundations 2023 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  |  `SWPM20SP16_0-80003424.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 108 | S4FND108\$1INST\$1EXPORT\$11.zip through S4FND108\$1INST\$1EXPORT\$19.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 785 or later | `igsexe_4-70005417.sar``igshelper_17-10010245.sar` `SAPEXE_60-70007807.SAR` `SAPEXEDB_60-70007806.SAR` `SAPHOSTAGENT62_62-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.11 | IMDB\$1CLIENT20\$1011\$114-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SAP HANA database software | hana-20-sp07 | 51057071 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 

------
#### [ S/4HANA 2022 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP10\$13-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 105 |  S4CORE107\$1INST\$1EXPORT\$11.zip through S4CORE107\$1INST\$1EXPORT\$130.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 785 or later |  `igsexe_0-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_66-70006642.SAR`  `SAPEXEDB_66-70006641.SAR` `SAPHOSTAGENT59_59-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.11 | IMDB\$1CLIENT20\$1011\$114-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ S/4HANA Foundations 2022 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP10\$13-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 105 |  S4FND107\$1INST\$1EXPORT\$11.zip through S4FND107\$1INST\$1EXPORT\$19.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 785 or later |  `igsexe_0-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_66-70006642.SAR`  `SAPEXEDB_66-70006641.SAR` `SAPHOSTAGENT59_59-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.11 | IMDB\$1CLIENT20\$1011\$114-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ S/4HANA 2021 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP10\$13-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | SAPCAR\$11010-70006178.exe |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 106 |  S4CORE106\$1INST\$1EXPORT\$11.zip through S4CORE106\$1INST\$1EXPORT\$128.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 785 or later |  `igsexe_0-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_50-80005374.SAR`  `SAPEXEDB_50-80005373.SAR` `SAPHOSTAGENT54_54-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.11 | IMDB\$1CLIENT20\$1011\$114-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ S/4HANA Foundations 2021 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP10\$13-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 105 |  S4FND106\$1INST\$1EXPORT\$11.zip through S4FND106\$1INST\$1EXPORT\$18.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | 785 or later |  `igsexe_0-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_66-70006642.SAR`  `SAPEXEDB_66-70006641.SAR` `SAPHOSTAGENT59_59-80004822.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.11 | IMDB\$1CLIENT20\$1011\$114-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ S/4HANA 2020 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP07\$10-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | SAPCAR\$11010-70006178.exe |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 105 |  S4CORE105\$1INST\$1EXPORT\$11.zip through S4CORE105\$1INST\$1EXPORT\$124.zip | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.77 |  `igsexe_0-70005417.sar` `igshelper_17-10010245.sar` `SAPEXE_15-70005283.SAR`  `SAPEXEDB_15-70005282.SAR` `SAPHOSTAGENT49_49-20009394.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.5  | IMDB\$1CLIENT20\$1005\$1111-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ S/4HANA 1909 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 2.0 latest version  | SWPM20SP07\$10-80003424.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | SAPCAR\$11010-70006178.exe |  N/A | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | S4Core 104 | S4CORE104\$1INST\$1EXPORT\$11.zip through S4CORE104\$1INST\$1EXPORT\$125.zip  | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.77 |  `igsexe_12-80003187.sar` `igshelper_17-10010245.sar` `SAPEXE_300-80004393.SAR`  `SAPEXEDB_300-80004392.SAR` `SAPHOSTAGENT49_49-20009394.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 
| SAP HANA Client | 2.5  | IMDB\$1CLIENT20\$1005\$1111-80002082.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB version is supported.

**Note**  
\$1The CD versions are for reference only. Use the latest versions available on SAP Software Center.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-software-install-details.html)

------
#### [ Solution Manager 7.2 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 1.0 latest version  | SWPM10SP42\$11-20009701.SAR | S3://<Your SAP software bucket>/<Path representing SolutionManager version>/SWPM | 
| SAPCAR | SAPCAR\$11010-70006178.exe |  N/A | S3://<Your SAP software bucket>/<Path representing SolutionManager version>/SAPCAR | 
| Exports | SAP Solution Manager 7.2 | 51054655\$11.ZIP…51054655\$14.ZIP igsexe\$112-80003187.sar igshelper\$117-10010245.sar | S3://<Your SAP software bucket>/<Path representing SolutionManager version>/Exports | 
| Kernel components | NW 7.53 and later |  `SAPEXE_700-80002573.SAR` `SAPEXEDB_700-80002572.SAR` `SAPHOSTAGENT49_49-20009394.SAR`  `SAPJVM8_89-80000202.SAR`  | S3://<Your SAP software bucket>/<Path representing SolutionManager version>/Kernel | 
| SAP HANA Client | 2.5  | IMDB\$1CLIENT20\$1005\$1111-80002082.SAR | S3://<Your SAP software bucket>/<Path representing SolutionManager version>/HANA\$1Client\$1Software | 
| SAP Web Dispatcher | 7.93 | See [Note 908097](https://me.sap.com/notes/908097/E) in the SAP documentation. | S3://Your SAP software bucket</webdisp/ | 

The following HANA DB versions are supported (ZIP files only).

**Note**  
The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| hana-20-sp05  | 51058046 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp06 | 51056431 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp07 | 51057071 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 
| hana-20-sp08 | 51058521 | S3://<Your SAP software bucket>/<Path representing NW version>/HANA\$1DB\$1Software | 

------

## Making software available for SAP ASE based applications


------
#### [ NetWeaver 7.52 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 1.0 latest version  | SWPM10SP38\$14-20009701.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  SAPCAR\$11115-70006178.EXE | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | NW 7.52  | 51051806\$1part1.exe 51051806\$1part2.rar | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.53 and later |  `igsexe_12-80003187.sar` `igshelper_17-10010245.sar` `SAPEXE_700-80002573.SAR`  `SAPEXEDB_1000-80002616.SAR` `SAPHOSTAGENT61_61-80004822.SAR` `SAPJVM8_95-80000202.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 

The following SAP ASE DB versions are supported (ZIP files only).

**Note**  
The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SAP ASE Database software | SAP ASE 16.0.04.04 | 51056521\$11.ZIP | S3://<Your SAP software bucket>/<Path representing NW version>/SAPASE\$1DB\$1Software | 

------
#### [ NetWeaver 7.50 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 1.0 latest version  | SWPM10SP38\$14-20009701.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  SAPCAR\$11115-70006178.EXE | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | NW 7.50 | 51050829\$13.ZIP   | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.53 and later |  `igsexe_12-80003187.sar` `igshelper_17-10010245.sar` `SAPEXE_700-80002573.SAR`  `SAPEXEDB_1000-80002616.SAR` `SAPHOSTAGENT61_61-80004822.SAR` `SAPJVM8_95-80000202.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 

The following SAP ASE DB versions are supported (ZIP files only).

**Note**  
The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SAP ASE Database software | SAP ASE 16.0.04.04 | 51056521\$11.ZIP | S3://<Your SAP software bucket>/<Path representing NW version>/SAPASE\$1DB\$1Software | 

------
#### [ NetWeaver 750 (JAVA) ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 1.0 latest version  | SWPM10SP42\$11-20009701.SAR | S3://<Your SAP software bucket>/<Path representing NW version>/SWPM | 
| SAPCAR | Latest |  SAPCAR\$11115-70006178.EXE | S3://<Your SAP software bucket>/<Path representing NW version>/SAPCAR | 
| Exports | NW 7.50 | 51055106.ZIP  | S3://<Your SAP software bucket>/<Path representing NW version>/Exports | 
| Kernel components | NW 7.53 and later |  `igsexe_12-80003187.sar` `igshelper_17-10010245.sar` `SAPEXE_700-80002573.SAR`  `SAPEXEDB_1000-80002616.SAR` `SAPHOSTAGENT61_61-80004822.SAR` `SAPJVM8_95-80000202.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 

The following SAP ASE DB versions are supported (ZIP files only).

**Note**  
The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SAP ASE Database software | SAP ASE 16.0.04.04 | 51056521\$11.ZIP | S3://<Your SAP software bucket>/<Path representing NW version>/SAPASE\$1DB\$1Software | 

------
#### [ Solution Manager 7.2 ]


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SWPM | SWPM 1.0 latest version  | SWPM10SP42\$11-20009701.SAR | S3://<Your SAP software bucket>/<Path representing SolutionManager version>/SWPM | 
| SAPCAR | Latest |  SAPCAR\$11115-70006178.EXE | S3://<Your SAP software bucket>/<Path representing SolutionManager version>/SAPCAR | 
| Exports | SAP Solution Manager 7.2 |  51054655\$11.ZIP 51054655\$12.ZIP 51054655\$13.ZIP 51054655\$14.ZIP | S3://<Your SAP software bucket>/<Path representing SolutionManager version>/Exports | 
| Kernel components | NW 7.53 and later |  `igsexe_12-80003187.sar` `igshelper_17-10010245.sar` `SAPEXE_700-80002573.SAR`  `SAPEXEDB_1000-80002616.SAR` `SAPHOSTAGENT61_61-80004822.SAR` `SAPJVM8_95-80000202.SAR`  | S3://<Your SAP software bucket>/<Path representing NW version>/Kernel | 

The following SAP ASE DB versions are supported (ZIP files only).

**Note**  
The CD versions are for reference only. Use the latest versions available on SAP Software Center.


| CD name | Versions | CD number | Amazon S3 file path | 
| --- | --- | --- | --- | 
| SAP ASE Database software | SAP ASE 16.0.04.04 | 51056521\$11.ZIP | S3://<Your SAP software bucket>/<Path representing NW version>/SAPASE\$1DB\$1Software | 

------

# Repeat SAP application deployments using deployment artifacts created with Amazon Launch Wizard
Repeat SAP application deployments

This section contains information about how to repeat deployments using deployment artifacts created with Launch Wizard. The artifacts include Amazon Service Catalog products and Amazon CloudFormation templates.

**Topics**
+ [

## How Amazon Launch Wizard integration with Amazon Service Catalog works
](#launch-wizard-sap-service-catalog-how-it-works)
+ [

# Launch Amazon Service Catalog products created with Amazon Launch Wizard
](launch-wizard-sap-service-catalog.md)
+ [

# Launch Amazon Service Catalog products with ServiceNow
](launch-wizard-sap-service-catalog-servicenow.md)
+ [

# Launch Amazon Service Catalog products with Jira
](launch-wizard-sap-service-catalog-jira.md)
+ [

# Launch Amazon Service Catalog products with Terraform
](launch-wizard-sap-service-catalog-terraform.md)
+ [

# Launch Amazon CloudFormation templates created in Launch Wizard
](launch-wizard-sap-launch-artifacts-cloudformation.md)

## How Amazon Launch Wizard integration with Amazon Service Catalog works


Amazon Launch Wizard creates Amazon Service Catalog products from successful deployments. The Amazon Service Catalog products contain Amazon CloudFormation templates and associated application configuration scripts, which are stored in Amazon S3. You can use the Amazon Service Catalog products, along with integrations offered by Amazon Service Catalog, with third-party products, such as ServiceNow, Jira, or Terraform. Or, you can use the Amazon CloudFormation templates and application configuration scripts saved in Amazon S3 to deploy SAP applications that meet the requirements of organizational deployment and governance policies.

In addition to supporting deployments using Amazon CloudFormation templates, Amazon Service Catalog, and multiple deployment tools supported by Amazon Service Catalog, Amazon Launch Wizard creates a point-in-time snapshot of the code used to deploy and configure SAP applications at the time of the deployment. You can use the code "as is" for consistent repeated deployments, or you can use the code as a baseline and update it to meet specific application requirements.

Amazon Launch Wizard creates a default Launch Wizard portfolio and products within the portfolio. An Amazon Service Catalog product is created for each deployment and given a name that corresponds to the Launch Wizard deployment name.

![\[Deploying SAP applications with Launch Wizard, Amazon CloudFormation, Amazon Service Catalog, and third-party applications\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/images/lw-sc-architecture.png)


# Launch Amazon Service Catalog products created with Amazon Launch Wizard
Launch Amazon Service Catalog products

This section contains information to help you set up for and access Amazon Service Catalog products created with Amazon Launch Wizard to launch those products. It also contains information about how to create a launch constraint so that you don't have to use your own IAM credentials to launch and manage Amazon Service Catalog products.

**Topics**
+ [

# Set up to launch Amazon Service Catalog products created with Amazon Launch Wizard
](launch-wizard-sap-service-catalog-setup.md)
+ [

# Create a launch constraint
](launch-wizard-sap-service-catalog-constraint.md)
+ [

# Access Amazon Service Catalog products created with Amazon Launch Wizard
](launch-wizard-sap-service-catalog-access.md)
+ [

# Amazon Service Catalog deployment errors
](launch-wizard-sap-service-catalog-errors.md)

# Set up to launch Amazon Service Catalog products created with Amazon Launch Wizard
Set up

This section provides the required steps to grant permissions to the user group. This requirement must be met to access Amazon Service Catalog products created with Launch Wizard to launch those products.

**Grant Amazon Service Catalog permissions to the user group**

1. Navigate to the [Amazon Identity and Access Management console](https://console.amazonaws.cn/iam).

1. Choose **User groups** from the left navigation pane.

1. Choose **Create group.**

1. For **User group name**, enter `Endusers`. 

1. Enter `AWSServiceCatalog` in the search box to filter the policy list.

1. Select the check box next to the **AWSServiceCatalogEndUserFullAccess** policy. You can optionally choose **AWSServiceCatalogEndUserReadOnlyAccess** if you prefer to grant the user only read-only access. Choose **Create group**

1. To add a new user to the group, in the left navigation pane, choose **Users**.

1. Choose **Add user**.

1. Enter a **User name**.

1. Select **Amazon Web Services Management Console access**.

1. Choose **Next: Permissions**.

1. Choose **Add user to group**.

1. Select the check box next to the **Endusers** group, then choose **Next:Tags**.

1. Choose **Next: Review**. On the **Review** page, choose **Create user**. Download or copy the credentials, then choose **Close**.

# Create a launch constraint
Create launch constraint

A launch constraint specifies the Amazon Identity and Access Management role that Amazon Service Catalog assumes when a user launches a product. It is associated with products in the portfolio. If you do not use launch constraints, you must launch and manage products using your own IAM credentials. These credentials must have permissions to use Amazon CloudFormation, Amazon Service Catalog, and any other Amazon services used by the products. Using a launch constraint allows you to limit the permissions of a user to the minimum required for a product.

To create a launch constraint, complete the steps in the following procedure. Perform Step 2 for each of the following listed policies.

**Create the launch role**

## Amazon Service Catalog launch constraint policy 1


------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "applicationinsights:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "resource-groups:List*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:GetChange",
                "route53:ListResourceRecordSets",
                "route53:ListHostedZones",
                "route53:ListHostedZonesByName"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "kms:ListKeys",
                "kms:ListAliases"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:List*",
                "cloudwatch:Get*",
                "cloudwatch:Describe*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateInternetGateway",
                "ec2:CreateNatGateway",
                "ec2:CreateVpc",
                "ec2:CreateKeyPair",
                "ec2:CreateRoute",
                "ec2:CreateRouteTable",
                "ec2:CreateSubnet"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AllocateAddress",
                "ec2:AllocateHosts",
                "ec2:AssignPrivateIpAddresses",
                "ec2:AssociateAddress",
                "ec2:CreateDhcpOptions",
                "ec2:CreateEgressOnlyInternetGateway",
                "ec2:CreateNetworkInterface",
                "ec2:CreateVolume",
                "ec2:CreateVpcEndpoint",
                "ec2:CreateTags",
                "ec2:DeleteTags",
                "ec2:RunInstances",
                "ec2:StartInstances",
                "ec2:ModifyInstanceAttribute",
                "ec2:ModifySubnetAttribute",
                "ec2:ModifyVolumeAttribute",
                "ec2:ModifyVpcAttribute",
                "ec2:AssociateDhcpOptions",
                "ec2:AssociateSubnetCidrBlock",
                "ec2:AttachInternetGateway",
                "ec2:AttachNetworkInterface",
                "ec2:AttachVolume",
                "ec2:DeleteDhcpOptions",
                "ec2:DeleteInternetGateway",
                "ec2:DeleteKeyPair",
                "ec2:DeleteNatGateway",
                "ec2:DeleteSecurityGroup",
                "ec2:DeleteVolume",
                "ec2:DeleteVpc",
                "ec2:DetachInternetGateway",
                "ec2:DetachVolume",
                "ec2:DeleteSnapshot",
                "ec2:AssociateRouteTable",
                "ec2:AssociateVpcCidrBlock",
                "ec2:DeleteNetworkAcl",
                "ec2:DeleteNetworkInterface",
                "ec2:DeleteNetworkInterfacePermission",
                "ec2:DeleteRoute",
                "ec2:DeleteRouteTable",
                "ec2:DeleteSubnet",
                "ec2:DetachNetworkInterface",
                "ec2:DisassociateAddress",
                "ec2:DisassociateVpcCidrBlock",
                "ec2:GetLaunchTemplateData",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:ModifyVolume",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:GetConsoleOutput",
                "ec2:GetPasswordData",
                "ec2:ReleaseAddress",
                "ec2:ReplaceRoute",
                "ec2:ReplaceRouteTableAssociation",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:DisassociateIamInstanceProfile",
                "ec2:DisassociateRouteTable",
                "ec2:DisassociateSubnetCidrBlock",
                "ec2:ModifyInstancePlacement",
                "ec2:DeletePlacementGroup",
                "ec2:CreatePlacementGroup",
                "elasticfilesystem:DeleteFileSystem",
                "elasticfilesystem:DeleteMountTarget",
                "ds:AddIpRoutes",
                "ds:CreateComputer",
                "ds:CreateMicrosoftAD",
                "ds:DeleteDirectory"
            ],
            "Resource": "*"
        }
    ]
}
```

------

## Service Catalog launch constraint policy 2


------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:DescribeStack*",
                "cloudformation:Get*",
                "cloudformation:ListStacks",
                "cloudformation:SignalResource",
                "cloudformation:DeleteStack"
            ],
            "Resource": [
                "arn:aws-cn:cloudformation:*:*:stack/*/*",
                "arn:aws-cn:cloudformation:*:*:stack/ApplicationInsights*/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:StopInstances",
                "ec2:TerminateInstances"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:DeleteInstanceProfile",
                "iam:RemoveRoleFromInstanceProfile",
                "iam:AddRoleToInstanceProfile"
            ],
            "Resource": [
                "arn:aws-cn:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
                "arn:aws-cn:iam::*:instance-profile/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws-cn:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
                "arn:aws-cn:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*",
                "arn:aws-cn:iam::*:instance-profile/*"
            ],
            "Condition": {
                "StringEqualsIfExists": {
                    "iam:PassedToService": [
                        "lambda.amazonaws.com",
                        "ec2.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "autoscaling:AttachInstances",
                "autoscaling:CreateAutoScalingGroup",
                "autoscaling:CreateLaunchConfiguration",
                "autoscaling:DeleteAutoScalingGroup",
                "autoscaling:DeleteLaunchConfiguration",
                "autoscaling:UpdateAutoScalingGroup",
                "logs:CreateLogStream",
                "logs:DeleteLogGroup",
                "logs:DeleteLogStream",
                "logs:DescribeLog*",
                "logs:PutLogEvents",
                "resource-groups:CreateGroup",
                "resource-groups:DeleteGroup",
                "sns:ListSubscriptionsByTopic",
                "sns:Publish",
                "ssm:DeleteDocument",
                "ssm:DeleteParameter*",
                "ssm:DescribeDocument*",
                "ssm:GetDocument",
                "ssm:PutParameter"
            ],
            "Resource": [
                "arn:aws-cn:resource-groups:*:*:group/*",
                "arn:aws-cn:sns:*:*:*",
                "arn:aws-cn:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*",
                "arn:aws-cn:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*",
                "arn:aws-cn:ssm:*:*:parameter/LaunchWizard*",
                "arn:aws-cn:ssm:*:*:document/LaunchWizard*",
                "arn:aws-cn:logs:*:*:log-group:*:*:*",
                "arn:aws-cn:logs:*:*:log-group:LaunchWizard*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "ssm:SendCommand",
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringLike": {
                    "aws:TagKeys": "LaunchWizard*"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:DeleteLogStream",
                "logs:GetLogEvents",
                "logs:PutLogEvents",
                "ssm:AddTagsToResource",
                "ssm:DescribeDocument",
                "ssm:GetDocument",
                "ssm:ListTagsForResource",
                "ssm:RemoveTagsFromResource"
            ],
            "Resource": [
                "arn:aws-cn:logs:*:*:log-group:*:*:*",
                "arn:aws-cn:logs:*:*:log-group:LaunchWizard*",
                "arn:aws-cn:ssm:*:*:parameter/LaunchWizard*",
                "arn:aws-cn:ssm:*:*:document/LaunchWizard*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "autoscaling:Describe*",
                "cloudformation:DescribeAccountLimits",
                "cloudformation:DescribeStackDriftDetectionStatus",
                "cloudformation:List*",
                "cloudformation:GetTemplateSummary",
                "cloudformation:ValidateTemplate",
                "ds:Describe*",
                "ds:ListAuthorizedApplications",
                "ec2:Describe*",
                "ec2:Get*",
                "iam:GetRole",
                "iam:GetRolePolicy",
                "iam:GetUser",
                "iam:GetPolicyVersion",
                "iam:GetPolicy",
                "iam:List*",
                "logs:CreateLogGroup",
                "logs:GetLogDelivery",
                "logs:GetLogRecord",
                "logs:ListLogDeliveries",
                "resource-groups:Get*",
                "resource-groups:List*",
                "servicequotas:GetServiceQuota",
                "servicequotas:ListServiceQuotas",
                "sns:ListSubscriptions",
                "sns:ListTopics",
                "ssm:CreateDocument",
                "ssm:DescribeAutomation*",
                "ssm:DescribeInstanceInformation",
                "ssm:DescribeParameters",
                "ssm:GetAutomationExecution",
                "ssm:GetCommandInvocation",
                "ssm:GetParameter*",
                "ssm:GetConnectionStatus",
                "ssm:ListCommand*",
                "ssm:ListDocument*",
                "ssm:ListInstanceAssociations",
                "ssm:SendAutomationSignal",
                "ssm:StartAutomationExecution",
                "ssm:StopAutomationExecution",
                "tag:Get*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "logs:GetLog*",
            "Resource": [
                "arn:aws-cn:logs:*:*:log-group:*:*:*",
                "arn:aws-cn:logs:*:*:log-group:LaunchWizard*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:List*",
                "cloudformation:Describe*"
            ],
            "Resource": "arn:aws-cn:cloudformation:*:*:stack/LaunchWizard*/"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": [
                        "autoscaling.amazonaws.com",
                        "application-insights.amazonaws.com",
                        "events.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "sqs:TagQueue",
                "sqs:GetQueueUrl",
                "sqs:AddPermission",
                "sqs:ListQueues",
                "sqs:DeleteQueue",
                "sqs:GetQueueAttributes",
                "sqs:ListQueueTags",
                "sqs:CreateQueue",
                "sqs:SetQueueAttributes"
            ],
            "Resource": "arn:aws-cn:sqs:*:*:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricAlarm",
                "iam:GetInstanceProfile",
                "cloudwatch:DeleteAlarms",
                "cloudwatch:DescribeAlarms"
            ],
            "Resource": [
                "arn:aws-cn:cloudwatch:*:*:alarm:*",
                "arn:aws-cn:iam::*:instance-profile/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "route53:ListHostedZones",
                "ec2:CreateSecurityGroup",
                "ec2:AuthorizeSecurityGroupIngress",
                "elasticfilesystem:DescribeFileSystems",
                "elasticfilesystem:CreateFileSystem",
                "elasticfilesystem:CreateMountTarget",
                "elasticfilesystem:DescribeMountTargets",
                "elasticfilesystem:DescribeMountTargetSecurityGroups"
            ],
            "Resource": "*"
        }
    ]
}
```

------

## Service Catalog launch constraint policy 3


------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws-cn:s3:::launchwizard*",
                "arn:aws-cn:s3:::launchwizard*/*",
                "arn:aws-cn:s3:::aws-sap-data-provider/config.properties"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "cloudformation:TagResource",
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringLike": {
                    "aws:TagKeys": "LaunchWizard*"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:PutBucketVersioning",
                "s3:DeleteBucket",
                "lambda:CreateFunction",
                "lambda:DeleteFunction",
                "lambda:GetFunction",
                "lambda:GetFunctionConfiguration",
                "lambda:InvokeFunction"
            ],
            "Resource": [
                "arn:aws-cn:lambda:*:*:function:*",
                "arn:aws-cn:s3:::launchwizard*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:CreateTable",
                "dynamodb:DescribeTable",
                "dynamodb:DeleteTable"
            ],
            "Resource": "arn:aws-cn:dynamodb:*:*:table/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:CreateSecret",
                "secretsmanager:DeleteSecret",
                "secretsmanager:TagResource",
                "secretsmanager:UntagResource",
                "secretsmanager:PutResourcePolicy",
                "secretsmanager:DeleteResourcePolicy",
                "secretsmanager:ListSecretVersionIds",
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "arn:aws-cn:secretsmanager:*:*:secret:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetRandomPassword",
                "secretsmanager:ListSecrets"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssm:CreateOpsMetadata"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "ssm:DeleteOpsMetadata",
            "Resource": "arn:aws-cn:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "sns:CreateTopic",
                "sns:DeleteTopic",
                "sns:Subscribe",
                "sns:Unsubscribe"
            ],
            "Resource": "arn:aws-cn:sns:*:*:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "fsx:UntagResource",
                "fsx:TagResource",
                "fsx:DeleteFileSystem",
                "fsx:ListTagsForResource"
            ],
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "aws:ResourceTag/Name": "LaunchWizard*"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "fsx:CreateFileSystem"
            ],
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "aws:RequestTag/Name": [
                        "LaunchWizard*"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "fsx:DescribeFileSystems"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "s3:ExistingObjectTag/servicecatalog:provisioning": "true"
                }
            }
        }
    ]
}
```

------

1. Sign in to the Amazon Web Services Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.amazonaws.cn//iam).

1. Perform the following substeps individually for each of the three policies previously listed.

   1. In the left navigation pane, choose **Policies** > **Create policy**.

   1. On the **Create policy** page, choose the **JSON** tab.

   1. Copy each of the previous policies and paste each into the **Policy Document** JSON text box, replacing the placeholder text. 

   1. Choose **Next: Tags** > **Next: Review**.

   1. Enter a **Policy Name**.

   1. Choose **Create policy**.

1. In the left navigation pane, choose **Roles**, then choose **Create role**.

1. Under **Select type of trusted entity**, choose **Amazon service** > **Service Catalog**.

1. Select the **Service Catalog** use case, then choose **Next:Permissions**.

1. Search for the three policies that you added in Step 2 and select the check boxes next to them.

1. Choose **Next: Tags**.

1. Choose **Next: Review**.

1. Enter `LaunchWizardServiceCatalogProductsLaunchRole` for the **Role name**.

1. Choose **Create role**.

**Create launch constraint**

1. Navigate to the [Amazon Service Catalog console](https://console.amazonaws.cn/servicecatalog).

1. In the left navigation pane, under **Administration**, choose **Portfolios**.

1. Choose the portfolio named **Launch Wizard Service Catalog portfolio**, which is the default portfolio.

1. Under **Constraints**, choose **Create Constraints**.

1. Select the **Product** to which to apply the constraint.

1. Select **Launch** as the **Constraint type**.

1. Select the IAM role that you created in the procedure for creating a launch role.

1. Choose **Create**.

# Access Amazon Service Catalog products created with Amazon Launch Wizard
Access Amazon Service Catalog products

Perform the following steps to access Amazon Service Catalog products created with Amazon Launch Wizard.

In the Amazon Service Catalog administrator console, the **Portfolio details** page lists the portfolio settings. From this page, you can manage the products in a portfolio, grant users access to products, and apply `TagOptions` and constraints. You can manage products from the **Products** page.

**Access Service Catalog products as a Service Catalog Admin user**

1. Navigate to the [Amazon Service Catalog console](https://console.amazonaws.cn/servicecatalog).

1. In the left navigation pane, under **Administration**, choose **Portfolios**.

1. Choose the portfolio named **Amazon Launch Wizard Products**, which is the default portfolio created by Launch Wizard.

1. Choose **Amazon Launch Wizard products**.

1. The product created by Launch Wizard using Amazon CloudFormation templates and user inputs is named **[LW Deployment Name]-[Deployment Type]**. You can create a new version by choosing **Create new version**.

1. You can associate tags or apply product-specific tags as needed.

**Access Service Catalog products as an IAM user**

1. Navigate to the [Amazon Service Catalog console](https://console.amazonaws.cn/servicecatalog).

1. In the left navigation pane. under **Home**, choose **Products**.

1. Search for the Launch Wizard SAP product that you saved from the Launch Wizard deployment, and select it. The product, won't be visible to any user who has not been granted access to it. To grant access to the product, see [Granting Access to Users](https://docs.amazonaws.cn/servicecatalog/latest/adminguide/catalogs_portfolios_users.html).

1. Choose **Launch product**.

1. You will be directed to the Amazon Service Catalog **Launching** page, which resembles Amazon CloudFormation. Most of the parameters are specified using your defaults. Enter or replace the default values as you require, including passwords and SAPSIDs.

1. After you verify the parameters, choose **Launch product** to start the creation of the Amazon CloudFormation stack.

# Amazon Service Catalog deployment errors
Deployment errors

For Amazon Service Catalog deployments completed prior to February 7, 2022, perform the following steps to remove the `AmazonLambdaRolePolicyForLaunchWizardSAP` policy from the `AmazonLambdaRoleForLaunchWizard` role, and add a new inline policy. Deployments completed after February 7, 2022 do not require you to perform these steps.

1. Sign in to the Amazon Web Services Management Console and open the IAM console at [https://console.amazonaws.cn/iam/](https://console.amazonaws.cn/iam/).

1. Choose **Roles** from the left navigation pane.

1. Search for the `AmazonLambdaRoleForLaunchWizard`. Select the policy to view the attached permissions.

1. Check whether the `AmazonLambdaRolePolicyForLaunchWizardSAP` policy is attached to this role. If it is attached, remove the policy by selecting the check box next to it, and choose **Remove**.

1. Add the following inline policy by choosing **Add permissions**>**Create inline policy**, and entering the policy in the **JSON** tab of the **Create policy** wizard.

------
#### [ JSON ]

****  

   ```
   {
     "Version":"2012-10-17",		 	 	 
     "Statement": [
       {
         "Effect": "Allow",
         "Action": [
           "ssm:GetParameter"
         ],
         "Resource": "arn:aws-cn:ssm:*::parameter/LaunchWizard*"
       },
       {
         "Effect": "Allow",
         "Action": [
           "ssm:GetDocument",
           "ssm:sendCommand"
         ],
         "Resource": "arn:aws-cn:ssm:*::document/AWS-RunShellScript"
       },
       {
         "Effect": "Allow",
         "Action": [
           "ssm:SendCommand"
         ],
         "Resource": [
         "arn:aws-cn:ec2:*:111122223333:instance/*"
         ],
         "Condition": {
           "StringLike": {
             "ssm:resourceTag/LaunchWizardApplicationType": "*"
           }
         }
       }
     ]
   }
   ```

------

1. Choose **Review policy**, enter a name for the policy, and choose **Create policy**.

# Launch Amazon Service Catalog products with ServiceNow


ServiceNow users can natively browse and provision Amazon Service Catalog products created with Amazon Launch Wizard by using the Amazon Management Connector for ServiceNow.

**Prerequisites for using ServiceNow to launch products:**
+ You must create a deployment using Launch Wizard by choosing the **Create an Amazon Service Catalog product** option in the infrastructure settings in Launch Wizard. For more information, see [Define infrastructure](launch-wizard-sap-deploying-console.md#launch-wizard-sap-infrastructure).
+ You must install the Amazon Service Catalog Connector for ServiceNow. For details about how to install the Connector, see [Amazon Service Management Connector for ServiceNow](https://docs.amazonaws.cn/servicecatalog/latest/adminguide/integrations-servicenow.html).
+ You must complete the [set up steps to launch Amazon Service Catalog products](launch-wizard-sap-service-catalog-setup.md).
+ You must [create a launch constraint](launch-wizard-sap-service-catalog-constraint.md). 

For more information about how to integrate Amazon products into your ServiceNow Portal using the Amazon Service Catalog Connector, watch the following video.

[![AWS Videos](http://img.youtube.com/vi/https://www.youtube.com/embed/YCvNK-fzgoc/0.jpg)](http://www.youtube.com/watch?v=https://www.youtube.com/embed/YCvNK-fzgoc)


# Launch Amazon Service Catalog products with Jira


Amazon Service Catalog products created with Amazon Launch Wizard can be integrated with Jira workflows. You can use the Amazon Service Catalog Connector for Jira to natively provision and operate Amazon Service Catalog products created with Launch Wizard by using Atlassian's Jira Service Management. This workflow simplifies product request actions for Jira Service Management users and provides Jira Service Management governance and oversight over Amazon products.

**To use Jira to launch products, you must follow these prerequisites:**
+ Create a deployment using Launch Wizard by choosing the **Create an Amazon Service Catalog product** option in the infrastructure settings in Launch Wizard. For more information, see [Define infrastructure](launch-wizard-sap-deploying-console.md#launch-wizard-sap-infrastructure).
+ Install the Amazon Service Catalog Connector for Jira. For information about how to install the Connector, see [Amazon Service Management Connector for ServiceNow](https://docs.amazonaws.cn/servicecatalog/latest/adminguide/integrations-jiraservicedesk.html).
+ Complete the [set up steps to launch Amazon Service Catalog products](launch-wizard-sap-service-catalog-setup.md).
+ Complete the steps to [create a launch constraint](launch-wizard-sap-service-catalog-constraint.md). 

For more information about how to integrate Amazon products into your Jira Service Management portal using the Amazon Service Catalog Connector, watch the following video.

[![AWS Videos](http://img.youtube.com/vi/https://www.youtube.com/embed/1AODGjhqufo/0.jpg)](http://www.youtube.com/watch?v=https://www.youtube.com/embed/1AODGjhqufo)


# Launch Amazon Service Catalog products with Terraform


The official HashiCorp Amazon provider supports Amazon Service Catalog resources. You can launch products created with Launch Wizard and saved to Amazon Service Catalog using Terraform. Or, you can integrate the products with their existing Terraform workflows. Administrators can create Amazon Service Catalog portfolios and add Launch Wizard products to them using Terraform.

**Prerequisites for using Terraform to launch products:**
+ You must create a deployment using Launch Wizard by choosing the **Create an Amazon Service Catalog product** option in the infrastructure settings in Launch Wizard. For more information, see [Define infrastructure](launch-wizard-sap-deploying-console.md#launch-wizard-sap-infrastructure).
+ The Terraform user that authenticates the Amazon account must have access to the Amazon Service Catalog products. For more information, see [Amazon Provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs) in the Terraform documentation.
+ The IAM user that authenticates the Amazon account must have permissions to use the Amazon Service Catalog products created by Launch Wizard. For steps to grant access to users, see [Granting Access to Users](https://docs.amazonaws.cn/servicecatalog/latest/adminguide/catalogs_portfolios_users.html) in the *Amazon Service Catalog User Guide*.

The Terraform resource named [https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/servicecatalog_provisioned_product](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/servicecatalog_provisioned_product) is used to launch the Amazon Service Catalog product created with Launch Wizard.

**Example Terraform script**

The following example Terraform script launches a single node HANA database instance with a single node HANA product (`prod-abc1234546`) created with Launch Wizard using the product version ID (`pa-xyz12345`). In this example, the hostname for HANA and the SID for HANA DB are passed to override the defaults, and the remaining parameters are set to the defaults in the Amazon Service Catalog product.

```
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.54.0"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "random_id" "id" {
  byte_length = 8
}
#Confirm user can launch product  - No launch paths has many reasons for failure.
resource "aws_servicecatalog_provisioned_product" "singlenodehana" {
  name = "tef-${random_id.id.hex}"
  product_id = "prod-abc1234546"
  provisioning_artifact_id = "pa-xyz12345"
  provisioning_parameters {
        key = "HANASID"
        value = "HDB"
  }
  provisioning_parameters {
        key = "HANAHostname"
        value = "saphanadev"    
  }
tags = {
    TFLaunched= "True"
  }
}
```

Note that the environment variables authentication mechanism is used in this example.

# Launch Amazon CloudFormation templates created in Launch Wizard


You can launch Amazon CloudFormation stacks from the Amazon CloudFormation templates that you saved from your successful Launch Wizard deployments. Perform the following steps to find and launch your Amazon CloudFormation templates created with Launch Wizard.

To create a launch constraint, complete the steps in the following procedure. Perform Step 2 for each of the following listed policies.

**Attach required policies to IAM user**

## Service Catalog launch constraint policy 1


------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "applicationinsights:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "resource-groups:List*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:GetChange",
                "route53:ListResourceRecordSets",
                "route53:ListHostedZones",
                "route53:ListHostedZonesByName"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "kms:ListKeys",
                "kms:ListAliases"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:List*",
                "cloudwatch:Get*",
                "cloudwatch:Describe*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateInternetGateway",
                "ec2:CreateNatGateway",
                "ec2:CreateVpc",
                "ec2:CreateKeyPair",
                "ec2:CreateRoute",
                "ec2:CreateRouteTable",
                "ec2:CreateSubnet"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AllocateAddress",
                "ec2:AllocateHosts",
                "ec2:AssignPrivateIpAddresses",
                "ec2:AssociateAddress",
                "ec2:CreateDhcpOptions",
                "ec2:CreateEgressOnlyInternetGateway",
                "ec2:CreateNetworkInterface",
                "ec2:CreateVolume",
                "ec2:CreateVpcEndpoint",
                "ec2:CreateTags",
                "ec2:DeleteTags",
                "ec2:RunInstances",
                "ec2:StartInstances",
                "ec2:ModifyInstanceAttribute",
                "ec2:ModifySubnetAttribute",
                "ec2:ModifyVolumeAttribute",
                "ec2:ModifyVpcAttribute",
                "ec2:AssociateDhcpOptions",
                "ec2:AssociateSubnetCidrBlock",
                "ec2:AttachInternetGateway",
                "ec2:AttachNetworkInterface",
                "ec2:AttachVolume",
                "ec2:DeleteDhcpOptions",
                "ec2:DeleteInternetGateway",
                "ec2:DeleteKeyPair",
                "ec2:DeleteNatGateway",
                "ec2:DeleteSecurityGroup",
                "ec2:DeleteVolume",
                "ec2:DeleteVpc",
                "ec2:DetachInternetGateway",
                "ec2:DetachVolume",
                "ec2:DeleteSnapshot",
                "ec2:AssociateRouteTable",
                "ec2:AssociateVpcCidrBlock",
                "ec2:DeleteNetworkAcl",
                "ec2:DeleteNetworkInterface",
                "ec2:DeleteNetworkInterfacePermission",
                "ec2:DeleteRoute",
                "ec2:DeleteRouteTable",
                "ec2:DeleteSubnet",
                "ec2:DetachNetworkInterface",
                "ec2:DisassociateAddress",
                "ec2:DisassociateVpcCidrBlock",
                "ec2:GetLaunchTemplateData",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:ModifyVolume",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:GetConsoleOutput",
                "ec2:GetPasswordData",
                "ec2:ReleaseAddress",
                "ec2:ReplaceRoute",
                "ec2:ReplaceRouteTableAssociation",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:DisassociateIamInstanceProfile",
                "ec2:DisassociateRouteTable",
                "ec2:DisassociateSubnetCidrBlock",
                "ec2:ModifyInstancePlacement",
                "ec2:DeletePlacementGroup",
                "ec2:CreatePlacementGroup",
                "elasticfilesystem:DeleteFileSystem",
                "elasticfilesystem:DeleteMountTarget",
                "ds:AddIpRoutes",
                "ds:CreateComputer",
                "ds:CreateMicrosoftAD",
                "ds:DeleteDirectory"
            ],
            "Resource": "*"
        }
    ]
}
```

------

## Service Catalog launch constraint policy 2


------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:DescribeStack*",
                "cloudformation:Get*",
                "cloudformation:ListStacks",
                "cloudformation:SignalResource",
                "cloudformation:DeleteStack"
            ],
            "Resource": [
                "arn:aws-cn:cloudformation:*:*:stack/*/*",
                "arn:aws-cn:cloudformation:*:*:stack/ApplicationInsights*/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:StopInstances",
                "ec2:TerminateInstances"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:DeleteInstanceProfile",
                "iam:RemoveRoleFromInstanceProfile",
                "iam:AddRoleToInstanceProfile"
            ],
            "Resource": [
                "arn:aws-cn:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
                "arn:aws-cn:iam::*:instance-profile/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws-cn:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
                "arn:aws-cn:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*",
                "arn:aws-cn:iam::*:instance-profile/*"
            ],
            "Condition": {
                "StringEqualsIfExists": {
                    "iam:PassedToService": [
                        "lambda.amazonaws.com",
                        "ec2.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "autoscaling:AttachInstances",
                "autoscaling:CreateAutoScalingGroup",
                "autoscaling:CreateLaunchConfiguration",
                "autoscaling:DeleteAutoScalingGroup",
                "autoscaling:DeleteLaunchConfiguration",
                "autoscaling:UpdateAutoScalingGroup",
                "logs:CreateLogStream",
                "logs:DeleteLogGroup",
                "logs:DeleteLogStream",
                "logs:DescribeLog*",
                "logs:PutLogEvents",
                "resource-groups:CreateGroup",
                "resource-groups:DeleteGroup",
                "sns:ListSubscriptionsByTopic",
                "sns:Publish",
                "ssm:DeleteDocument",
                "ssm:DeleteParameter*",
                "ssm:DescribeDocument*",
                "ssm:GetDocument",
                "ssm:PutParameter"
            ],
            "Resource": [
                "arn:aws-cn:resource-groups:*:*:group/*",
                "arn:aws-cn:sns:*:*:*",
                "arn:aws-cn:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*",
                "arn:aws-cn:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*",
                "arn:aws-cn:ssm:*:*:parameter/LaunchWizard*",
                "arn:aws-cn:ssm:*:*:document/LaunchWizard*",
                "arn:aws-cn:logs:*:*:log-group:*:*:*",
                "arn:aws-cn:logs:*:*:log-group:LaunchWizard*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "ssm:SendCommand",
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringLike": {
                    "aws:TagKeys": "LaunchWizard*"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:DeleteLogStream",
                "logs:GetLogEvents",
                "logs:PutLogEvents",
                "ssm:AddTagsToResource",
                "ssm:DescribeDocument",
                "ssm:GetDocument",
                "ssm:ListTagsForResource",
                "ssm:RemoveTagsFromResource"
            ],
            "Resource": [
                "arn:aws-cn:logs:*:*:log-group:*:*:*",
                "arn:aws-cn:logs:*:*:log-group:LaunchWizard*",
                "arn:aws-cn:ssm:*:*:parameter/LaunchWizard*",
                "arn:aws-cn:ssm:*:*:document/LaunchWizard*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "autoscaling:Describe*",
                "cloudformation:DescribeAccountLimits",
                "cloudformation:DescribeStackDriftDetectionStatus",
                "cloudformation:List*",
                "cloudformation:GetTemplateSummary",
                "cloudformation:ValidateTemplate",
                "ds:Describe*",
                "ds:ListAuthorizedApplications",
                "ec2:Describe*",
                "ec2:Get*",
                "iam:GetRole",
                "iam:GetRolePolicy",
                "iam:GetUser",
                "iam:GetPolicyVersion",
                "iam:GetPolicy",
                "iam:List*",
                "logs:CreateLogGroup",
                "logs:GetLogDelivery",
                "logs:GetLogRecord",
                "logs:ListLogDeliveries",
                "resource-groups:Get*",
                "resource-groups:List*",
                "servicequotas:GetServiceQuota",
                "servicequotas:ListServiceQuotas",
                "sns:ListSubscriptions",
                "sns:ListTopics",
                "ssm:CreateDocument",
                "ssm:DescribeAutomation*",
                "ssm:DescribeInstanceInformation",
                "ssm:DescribeParameters",
                "ssm:GetAutomationExecution",
                "ssm:GetCommandInvocation",
                "ssm:GetParameter*",
                "ssm:GetConnectionStatus",
                "ssm:ListCommand*",
                "ssm:ListDocument*",
                "ssm:ListInstanceAssociations",
                "ssm:SendAutomationSignal",
                "ssm:StartAutomationExecution",
                "ssm:StopAutomationExecution",
                "tag:Get*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "logs:GetLog*",
            "Resource": [
                "arn:aws-cn:logs:*:*:log-group:*:*:*",
                "arn:aws-cn:logs:*:*:log-group:LaunchWizard*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:List*",
                "cloudformation:Describe*"
            ],
            "Resource": "arn:aws-cn:cloudformation:*:*:stack/LaunchWizard*/"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateServiceLinkedRole"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": [
                        "autoscaling.amazonaws.com",
                        "application-insights.amazonaws.com",
                        "events.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "sqs:TagQueue",
                "sqs:GetQueueUrl",
                "sqs:AddPermission",
                "sqs:ListQueues",
                "sqs:DeleteQueue",
                "sqs:GetQueueAttributes",
                "sqs:ListQueueTags",
                "sqs:CreateQueue",
                "sqs:SetQueueAttributes"
            ],
            "Resource": "arn:aws-cn:sqs:*:*:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricAlarm",
                "iam:GetInstanceProfile",
                "cloudwatch:DeleteAlarms",
                "cloudwatch:DescribeAlarms"
            ],
            "Resource": [
                "arn:aws-cn:cloudwatch:*:*:alarm:*",
                "arn:aws-cn:iam::*:instance-profile/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "route53:ListHostedZones",
                "ec2:CreateSecurityGroup",
                "ec2:AuthorizeSecurityGroupIngress",
                "elasticfilesystem:DescribeFileSystems",
                "elasticfilesystem:CreateFileSystem",
                "elasticfilesystem:CreateMountTarget",
                "elasticfilesystem:DescribeMountTargets",
                "elasticfilesystem:DescribeMountTargetSecurityGroups"
            ],
            "Resource": "*"
        }
    ]
}
```

------

## Service Catalog launch constraint policy 3


------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws-cn:s3:::launchwizard*",
                "arn:aws-cn:s3:::launchwizard*/*",
                "arn:aws-cn:s3:::aws-sap-data-provider/config.properties"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "cloudformation:TagResource",
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringLike": {
                    "aws:TagKeys": "LaunchWizard*"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:CreateBucket",
                "s3:PutBucketVersioning",
                "s3:DeleteBucket",
                "lambda:CreateFunction",
                "lambda:DeleteFunction",
                "lambda:GetFunction",
                "lambda:GetFunctionConfiguration",
                "lambda:InvokeFunction"
            ],
            "Resource": [
                "arn:aws-cn:lambda:*:*:function:*",
                "arn:aws-cn:s3:::launchwizard*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:CreateTable",
                "dynamodb:DescribeTable",
                "dynamodb:DeleteTable"
            ],
            "Resource": "arn:aws-cn:dynamodb:*:*:table/*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:CreateSecret",
                "secretsmanager:DeleteSecret",
                "secretsmanager:TagResource",
                "secretsmanager:UntagResource",
                "secretsmanager:PutResourcePolicy",
                "secretsmanager:DeleteResourcePolicy",
                "secretsmanager:ListSecretVersionIds",
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "arn:aws-cn:secretsmanager:*:*:secret:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetRandomPassword",
                "secretsmanager:ListSecrets"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssm:CreateOpsMetadata"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "ssm:DeleteOpsMetadata",
            "Resource": "arn:aws-cn:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "sns:CreateTopic",
                "sns:DeleteTopic",
                "sns:Subscribe",
                "sns:Unsubscribe"
            ],
            "Resource": "arn:aws-cn:sns:*:*:*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "fsx:UntagResource",
                "fsx:TagResource",
                "fsx:DeleteFileSystem",
                "fsx:ListTagsForResource"
            ],
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "aws:ResourceTag/Name": "LaunchWizard*"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "fsx:CreateFileSystem"
            ],
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "aws:RequestTag/Name": [
                        "LaunchWizard*"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "fsx:DescribeFileSystems"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "s3:ExistingObjectTag/servicecatalog:provisioning": "true"
                }
            }
        }
    ]
}
```

------

1. Sign in to the Amazon Web Services Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.amazonaws.cn//iam).

1. Perform the following substeps for each of the three policies listed above.

   1. In the left navigation pane, choose **Policies** > **Create policy**.

   1. On the **Create policy** page, choose the **JSON** tab.

   1. Copy each policy above and paste it into the **Policy Document** JSON text field, replacing the placeholder text (perform these substeps individually for each of the three policies listed above).

   1. Choose **Next: Tags** > **Next: Review**.

   1. Enter a **Policy Name**.

   1. Choose **Create policy**.

1. Attach the three policies you just created to the IAM user you use to launch Amazon CloudFormation templates.

**Find and launch your templates**

1. Navigate to the [Amazon S3 console](https://console.amazonaws.cn/s3).

1. Locate the name of the location within the Amazon S3 bucket that you specified when you [defined the infrastructure for your Launch Wizard deployment](launch-wizard-sap-deploying-console.md#launch-wizard-sap-infrastructure). 

1. Under the folder that you specified, locate and choose a new folder named `<LaunchWizardDeploymentName>-<TimeStamp>`. This is the folder to which the Launch Wizard service copies the Amazon CloudFormation templates and deployment artifacts.

1. After you choose the new folder, you will see an `sap/` folder and a JSON file named `<LaunchWizardDeploymentName>-<DeploymentType>-template.json`. This is the root Amazon CloudFormation template file. Select the check box next to this file and choose **Copy URL**.

1. Navigate to the [Amazon CloudFormation console](https://console.amazonaws.cn/cloudformation) to create a stack with the URL that you copied.

For more information about CloudFormation templates, see [Working with Amazon CloudFormation templates](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/template-guide.html) in the *Amazon CloudFormation User Guide*.

# Deploy SAP applications with Amazon Launch Wizard for SAP using a proxy server
Deploy SAP applications using proxy server

Amazon Launch Wizard for SAP launches and configures Amazon EC2 instances to deploy an SAP system on Amazon. The launched instances must have outbound connectivity to internet to download operating system patches and communicate with several Amazon services. You can setup this connection via an internet gateway or a proxy server in a public subnet.

The following is an example on how to configure a Squid proxy server for deploying SAP applications on Amazon with Launch Wizard.

**Topics**
+ [

## Setup
](#setup-proxy-server)
+ [

## Run Launch Wizard
](#run-proxy-server)
+ [

## Troubleshoot
](#troubleshoot-proxy-server)

## Setup


Configure your Squid proxy server with the following steps.

1. Choose any Linux-based AMI. In this example, we have selected SLES 12 SP5 for SAP AMI.

1. Verify that your server is hosted on a public subnet and is attached to a public IP address.

1. Add Amazon services to the `allowed_list` file. 

   1. In the Squid server configuration file `/etc/squid/squid.conf`, create an `allowed_list` path using the `acl` command.

      ```
      acl whitelist dstdomain '/etc/squid/allowed_list'
      ```

   1. In the `allowed_list` file, add the domains of all the services listed in the following table.

   1. Run the `rcsquid restart` command for the changes to take effect.


| Service name | Domains to be allowed | 
| --- | --- | 
| Amazon DynamoDB |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon EFS |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon EBS |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon EC2 |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon FSx |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon Lambda |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon Route 53 |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon CloudWatch |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon CloudFormation |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon KMS |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon Secrets Manager |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon Identity and Access Management |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon Systems Manager |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon S3 |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon CLI |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| SUSE infrastructure for SLES |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| SUSE packages | [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html) | 
| REDHAT repository |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Python packages |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon Cognito |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 
| Amazon Security Token Service |  [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-deploy-proxy-server.html)  | 

## Run Launch Wizard


 After you complete the initial setup, you can begin deploying your SAP application using Launch Wizard. For more information, see [Deploy an SAP application with Amazon Launch Wizard](https://docs.amazonaws.cn/launchwizard/latest/userguide/launch-wizard-sap-deploying.html). 

To connect your SAP deployment on Launch Wizard with the Squid proxy server, enter the IP address of the server. To add the server address, go to Step 2 Define infrastructure > Infrastructure - SAP landscape > Security groups >** Proxy server address - optional.**

The *No proxy* setting contains the list of whitelisted domains and IP addresses that do not pass through the proxy server. 

 In the *No proxy setting - optional* field, you must include the following IP addresses: 
+ Localhost - `127.0.0.1`
+ Internal
+ Amazon EC2 instance metadata- `169.254.169.254`

**Note**  
Include the hostnames of ASCS, ERS, primary SAP HANA, and secondary SAP HANA instances in the *No proxy setting - optional* field, if you are deploying an SAP system with high availability using RHEL operating system. This will enable the cluster to communicate with all the nodes as well as perform any failover or failback operations.

### Amazon EC2 connection


Your Amazon EC2 instance must be connected to the SUSE repository servers on Amazon. Add the following IP addresses to the route tables of the associated Amazon EC2 instances. For more information, see [Add and remove routes from a route table](https://docs.amazonaws.cn/vpc/latest/userguide/WorkWithRouteTables.html#AddRemoveRoutes). The *Target* of these routes should be the NAT gateway of your subnet. For more information, see [Add a NAT Gateway to an Existing VPC](https://docs.amazonaws.cn/appstream2/latest/developerguide/add-nat-gateway-existing-vpc.html).
+ `34.197.223.242/32`
+ `54.197.240.216/32`
+ `54.225.105.144/32`
+ `107.22.231.220/32`

## Troubleshoot


To resolve any connectivity issues with the Squid proxy server, use the following steps.

1. Login to your Squid proxy server.

1. Open the `access.log` file located at `/var/log/squid/access.log`.

1. Search for the **TCP\$1DENIED** message in the `access.log` file. The message displays an address that is not allowed in the proxy configuration.

1.  Add the address to the `squid.conf` file and restart the Squid server for the changes to take effect. 

1. You can now start over your SAP deployment with Launch Wizard.

**Note**  
The troubleshooting steps are only applicable to the Squid proxy server. The location of the `log` file varies with the type of proxy server.

# Security groups in Amazon Launch Wizard for SAP
Security groups

This section describes the security groups that Launch Wizard for SAP creates and assigns to the database and application instances. It also describes how the entries in the outbound and inbound communication rules for database and application security groups are updated. 

**Topics**
+ [

## Security groups
](#launchwizard-sap-security-groups-configuration)
+ [

## Connectivity to external systems and users
](#launchwizard-sap-security-groups-connectivity)

## Security groups


A security group acts as a virtual firewall that controls the traffic for one or more instances. When you allow Launch Wizard to create security groups, it creates a set of security groups and assigns them to the SAP database and application instances to allow for inbound traffic. Security groups use the following naming conventions:
+ `<Infrastructure_Configuration_Name>_App_SecurityGroup`
+ `<Infrastructure_Configuration_Name>_DB_SecurityGroup`
+ `WD_Security_Group`
+ `WD_LB_Security_Group`

**<Infrastructure\$1Configuration\$1Name>\$1App\$1SecurityGroup**  
`<Infrastructure_Configuration_Name>_App_SecurityGroup` is configured as follows to allow inbound access to the database servers.


| Source | Protocol | Port Range | 
| --- | --- | --- | 
| All instances attached to this security group | all |  | 
| All instances attached to the DB security group |  TCP  | 1-65535 | 

This configuration allows:
+ inbound communication on all TCP ports from all of the SAP application servers deployed using the same configuration name 
+ inbound communication on all TCP ports from all of the database servers deployed using the same configuration name. 

**<Infrastructure\$1Configuration\$1Name >\$1DB\$1SecurityGroup**  
`<Infrastructure_Configuration_Name>_DB_SecurityGroup` is configured as follows to allow inbound access to the database servers.


| Source | Protocol | Port Range | 
| --- | --- | --- | 
| All instances attached to this security group | all |  | 
| All instances attached to the App security group |  TCP  | 1-65535 | 
| All instances attached to the App security group | UDP | 111 | 
| All instances attached to the App security group | UDP | 2049 | 
| All instances attached to the App security group | UDP | 4000-4002 | 

This configuration allows:
+ inbound communication on all TCP ports from all of the SAP database servers deployed using the same configuration name.
+ inbound communication on all TCP ports from all of the SAP application servers deployed using the same configuration name.
+ inbound communication on UDP 111,2049 and 4000 to 4002 from all the SAP application servers deployed using the same configuration name.

**WD\$1Security\$1Group**  
`WD_Security_Group` is configured as follows to allow inbound access to SAP Web Dispatcher servers.


| Deployment type | Source | Protocol | Port range | 
| --- | --- | --- | --- | 
| All | ID of the WD\$1Security\$1Group | all | 1-65535 | 
| All | Input | TCP | 1-65535 | 
| Distributed instances deployment | ID of the security group for the SAP transport directory | TCP | 2049 | 
| High availability (HA) deployment | ID of the security group for the SAP transport directory in Availability Zone 1 | TCP | 2049 | 
| High availability (HA) deployment | ID of the security group for the SAP transport directory in Availability Zone 2 | TCP | 2049 | 

`WD_Security_Group` is configured as follows to allow the following outbound access from SAP Web Dispatcher servers.


| Deployment type | Destination | Protocol | Port range | 
| --- | --- | --- | --- | 
| All | ID of the security group for the SAP application server | TCP | 8000-8197 | 

**WD\$1LB\$1Security\$1Group**  
`WD_LB_Security_Group` is configured as follows to allow the following inbound access to the load balancer for SAP Web Dispatcher servers.


| Deployment type | Source | Protocol | Port range | 
| --- | --- | --- | --- | 
| All | Input | TCP | 1-65535 | 

`WD_LB_Security_Group` is configured as follows to allow the following outbound access from the load balancer for SAP Web Dispatcher servers.


| Deployment type | Destination | Protocol | Port range | 
| --- | --- | --- | --- | 
| All | ID of the WD\$1Security\$1Group | all | 8000-8097 | 
| All | ID of the WD\$1LB\$1Security\$1Group | all | 1-65535 | 

## Connectivity to external systems and users


CIDR/IP address and security group entries are entered in the infrastructure configuration. This allows access to SAP systems by front end users and upstream/downstream systems that are running in that CIDR block, or by end users (IP address) or systems assigned to those security groups. Port ranges are included in the rule definition that allow inbound access so that you can reuse the infrastructure configuration and deploy SAP systems with an instance number 00 to 99. Each entry in the outbound and inbound communication rules for a database security group, created either by the service or provided by the user, are updated as follows. 


| Source | Protocol | Port Range | 
| --- | --- | --- | 
| Input |  TCP  | 22 | 
| Input |  TCP  | 1128 - 1129 | 
| Input |  TCP  | 4300 - 4399 | 
| Input |  TCP  | 8000 - 8099 | 
| Input |  TCP  | 8443 | 
| Input |  TCP  | 30013 - 39913 | 
| Input |  TCP  | 30015 - 39915 | 
| Input |  TCP  | 30017 - 39917 | 
| Input |  TCP  | 30041 - 39941 | 
| Input |  TCP  | 30044 - 39944 | 
| Input |  TCP  | 50013 - 59914 | 

Each entry in the outbound and inbound communication rules for the application security group, created either by the service or by the user, are updated as follows.


| Source | Protocol | Port Range | 
| --- | --- | --- | 
| Input |  TCP  | 22 | 
| Input |  TCP  | 3200 - 3399 | 
| Input |  TCP  | 8080 | 
| Input |  TCP  | 8443 | 
| Input |  TCP  | 3600-3699 | 
| Input | TCP  | 4237 | 

**Note**  
When the deployment is complete, you can update the security group information by adjusting the port range and source information.
Launch Wizard considers a security group that it created as a shared resource. It does not delete the security group if you delete a deployment or if a deployment is rolled back.

# Troubleshoot Amazon Launch Wizard for SAP
Troubleshoot SAP

Each application in your account in the same Amazon Region can be uniquely identified by the application name specified at the time of a deployment. The application name can be used to view the details related to the application launch.

**Topics**
+ [

## Launch Wizard provisioning events
](#launch-wizard-sap-provisioning)
+ [

## CloudWatch Logs
](#launch-wizard-sap-logs)
+ [

## Amazon CloudFormation stack
](#launch-wizard-sap-cloudformation)
+ [

## Pre- and post-deployment configuration scripts
](#launch-wizard-sap-troubleshooting-scripts)
+ [

## Application launch quotas
](#launch-wizard-sap-quotas)
+ [

## Instance level logs
](#launch-wizard-sap-instance-level-logs)
+ [

## SAP application software deployment logs
](#launch-wizard-sap-application-logs)
+ [

## Errors
](#launch-wizard-sap-errors)
+ [

## Amazon Systems Manager for SAP
](#launch-wizard-sap-troubleshoot-ssm)
+ [

## Support
](#launch-wizard-sap-support)

## Launch Wizard provisioning events


Launch Wizard captures events from SSM Automation and Amazon CloudFormation to track the status of an ongoing application deployment. If an application deployment fails, you can view the deployment events for this application by selecting **Deployments** from the navigation pane. A failed event shows a status of **Failed** along with a failure message. 

## CloudWatch Logs


Launch Wizard streams provisioning logs from all of the Amazon log sources, such as Amazon CloudFormation, SSM, and CloudWatch Logs. You can access CloudWatch logs for your SAP deployment with the following steps.

1. Sign in to console.amazonaws.cn and go to Amazon Launch Wizard.

1. Under **Deployments** on the left panel, go to **SAP** and you can see the list of your SAP deployments.

1. Select the failed deployment for which you want to verify the logs.

1. Choose **Actions** > **View/Manage resources** > **View CloudWatch application logs**.

1. You can now view the detailed logs and log streams that provide additional information on the SAP application type that failed during deployment.

## Amazon CloudFormation stack


Launch Wizard uses Amazon CloudFormation to provision the infrastructure resources of an application. Launch Wizard launches various stacks in your account for validation and application resource creation. You can verify the stacks via Amazon console or Amazon CLI.

------
#### [ Console ]

1. Sign in to console.amazonaws.cn and go to Amazon Launch Wizard.

1. Under **Deployments** on the left panel, go to **SAP** and you can see the list of your SAP deployments.

1. Select the failed deployment for which you want to verify the stacks.

1. Choose **Actions** > **View/Manage resources** > **View CloudFormation template **.

1. You can now view all the stacks and their current status. To see more details on any stack, select a **Stack name**.

1. You are now on the **Stack details** page of your selected stack. Choose **Events** from the top menu bar to view the cause of the failure.

------
#### [ CLI ]

 Amazon CloudFormation stacks can be found in your account using the Amazon CloudFormation [describe-stacks](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-describing-stacks.html) API. The following are the relevant filters for the [describe-stacks](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-describing-stacks.html) API.
+ **Application resources**

  `LaunchWizard-APPLICATION_NAME`. 

You can view the status of these Amazon CloudFormation stacks. If any of them fail, you can view the cause of the failure.

------

## Pre- and post-deployment configuration scripts


**Can't find the output of my scripts**
+ **Cause:** Customizations are key scripts that you want to run on the EC2 instances and the logs from script deployments are not included with the provisioning logs. 
+ **Solution:** The logs for scripts that run on EC2 instances are included in the CloudWatch log group that Launch Wizard creates in your account for the workload. The CloudWatch log group can be identified as `LaunchWizard-APPLICATION_NAME` . You can find the following logs in this log group.
  + `lw-customization/<instance-id>/preDeploymentConfiguration` — For pre-deployment configuration scripts that run on the specified EC2 instance.
  + `lw-customization/<instance-id>/postDeploymentConfiguration` — For post-deployment configuration scripts that run on the specified EC2 instance.

## Application launch quotas


Launch Wizard allows for a maximum of 25 active applications for any given application type. Up to three applications can be `in progress` at a time. If you want to increase this limit, contact [Amazon Web Services Support](http://www.amazonaws.cn/contact-us).

## Instance level logs


To check the progress of a deployment, you can log in to an instance as soon its instance state is listed as **running**. When the deployment is finished, the log files are moved to `/tmp`.

By default, your provisioned Amazon EC2 instances are retained when a deployment fails. If you created your Launch Wizard deployment with these default settings, you can navigate to the following paths for further evaluation.

[\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/launchwizard/latest/userguide/launch-wizard-sap-troubleshooting.html)

## SAP application software deployment logs


Depending on which SAP components are deployed on an instance, Launch Wizard creates a folder in `/tmp` to log all of the SAP software application deployment logs. If a database component is deployed on an instance, the folder name in the file will be `NW_ABAP_DB`. If an application server is deployed, the folder name will be `NW_ABAP_APP`. For single node deployments, there will be multiple folders, such as `NW_ABAP_DB` and `NW_ABAP_CI`, which represent the different components deployed on the instance.

## Errors


**Your requested instance type is not supported in your requested Availability Zone**
+ **Cause:** This failure might occur during the launch of your instance, or during the validation of the instances that Launch Wizard launches in your selected subnets. 
+ **Solution:** For this scenario, you must choose a different Availability Zone and retry the deployment from the initial page of the Launch Wizard console.

**Infrastructure template already exists**
+ **Cause:** This failure occurs when you choose to create a new infrastructure configuration and then navigate back to the first step in the wizard to review or adjust any settings. Launch Wizard has already registered the configuration template, so choosing **Next** results in the error "Template name already exists. Select a new template name." 
+ **Solution:** 

  Perform one of the following actions to continue with your deployment.
  + Change the name of the configuration template and continue.
  + Choose another template and continue.
  + Delete the template causing the error by navigating to the **Saved Infrastructure Setting** tab under **Deployments – SAP**, and then continue with your configuration using the same configuration name.

## Amazon Systems Manager for SAP




**An Internal Error Occurred**
+ **Cause:** For users using Amazon Systems Manager for the first time, the CloudFormation resource (`AWS::SystemsManagerSAP::Application`) can fail with a message `An Internal Error Occurred` due to issues during the SLR (service-linked role) `AWSSSMForSAPServiceLinkedRolePolicy` creation.
+ **Solution:**

  1. Use the [IAM console](https://console.amazonaws.cn/iam/home) to ensure that `AWSSSMForSAPServiceLinkedRolePolicy` is in your account.

  1. Retry the Launch Wizard deployment to complete the registration successfully.

  1. If errors persist, contact [Support](https://docs.amazonaws.cn/awssupport/latest/user/case-management.html#creating-a-support-case)

For more information, see [Troubleshooting Amazon Systems Manager for SAP](https://docs.amazonaws.cn/ssm-sap/latest/userguide/troubleshooting.html).

## Support


If your deployment is failing after following the troubleshooting steps listed here, we recommend you to create a support case with the following information.

```
            [Error description]:<Provide a brief description of the error.>
            
            [Deployment information]: Provide information about the failed deployment.
            Account number: <Amazon account number>
            Deployment name: <Enter deployment name>
            Deployment type: <Single-instance/Multi-instance/High availability>
            SAP HANA version: <Enter SAP HANA database version>
            SAP application: <Enter SAP application name>
            OS type: <Enter operating system>
            OS version: <Enter operating system version>
            Amazon EC2 instance family: <Enter Amazon EC2 instance family>
            Amazon EC2 instance type: <Enter Amazon EC2 instance type>
            If used proxy: <Yes/No>
            AMI type: <BYOI/BYOS/Marketplace>
            Instances retained: <Yes/No>
            FailedStackID (optional): 
            
            [Required logs] Provide the following logs. Based on the scenario and state of deployment, some logs may not be available.
            /root/install/scripts/log/
            /tmp/install.log
            /tmp/inputs.json
            /var/log/cloud-init.log
            /var/log/hdblcm.log (If SAP HANA install is selected)
            /tmp/NW directory (If SAP HANA install is selected)
            
            If you haven't retained your Amazon EC2 instance, provide the logs extracted from CloudWatch logs.
            
            [Troubleshooting]
            Provide the details of the troubleshooting steps that you carried out and the results from them.
```

For more information, see [Creating a support case](https://docs.amazonaws.cn/awssupport/latest/user/case-management.html#creating-a-support-case).