Security
Here are additional Amazon security resources to help you achieve the level of security you require for your SAP HANA environment on Amazon.
OS Hardening
You may want to lock down the OS configuration further, for example, to avoid providing a DB administrator with root credentials when logging into an instance.
You can also refer to the following SAP notes:
Disabling HANA Services
HANA services such as HANA XS are optional and should be deactivated if they are not
needed. For instructions, see SAP Note 1697613
API Call Logging
Amazon CloudTrail
With CloudTrail, you can get a history of Amazon API calls for your account, including API calls made via the Amazon Management Console, Amazon SDKs, command line tools, and higher-level Amazon services (such as Amazon CloudFormation). The Amazon API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
Notifications on Access
You can use Amazon Simple Notification Service (Amazon SNS)