Operations
Topics
Tagging Amazon resources
A tag is a label that you assign to an Amazon resource. Each tag consists of a key
and an optional value, both defined by you. Adding tags to various Amazon resources
will make managing SAP environments more efficient, and help you search for
resources quickly. Many Amazon EC2 API calls can be used in conjunction with a special
tag filter. For more information, see Tagging
Amazon resources
Tag name | Tag value |
Name | SAP server’s virtual (host) name |
Environment | SAP server’s landscape role; for example: SBX, DEV, QAT, STG, PRD. |
Application | SAP solution or product; for example: ECC, CRM, BW, PI, SCM, SRM, EP |
Owner | SAP point of contact |
Service level | Known uptime and downtime schedule |
After tagging your resources, you can apply specific security restrictions, such as access control (as seen in the following example policy), based on tag values.
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "LaunchEC2Instances", "Effect" : "Allow", "Action" : [ "ec2:Describe*", "ec2:RunInstances" ], "Resource" : [ "*" ] }, { "Sid" : "AllowActionsIfYouAreTheOwner", "Effect" : "Allow", "Action" : [ "ec2:StopInstances", "ec2:StartInstances", "ec2:RebootInstances", "ec2:TerminateInstances" ], "Condition" : { "StringEquals" : { "ec2:ResourceTag/PrincipalId" : "${aws:userid}" } }, "Resource" : [ "*" ] } ] }
IAM only allows specific permissions based on the tag value. In this scenario, the current ID must match the tag value to enable permissions for the user. For more information, see Tag your Amazon EC2 resources.
Monitoring
Amazon provides multiple native services to monitor and manage your SAP
environment. CloudWatch
Operating system maintenance
In general, operating system maintenance across large estates of Amazon EC2 instances can be managed by using:
-
Third-party products, such as those available on Amazon Web Services Marketplace.
-
Amazon Systems Manager
The following are some key operating system maintenance tasks.
Patching
You can follow SAP recommended patching process to update your landscape on
Amazon. With Amazon Systems Manager Patch Manager
-
Scheduling based on tags
-
Defining patch baselines
-
Auto-approving patches with lists of approved and rejected patches
Amazon Systems Patch Manager integrates with IAM, CloudTrail, and CloudWatch Events to provide
a secure patching experience that includes event notifications and the ability
to audit usage. For details about the process, see How Patch Manager operations work
Maintenance Windows
Amazon Systems Manager Maintenance Windows
Administrator access
For administrative purposes, you can access the backend of your SAP systems via SSH or Amazon Systems Manager Session Manager.
Automation
Amazon Systems Manager Automation simplifies common maintenance and deployment
tasks of Amazon EC2 instances and other Amazon resources. For more information, see Amazon Systems Manager Automation
Automation using Infrastructure-as-Code with Amazon CloudFormation
We recommend following the principle of Infrastructure-as-Code (IaC) for
automating and maintaining your workloads on Amazon. Amazon CloudFormation
Cost optimization
We recommend cost optimization as an ongoing process. There are many Amazon services that help with budgeting, cost control and optimization. For more details, see Cost Optimization Pillar - Amazon Well-Architected Framework and Cost Optimization Pillar -SAP Lens.