Security and compliance
The following are additional Amazon security resources to help you achieve the optimum level of security for your SAP NetWeaver environment on Amazon:
OS Hardening
Check the following resources to strengthen the security of your workloads. You must have access to the SAP portal to view the SAP Notes.
To follow the CIS Benchmarks, see Securing Oracle
Linux
Encryption
The important aspect of securing your workloads is encrypting your data, both at rest and in transit. For more details, refer to the following:
In addition to Amazon encryption features, you can also use Oracle Transparent
Data Encryption, as described in SAP Note
974876
Security group
A security group
Customers often separate the SAP system into multiple subnets, with the database in a separate subnet to the application servers, and other components, such as a web dispatcher in another subnet, possibly with external access.
If workloads are scaled horizontally, or high availability is necessary, you may choose to include multiple, functionally similar, Amazon EC2 instances in the same security group. In this case, you must add a rule to your security groups.
If Linux is used, some configuration changes may be necessary in the security
groups, route tables, and network ACLs. For more information, see Security group rules for different use cases
Network ACL
A network access control list (ACL)
See Amazon VPC Subnet Zoning Patterns for SAP on Amazon
API call logging
Amazon CloudTrail is a web service that records Amazon API calls for your account and delivers log files to you. The recorded information includes the identity of the caller, time of the call, source IP address, request parameters, and response elements returned by the Amazon service. With CloudTrail, you can get a history of Amazon API calls for your account, including API calls made via Amazon Web Services Management Console, Amazon SDKs, command line tools, and higher-level Amazon services (such as, Amazon CloudFormation). The Amazon API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
Notification on access
You can use Amazon SNS