Security - SAP NetWeaver on Amazon
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Amazon provides several security capabilities and services to securely run your SAP applications on Amazon platform. In the context of SQL Server for SAP applications, you can use network services and features such as Amazon VPC, Amazon Virtual Private Network, Amazon Direct Connect, and Amazon EC2 security groups, network access controls, route tables, and so on, to restrict the access to your database.

Network Security

Generally, databases for SAP applications do not require direct user access. We recommend that you only allow network traffic to the Amazon EC2 instance running SQL Server from Amazon EC2 instances running SAP application servers (PAS/AAS) and ASCS/SCS.

By default, SQL Server receives communication on TCP port 1433. Depending on your VPC design, you should configure Amazon EC2 security groups, NACLs, and route tables to allow traffic to TCP Port 1433 from SAP application servers (PAS/AAS) and ASCS/SCS.


We recommend that you encrypt your data stored in Amazon storage services. See the following documentation for more details: