SAP BTP with RISE on Amazon - General SAP Guides
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

SAP BTP with RISE on Amazon

You can use SAP Business Technology Platform BTP services on Amazon to extend the functionality of the RISE with SAP. SAP recommends SAP Cloud Connector to connect RISE with SAP VPC with SAP BTP via internet. When both RISE with SAP and SAP BTP run on Amazon (in the same Amazon region or different Amazon regions), the network traffic is encrypted and contained within Amazon Global Network, without going through the internet (see the following diagram). This provides better security and performance for any integration use-cases between RISE with SAP and SAP BTP. For more information, see Amazon VPC FAQs - Does traffic go over the internet when two instances communicate using public IP addresses or when instances communicate with a public Amazon service endpoint ?.

Example connections across Regions

As displayed in the preceding diagram, you can configure Transit Gateway to handle both RISE and BTP network traffic. For more information, see How to route internet traffic from on-premises via Amazon VPC?

SAP also offers SAP Private Link Service for SAP BTP on Amazon. SAP Private Link connects SAP BTP on Amazon with a secure connection without using public IPs in your Amazon account.

Connecting multiple accounts using PrivateLink

You can connect to an Amazon endpoint service from an SAP BTP application running on Cloud Foundry. By establishing this connection, you can directly connect to Amazon services, or for example, to an S/4HANA system. For a complete list of supported Amazon services, see Consume Amazon Web Services in SAP BTP.

You can establish a secure and private communication between SAP BTP and Amazon services with SAP Private Link Service. By using private IP address ranges (RFC 1918), you reduce the attack surface of the application. The connection does not require an internet gateway. If you do not require this extra layer of security, you can still connect via the public APIs of SAP BTP without SAP Private Link, and benefit from Amazon global network. For more information, see Amazon VPC FAQs.

SAP Private Link for Amazon currently supports connections initiated from SAP BTP Cloud Foundry to Amazon.

For Amazon services across Amazon Regions, you can create a VPC in the same Amazon Region as your SAP BTP Cloud Foundry Runtime, and connect these VPCs via VPC peering or Amazon Transit Gateway. For a list of supported Regions, see Regions and API Endpoints Available for the Cloud Foundry Environment.

Connecting multiple accounts in multiple Regions using PrivateLink

SAP Private Link Service is a paid service offered by SAP on SAP BTP. For more information see: SAP Discovery Center – Services – SAP Private Link Service.

Cost associated to Amazon Services in the Amazon account - managed by the Customer to facilitate cross region connectivity for example the Amazon Network Load Balancer, or Transit Gateway vary. For more information on price, see the dedicated pricing pages of the listed Amazon Services.