Connecting to RISE using your single Amazon account
You can establish connectivity between on-premises and RISE with SAP VPC using your Amazon account. This method provides you with more control but also requires managing Amazon services in your Amazon account. You can use any one of the following options.
-
Amazon Transit Gateway – Share Amazon Transit Gateway resource in you Amazon account with Amazon account managed by SAP.
-
Amazon VPN with Amazon Transit Gateway – Create an IPsec VPN connection between your remote network and transit gateway over the internet. For more information, see How Amazon Site-to-Site VPN works and Transit gateway VPN attachments.
-
Direct Connect gateway – Create a Direct Connect gateway with a transit virtual interface. For more information, see Transit gateway attachments to a Direct Connect gateway.
To strengthen the security, see How do I establish an Amazon VPN over an Amazon Direct Connect connection?
The following image shows this option within the same Amazon Regions.
The following image shows this option across different Amazon Regions.
When you choose Amazon Site-to-Site VPN and/or Amazon Direct Connect to establish connectivity between on-premises and RISE with SAP VPC using a Transit Gateway in the Amazon account - managed by the Customer, either in the same Amazon Region or a different Amazon Region than the RISE with SAP VPC, the following applies.
Hourly cost:
As the Amazon Site-to-Site VPN is residing in the Amazon account – managed by Customer and is attached to the Transit Gateway that resides in the Amazon account – managed by Customer, the cost for the VPN connection and the cost for the Transit Gateway attachment are billed to the Amazon account – managed by Customer
As the Direct Connect and Direct Connect Gateway is residing in the Amazon account – managed by Customer and is attached to the Transit Gateway that resides in the Amazon account – managed by Customer the cost for the Amazon Direct Connect ports hours and the cost for the Transit Gateway attachment are billed to the Amazon account – managed by Customer.
For peering attachments, each Transit Gateway owner is billed hourly for the peering attachment with the other Transit Gateway.
Data processing charges:
Data processing charges apply for each gigabyte sent from a VPC, Direct Connect or VPN to/via the Transit Gateway.
Depending on the source and destination the data processing charges vary and will be billed to the Amazon account – managed by Customer, or are already included in the RISE subscription (For a cost estimation example: see below)
For more information see:
|
Pricing example – Transit Gateway in VPCs in the same region via VPN or Direct Connect
[note: cost between Amazon Regions vary. For more information see: Amazon EC2 pricing Data Transfer 
1). 200GB of data sent from a VPC in the Amazon account – managed by SAP via the Transit Gateway that resided in the Amazon account – managed by Customer via a VPN or Direct Connect in the Amazon account – managed by SAP towards On-Premises: 200GB * $0.02per-GB = $4 (Transit Gateway data processing) + 100 GB * $0.09per-GB = $9 (VPN data transfer out, with the first 100 GB are free, then $ 0.09 per-GB) = $13 (Total data transfer out billed to Amazon account – managed by SAP) or 200GB * $0.02per-GB = $4 (Transit Gateway data processing) + 200GB * ($0.02-$0.19per-GB) = $4-$38 (Direct Connect data transfer out) = $8-$42 (Total data transfer out billed to Amazon account – managed by SAP) Data processing is charged to the VPC owner who sends the traffic to Transit Gateway. As the sending VPC is residing in the Amazon account – managed by SAP and the cost for data transfer is included in the RISE Subscription, therefore the Amazon account – managed by Customer will not incur Data Transfer cost in this example. 2). 200GB of data sent from On-Premises via a VPN or Direct Connect in the Amazon account – managed by Customer via the Transit Gateway that resided in the Amazon account – managed by Customer towards VPC in the Amazon account – managed by SAP: 200GB * $0.00per-GB = $0 (VPN data transfer in) + 200GB * $0.02per-GB = $4 (Transit Gateway data processing) + $0 (VPN data transfer in) = $4 (Total data transfer in billed to Amazon account – managed by Customer) or 200GB * $0.00per-GB = $0 (Direct Connect data transfer in) + 200GB * $0.02per-GB = $4 (Transit Gateway data processing) = $4 (Total data transfer in billed to Amazon account – managed by Customer) Data transfer into Amazon is free and this also applies to VPN and Direct Connect therefore the only data processing charge is the data processing of the Transit Gateway. As Transit Gateway resides in the Amazon account – managed by Customer the cost for data transfer is billed to the Amazon account – managed by Customer |
|
Pricing example – Transit Gateway in VPCs in the different regions via VPN or Direct Connect
[note: cost between Amazon Regions vary. For more information see: Amazon EC2 pricing Data Transfer 
1). 200GB of data sent from a VPC in the Amazon account – managed by SAP via the Transit Gateway that resided in the Amazon account – managed by SAP that is peered with an Transit Gateway in a different Region in the Amazon account – managed by Customer via a VPN OR Direct Connect in the Amazon account – managed by Customer towards On-Premises: 200GB * $0.02per-GB = $4 (Transit Gateway data processing) + 200GB * ($0.01-$0.138per-GB) = $2-$27.6 (Region out) + 100GB * $0.09per-GB = $9 (VPN data transfer out, with the first 100 GB are free, then $ 0.09 per-GB) = $15-$40.6 (Total data transfer out billed to Amazon account – managed by SAP) or 200GB * $0.02per-GB = $4 (Transit Gateway data processing) + 200GB * ($0.01-$0.138per-GB) = $2-$27.6 (Region out) + 200GB * ($0.02-$0.19per-GB) = $4-$38 (Direct Connect data transfer out) = $10-$69.6 (Total data transfer out billed to Amazon account – managed by SAP) Data processing is charged to the VPC owner who sends the traffic to Transit Gateway. As the sending VPC is residing in the Amazon account – managed by SAP and the cost for Data Transfer is included in the RISE subscription, therefore the Amazon account – managed by Customer will not incur Data Transfer cost in this example. 2). 200GB of data sent from On-Premises via a VPN or Direct Connect in the Amazon account – managed by Customer via the Transit Gateway that resided in the Amazon account – managed by Customer via a peered Transit Gateway in a different region in the Amazon account – managed by SAP towards a VPC in the Amazon account – managed by SAP: 200GB * $0.02per-GB = $4 (Transit Gateway data processing) + 200GB * $0.00per-GB = $0 (VPN data transfer in) + 200GB * ($0.01-$0.138per-GB) = $2-$27.6 (Region out) = $6-$31.6 (Total data transfer in billed to Amazon account – managed by Customer) or 200GB * $0.02per-GB = $4 (Transit Gateway data processing) + 200GB * $0.00per-GB = $0 (Direct Connect data transfer in) + 200GB * ($0.01-$0.138per-GB) = $2-$27.6 (Region out) = $6-$31.6 (Total data transfer in billed to Amazon account – managed by Customer) Data transfer into Amazon in is free and this also applies to VPN and Direct Connect therefore the data processing charge is the data processing of the Transit Gateway and the inter-region data transfer charges. As Transit Gateway resides in the Amazon account – managed by Customer, the cost for data transfer is billed to the Amazon account – managed by Customer. |