Getting started with the AWS SDK for SAP ABAP

Introduction

Customers have been running SAP workloads on AWS since 2008 and many of these SAP customers have been developing and enhancing their SAP business process using ABAP for much longer. Many customers’ business processes rely on custom ABAP code, and have teams of ABAP developers in-house or through their partners. However, innovating with AWS services for capabilities like machine learning or language translation alongside ABAP has traditionally been cumbersome. To reduce this friction, we announced preview of the AWS SDK for SAP ABAP last November. It makes it easy for ABAP developers to modernize and transform SAP based business processes by connecting to AWS services using the comfort of ABAP programming language, without having to map data formats, create and maintain many point-to-point connections, or integrate SAP and AWS security models.

This blog post shows how you can install and configure AWS SDK for SAP ABAP, then deploy an example ABAP program which lists objects present in an Amazon Simple Storage Service (Amazon S3) bucket. Refer to the AWS SDK for SAP ABAP code examples for additional insight into examples on how to use the AWS SDK for SAP ABAP.

Architecture

When imported into a NetWeaver-based ABAP system, the AWS SDK for SAP ABAP introduces a set of SAP ABAP classes to easily consume AWS service APIs using native ABAP constructs. Developers can use these ABAP based classes in their reports and programs to enhance existing SAP functionalities or develop new applications. Examples include intelligent document processing to automate invoicing, language translation using AWS Translate, or using Amazon S3 to exchange files between SAP and third-party applications.

Prerequisites

For this walkthrough, you should have the following prerequisites:

SAP NetWeaver ABAP 7.40 or above
An AWS account
Files stored in an S3 bucket
IAM roles as per Best practices for IAM Security
SAP Authorizations for AWS SDK for SAP ABAP

Walkthrough

The following steps are covered in this blog:

Setting up AWS SDK for SAP ABAP
Configuring AWS SDK for SAP ABAP
Creating a sample ABAP program

1. Setting up AWS SDK for SAP ABAP

In this section, we will proceed reviewing the pre-requisites, download the AWS SDK for SAP ABAP, and finally, import the required transports into a NetWeaver ABAP system.

There are minimum required versions for the SAP BASIS release and SAP Kernel; a full list of pre-requisites can be found here. Please confirm that the pre-requisites have been fully met before proceeding to import the transports. The AWS SDK for SAP NetWeaver ABAP is available here for download.

The AWS SDK for SAP ABAP is delivered as a compressed archive containing individual ABAP transports for 200+ AWS services with individual transport files (data and co-files) in individual sub-directories. The sub-directories have a 3-letter abbreviation (TLA) which can be found here. The AWS SDK transports are client independent. The core transport is mandatory and contains the SDK runtime code, the module for AWS Security Token Service (AWS STS), and the module for Amazon S3. The remaining SDK modules are each delivered in a separate transport. To keep the size of the SDK small in your system, each SDK module is optional and can be installed if required for your business application.

The installation of the AWS SDK for ABAP is done via importing the required transports. At any time, you can easily patch or upgrade the SDK by importing the latest transports. Once the required modules have been identified, proceed to copy the data files and co-files of the core module and service modules into the data and co-file subdirectories of DIR_TRANS which may be /usr/sap/trans in Linux and a shared UNC path on Windows. Proceed to add the transport requests to the import queue using transaction code STMS.

In the below screenshot, the transports related to Core and AWS Translate have been added to the import queue.

Please note that you may choose to import all transports simultaneously, however if the transports are individually imported, you need to import the core transport first. Ensure that “Ignore Invalid Component Version” option is selected.

The import of the transports may take some time depending on the number of modules selected. Once the transports are imported successfully, STMS will show a green or yellow indicator.

More detailed information related to the installation can be found in Installing the AWS SDK for SAP ABAP Developer Guide.

Uninstallation of the AWS SDK for SAP ABAP is also possible via importing an uninstallation transport. Similar to the installation process, the uninstallation transport will need to be imported by the module. It should be noted that if the core module is uninstalled, all previous configurations done via Implementation Guide(IMG) will be deleted as well.

2. Configuring AWS SDK for SAP ABAP

Before using AWS SDK for SAP ABAP in ABAP programs, you need to configure it using the transaction code /AWS1/IMG. The configurations are stored in a customizing request which can be transported to Quality and Production SAP systems. Refer SAP Authorizations for the authorizations required to execute /AWS1/IMG transaction. The configurations can be broadly classified into four general categories:

Technical Prerequisites
Global Settings
Application Configuration
Runtime Settings

Input /n/AWS1/IMG in the SAPGUI command bar and press Enter to see the Implementation Guide(IMG) for AWS SDK for SAP ABAP. Expand the node AWS SDK for SAP ABAP Settings

2.1. Technical Prerequisites

- - Expand Technical Prerequisites node. Review if the profile parameter icm/HTTPS/client_sni_enabled is set to TRUE and check if AWS Root CA certificates are imported into the “SSL Client Standard” PSE by executing the respective IMG activities

- - If the SAP system is running in a location other than AWS, the following additional settings are required to encrypt credentials (access key ID and secret access key) of the AWS Identity and Access Management user using SAP’s Secure store and forward (SSF) mechanism. Expand the IMG Node Additional Settings for On-Premises systems. Define an SSF application by executing Transaction code SE16 in a new GUI window. Enter the table name SSFAPPLIC. Create a new entry as per the following screenshot.Set the encryption parameters for SSF Application by executing the IMG activity Set SSF Parameters. Choose New Entries. Select the SSF application created in previous step and choose Save. Change Hash Algorithm to SHA256 and Encryption Algorithm to AES256-CBC. Keep all other values as default. Choose Save.Execute the IMG activity Create PSE for SSF Application. You will be navigated to STRUST transaction code. Right click on the SSF SSF Encryption for the AWS SDK for SAP ABAP and choose Create. Accept the default settings.Execute the IMG activity Assign an SSF application to the AWS SDK for SAP ABAP. Create a new entry and enter the SSF Application ID that you had created in table SSFAPPLIC.

2.2. Global Settings

The global settings affect the behaviour of the entire AWS SDK for SAP ABAP.

- - Expand IMG node Global Settings and execute the IMG activity Configure Scenarios. For normal operations, create a scenario called DEFAULT. You can have additional scenarios such as disaster recovery where settings would be different than the DEFAULT scenario. For most use cases the DEFAULT scenario should suffice.
  - The DEFAULT scenario that you created must be set as an active scenario. Expand IMG node Runtime Settings and execute the IMG activity Active Scenario. Select DEFAULT scenario, Choose Commit Scenario Change
  - Configure AWS SDK global configurations by expanding IMG node Global Settings and executing the IMG activity Technical Settings. Create a new entry as per the following screenshot.

2.3. Application Configuration

The Application Configuration consists of creating an SDK Profile and Logical Resource Resolver

- - An SDK Profile groups all the settings required for a typical use case such as invoice or sales order related enhancements. In the SDK profile, you will define SAP settings such as System ID (SID) and Client of SAP system, scenario configured in step 2.2, AWS region to be used, and authentication method. The authentication method to be used depends on whether your SAP system resides in AWS Cloud or outside AWS. Execute the IMG activity SDK Profile. Create a new SDK profile with a meaningful name. In this example we will create a profile with the name ZFINANCE. Choose “Authentication and Settings” from left panel. Create a new entry to enter your SAP system details and your AWS region. The us-east-1 AWS region is used in this example. For the authentication method choose one of the below options.
    - If SAP system runs on Amazon Elastic Compute Cloud (Amazon EC2), choose Instance Role via Metadata as the Authentication method as shown in below screenshot.
    - If SAP system runs on-premises, choose Credentials from SSF Storage as the authentication method and choose Save. Choose Set Credentials. Enter the Access key and Secret access key of the IAM user.
    Choose “IAM Role mapping” from left panel. Enter a name for Logical IAM Role and enter the Amazon Resource Name (ARN) of IAM role provided by the AWS IAM Administrator . This IAM role will have permissions to invoke the required AWS services. In this example, the IAM role will have permissions to list the objects present in an S3 bucket.
  - Logical Resource Resolver prevents hardcoding of AWS resource names (such as S3 bucket) in ABAP program and helps in situations such as Disaster Recovery (DR) where AWS resource names might differ in the DR AWS region. Execute the IMG activity Logical Resource Resolver. Create a new logical resource with a meaningful name. In this example, we will use the name ZFINANCE_S3_RESOURCE. Choose “Physical Resource Mapping” from left panel and enter SAP system settings and Scenario configured in step 2.2 followed by AWS resource name. In this example, enter the S3 bucket name where you have stored your files.The following screenshot shows an S3 bucket named “abap-sdk-demo” which is used in this example. To upload objects to your S3 bucket, choose Upload.

2.4. Runtime Settings

If you need to activate trace for troubleshooting, you can do this by executing the IMG activity Log and Trace and selecting the required trace level.

3. Creating a sample ABAP program

Execute SE38 transaction code and create a program with name zdemo_s3_listbuckets. Replace the contents with the following ABAP code. The code lists the objects present in an S3 bucket using AWS SDK for SAP ABAP. For successful execution, you need to complete the SDK configuration from previous step.

REPORT  zdemo_s3_listbuckets.

START-OF-SELECTION.
  PARAMETERS pv_lres TYPE  /aws1/rt_resource_logical
                     DEFAULT 'ZFINANCE_S3_RESOURCE' OBLIGATORY.

  DATA(go_session) = /aws1/cl_rt_session_aws=>create( 'ZFINANCE'  ).
  DATA(gv_bucket)   = go_session->resolve_lresource( pv_lres ).

  DATA(go_s3)       = /aws1/cl_s3_factory=>create( go_session ).

  TRY.
      DATA(lo_output) = go_s3->listobjectsv2(
            iv_bucket = CONV string( gv_bucket )
            iv_maxkeys = 100
      ).
      LOOP AT lo_output->get_contents(  ) INTO DATA(lo_object).
        DATA lv_mdate TYPE datum.
        CONVERT TIME STAMP lo_object->get_lastmodified( )
                TIME ZONE 'UTC'
                INTO DATE lv_mdate.
        WRITE: /  CONV text30( lo_object->get_key( ) ),
                 lv_mdate, lo_object->get_size( ).
      ENDLOOP.
    CATCH /aws1/cx_rt_generic INTO DATA(lo_ex).
      DATA(lv_msg) = lo_ex->if_message~get_text(  ).
      MESSAGE lv_msg TYPE 'I'.
  ENDTRY.

On executing the program, you should see the output that resembles the example in the following image. The output lists the objects present in your S3 bucket.

Conclusion

In this walkthrough, we’ve shown how you can install and configure AWS SDK for SAP ABAP and how to list the objects present in an S3 bucket with just few lines of ABAP code. With the AWS SDK for SAP ABAP, it is easy for SAP ABAP developers to extend and transform SAP-based business processes by harnessing the power of AWS services natively using the SAP ABAP language.

To learn more, visit the AWS SDK for SAP ABAP page. You can download the AWS SDK for SAP ABAP here.

To learn why thousands of customers choose AWS for SAP, visit the AWS for SAP page.

AWS for SAP