AWS for SAP

Tagging recommendations for SAP on AWS

Customers running SAP on AWS often ask us if we’ve seen reusable trends in tagging strategies for SAP workloads. Tags are simple labels consisting of a customer-defined key and an optional value. Tags enable customers to assign metadata to cloud resources, making it easier to manage, search, and filter existing resources.

In this post, we outline the benefits of tagging and provide recommendations for customers and partners deploying SAP workloads on AWS. Recommended tags are based on practices we’ve seen across a number of our engagements. Customers can directly use all of these tags or modify them to fit their own needs.

Tagging benefits

  • Customers use tags for operation and deployment automation activities, such as snapshots of storage volumes, OS patching, and AWS System Manager automation. SAP customers can also use tags for automating the start/stop of SAP servers, running cron jobs, and monitoring/alerting capabilities.
  • Partners use AWS tags for solution deployment. High availability cluster, backup, and monitoring solutions often rely on AWS resource tags for their operations.
  • AWS billing reports support the use of tags. Customers can create cost allocation tags that help identify pricing of AWS resources based on individual accounts, resources, business units, and SAP environments.
  • AWS Identity and Access Management (IAM) policies support tag-based conditions, enabling customers to constrain permissions based on specific tags and their values. IAM user or role permissions can include conditions to limit access to development, test, or production environments or Amazon Virtual Private Cloud (Amazon VPC) networks based on their tags.
  • Tags can be assigned to identify resources that require heightened security risk management practices. For example, Amazon Elastic Compute Cloud (Amazon EC2) instances hosting applications that process sensitive or confidential data. This can enable automated compliance checks to ensure that proper access controls are in place or that patch compliance is up-to-date.

Tagging considerations

  • Tags can be applied anytime: Tags can be created and applied after a resource is created. However, no information is captured between the time the resource was created and when the tag was applied.
  • Tags are not retroactive: Cost allocation reports are only available from the point in time they were activated. If cost allocation is activated in October, no information from September is displayed.
  • Tags are static snapshots in time: Changes made to tags after a report is executed are not reflected in previous reports.
  • Tags must be denoted for cost allocation: After creating a new tag, it must be asked/activated/added as a cost allocation tag. If it is not, it is not visible in Detailed Billing Reports (DBR) or AWS Cost Explorer.

Tagging strategies

  • Define naming convention: Tags are case-sensitive, so define standards for your AWS resources. For example, tag key names should use upper CamelCase (or PascalCase) for manual creation. CamelCase combines words/abbreviations by beginning each word with a capital letter, such as MiscMetadata and SupportEndpoints.
  • Standardize delimiters: Do not use delimiters as part of tag values. This works well with case-sensitive tags.
  • Use concatenated/compound tagging: Combine multiple values for a tag key (Owner = JohnDoe | johndoe@company.com | 8005551234). PascalCase should be used to standardize compound tags.

Tagging suggestions

Note: We can use a “<customer name>:” prefix – to clearly differentiate company-defined tags from tags defined by AWS or required by third-party tools a customer may use.

Tag Name <customer name>:name
Purpose Identifies the resource name. Can be the hostname of the SAP server.
Values String
Example: aws2sql01
Cost Allocation Tag? Yes
Tag Name <customer name>:sap-product
Purpose Identifies the SAP product running for SAP Resource.
Values String
Examples: ecc, bw, po, solman, content-server
Cost Allocation Tag? Yes
Tag Name <customer name>:sid
Purpose Identifies the SAP system SID.
Values String
Cost Allocation Tag? No
Tag Name <customer name>:landscape-type
Purpose Identifies the SAP landscape type support or project.
Values String
Examples: n, n+1, n+2
Cost Allocation Tag? No
Tag Name <customer name>:ha-node
Purpose Identifies the HA cluster node.
Values String
Examples: primary, secondary, disaster recovery (DR)
Cost Allocation Tag? No
Tag Name <customer name>:backup
Purpose Identifies the backup policy for the server.
Values String
Examples: daily-full, daily-incremental, weekly-full
Cost Allocation Tag? No
Tag Name <customer name>:environment-type
Purpose Identifies whether the resource is part of a production or non-production type of environment.
Values String
Examples: lab, development, staging, production
Cost Allocation Tag? No
Tag Name <customer name>:created-by
Purpose For tracking the AWS account ID, IAM user name, or IAM role that created the resource.
Values String
Examples: account-id, user name, role session name
Cost Allocation Tag? Yes
Tag Name <customer name>:application
Purpose Identifies the resource application name.
Values String
Example: sap
Cost Allocation Tag? Yes
Tag Name <customer name>:app-tier
Purpose The tier key is used to designate the functional tier of the associated AWS resource. This key provides another way to deconstruct AWS spending to understand how each infrastructure subcomponent contributes to overall cost. Also used for determining backup and disaster-recovery requirements. It is also useful for threat modeling when using tools such as AWS Tiros.
Values String
Examples: Web, app, data, network, other
Cost Allocation Tag? No
Tag Name <customer name>:cost-center
Purpose Identifies the cost center of the department that is billed for the resource.
Values Numeric cost center code
Cost Allocation Tag? Yes

Additional tagging options

Customers can also consider tags for poweroff-time, poweron-time, business-stream, resource-owner-email, and support-team-email with their AWS resources.

The screenshot below shows an examples of some tags that have been set up. In this example, abc is the company name.

This is an image of sample tags that have been set up for ABC company. Tags include app-tier, application, backup, cost-center, created-by, environment-type, ha-node, landscape-type, resource-owner-email, product, sid, and support-team-email.

Figure 1: SAP Server Tagging Example

Conclusion

Tagging strategies differ from customer to customer depending on their needs. Our SAP Professional Services practice has found it useful to provide a prescriptive starting point for customers to build from. The most important aspects of tagging are defining what works for your organization and remaining precise and accurate. Please also review tag restrictions while preparing the tagging strategy for your SAP workloads.

Let us know if you have any comments or questions—we value your feedback.