AWS for SAP

Amazon SES configuration for SAP ABAP Systems

Introduction

One of the most common requirements when running an SAP system is to send outgoing email, which can come from several different areas, from monitoring and alerting (e.g Solman), batch processing / process chains, workflows, and so on…. If you have moved your SAP system to AWS, you may want to get rid of some mail servers still running on-premises or avoid the deployment of an EC2 instance dedicated to run a SMTP(Simple Mail Transfer Protocol) server.

 

 

Amazon Simple Email Service (SES) is a cost-effective, flexible, and scalable email service that enables customers to send mail from within any application. You can configure Amazon SES quickly to support several email use cases, including transactional, marketing, or mass email communications

In this blog we will guide you through the required steps to configure outbound mail from an SAP ABAP system using Amazon SES (Simple Email Service) service.

 

Prerequisites

As first step, we will be configuring a “Sandbox” account within Amazon SES and verify a sender email address for initial testing. Once all the setup steps will be successful, we can convert this account into Production and the SES service will be accepting all mails coming from our SAP systems (for more details on this topic, please see the Amazon SES documentation).

Within AWS EC2 Console, navigate to Amazon SES and click on Email Addresses, then press the “Verify a New Email Address”. Please enter your email, click on Verify This Email Address and check your mail inbox, you should receive an automated email with a link to confirm that you are authorized to use this email address:

 

Email address verification box

After the verification is completed, the Status will change to green under Verification Status

 

Amazon SES email address verification

 

Once the email address verification is completed, we need to create proper smtp credentials which will be used by our SAP systems. To create the credentials, click on “SMTP Settings” and press the “Create My SMTP Credentials” button.

 

Amazon SES SMTP settings screen

Please also note down the Server Name as it will be required afterwards during the SAP system configuration

Enter a meaningful username and click on create bottom in the bottom right page

 

Amazon SES IAM username input screen

You have the possibility to display and download the SMTP username and password credentials in a csv file (bottom right page)

 

Amazon SES credentials to be used in SAP

 

SAP ABAP Outbound Email Configuration

 

We can now connect to our SAP ABAP system and logon into the working client and call transaction SCOT, select the SMTP nodes, and create a new one via the wizard

 

SCOT landing page

 

Specify a meaningful name and provide the parameters noted during the Amazon SES setup

Press on the settings button, and provide the credentials generated in the previous steps

 

SCOT security settings display

 

Note: some older Netweaver releases might return an error related to the password field length; in such case, some SAP Notes need to be imported to correct the issue ( 1724704, 2439601,2363295 and 2372893).

 

Download the certificate from the Amazon SES SMTP endpoint (for example using this cmd line on a Linux system : openssl s_client -starttls smtp -connect email-smtp.us-east-1.amazonaws.com:587 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’)

Note: the Amazon SES endpoints are region dependent , so please ensure you are using the one within the same region as your SAP systems are deployed or where your central SES services are configured.

In transaction STRUST, import the certificate into the SSL client (Standard) and restart the service via SMICM

 

STRUST ssl configuration with imported Amazon certificate

 

Test outbound email

In transaction SO01, create a test email and press the send button

 

SO01 create mail screen

 

In transaction SOST, you can trigger a send job via menu Send Request → Start Send Process for Selection

 

Transaction SOST displaying email in queue

 

If everything is fine, you will see the status change and get a mail in your inbox

 

Transaction SOST displaying email sent successfully

 

In case of any issue, please check the correct AWS region / SES endpoints are selected (and entered within SCOT), and that SMICM has been restarted after importing the certificate into STRUST. You will find any communication / certificate error messages in ICM logs (SMICM, Goto→ trace files → display all)

 

SAP transaction SMICM display trace files menu

Conclusion

In this blog, we have shown how to configure SAP ABAP systems for sending outbound emails, a very common requirement, both from Business processes and Basis operations perspectives. More information can be found in the following link

Let us know if you have any comments or questions—we value your feedback.