AL1: AWS Setup

SAP NetWeaver ABAP-based systems supports IDocs framework that powers master and transactional data distributions across SAP and non-SAP systems.

The following architecture diagram shows the workflow for integrating IDocs with Amazon S3, which incorporates basic authentication.

Preparation menu

➡️ Master data integration: If a customers SAP application is the source of truth for all your master data like material master and customer master, and you’re integrating this master data with non-SAP applications and other software as a solution (SaaS) offerings.

  • You can set up Application Link Enabling in SAP, and extract the master data from SAP as IDocs for storing in Amazon S3.

  • Once the data lands in Amazon S3, you can integrate the master data with other applications, or use the data in your data lake solutions. For a list of all master data objects supported by ALE, see Distributable Master Data Objects

For simplicity we recommend to use AWS Cloud9. You can also use your preferred IDE or local terminal as well (Mac, Windows or Linux).

  1. Clone the Aws-sap-hdb package to your local folder of your choice.
$ git clone

  1. In the terminal/command window,(mac) navigate to the downloaded folder.

$ cd aws-cloudformation-apigw-sap-idocs

  1. Change execute access permission for the file and execute the script.
$ chmod +x
$ ./

  1. Previous step creates the build folder. Navigate to the newly created build folder.
$ cd build

  1. Open the file (Cloud9: simply doubleclick) and edit variable values as applicable. Adjust the following values to suit your needs:

• (Mandatory) S3BucketForArtifacts – Where all the artifacts required by the CloudFormation template will be stored

-> Make sure to choose a unique id e.g. append account number

• (Optional) S3BucketForIdoc – Where all the post data from SAP will be stored

• (Optional) USERNAME – The Amazon Cognito user name

• (Optional) EMAILID – The email ID attached to the Amazon Cognito user name

Make sure to save the file!

Preparation menu

  1. Change execute access permission for the file, and execute the script. Make sure your AWS Command Line Interface (AWS CLI) is configured for the correct account and region. For more information, see Configuring the AWS CLI.
$ chmod +x
$ ./

When prompted for a password, choose Initpass1.

The script performs the following actions:

  • Creates an S3 bucket in your AWS account (per the name specified for variable S3BucketForArtifacts in the file)

  • Uploads all the required files to the S3 bucket

  • Deploys the CloudFormation template in your account

  • Once all the resources are created, creates an Amazon Cognito user (per the value provided for variable USERNAME in the file)

  • Sets its password (per the value that you provide when you run the script)

➡️ For more information about the created resources, see the “CloudFormation resources” section in this blog.

In case of deployment errors, please verify if you have chosen a unqiue name for S3BucketForArtifacts and have saved the file. You might also need to reset the deployment in case of a previous failure by executing
aws cloudformation delete-stack --stack-name apigwsapidocadapter