storage.yaml - AWS S3

This section provides instructions on configuring the storage.yaml file to store documents from SAP S/4HANA through aqilink to a bucket in AWS S3. It includes detailed guidelines for specifying connection parameters and managing authentication to ensure successful integration with AWS S3 as respository.

AWS S3 Bucket Naming Convention

Buckets are automatically created in AWS S3 following a specific naming convention:

Bucket Naming Convention

The bucket name is formed by concatenating the name of the source with a dash (-), followed by the SAP Content Repository Name (lowercase) associated with that source.

Part	Description
Name of the Source	Refer to name parameter in sapHttp.yaml
SAP Content Repository	Refer to Create SAP Content Repository in OAC0

Example

If the name of the source is src-aws-al and the SAP Content Repository Name is S1 , the resulting bucket name would be:

src-aws-al-s1

This means that all documents stored via the SAP Content Repository S1 will be placed in a bucket named src-aws-al-s1.

note

The bucket name is automatically created during the SAP Content Repository initialization and does not need to be manually created in AWS S3 beforehand.

Parameter Overview

The table outlines the available parameters in storage.yaml for specifying a connection to AWS S3.

tip

Use the parameter name to introduce a new element in the context of YAML syntax. This can be useful for easier identification, as this name must be referenced in the related connection from SAP in the sapHttp.yaml.

Parameter	Mandatory	Type	Default	Description
name	Yes	string		The value must be unique and should not contain special characters; only alphanumeric characters (0-9, A-Z) and dashes are allowed.
type	Yes	string		The type of the repository that should be connected. Since the connection routes to AWS S3, the value must be s3.
region	Yes	string		The AWS region where the S3 bucket is hosted (e.g., us-east-1).
forcePathStyle	No	boolean	false	Whether to use path-style access for S3 objects. If set to true, paths will be in the form /bucket/key.
endpoint	Yes	string		The URL endpoint to connect to the S3-service, such as s3.us-east-1.amazonaws.com.
port	No	number	9000	The port number used to connect to the S3 service.
useSSL	No	boolean	false	Whether to use SSL (HTTPS) for connecting to the S3 bucket.
accessKey	Yes	string		The AWS access key for authenticating the connection to the S3 bucket.
secretKey	Yes	string		The AWS secret key for authenticating the connection to the S3 bucket.
certCache	No	Object		Caches the SAP certificate of the current storage configuration for a specified time. Refer to Parameter certCache below.

Parameter certCache

If enabled, aqilink caches the SAP certificate of the current storage configuration until the cache expires. During this time, the cached certificate is used for signature validation.

info

Enabling the certificate cache for a storage configuration can improve performance when storing documents, as it reduces the number of requests by nearly half. However, it may also introduce security risks, as the SAP certificate remains valid in the cache for the specified time, even if it is deleted or deactivated in the repository during that period.
Use this setting with caution!

Parameter	Mandatory	Type	Default	Description
enabled	No	boolean	false	Enable or disable the certificate cache for the the current storage configuration.
expiration	No	duration	1h	Specifies the time before the cache expires. Specifies the time before the cache expires. Use the duration format (e.g., h for hours, m for minutes, s for seconds)

Example

certCache:
  enabled: true
  expiration: 1d

Example Configuration

This sample configuration includes the most relevant properties as explained above.

An example with the required settings to connect from aqilink to AWS S3.

Example

- name: storage-aws
  type: s3
  region: us-east-1
  endPoint: s3.us-east-1.amazonaws.com
  port: 443
  accessKey: AVRT456456765765SVCW
  secretKey: 4v+sEcrE7k3y/fvw57H64h465465sfLtzhutje43