storage.yaml - AWS S3
This section provides instructions on configuring the storage.yaml
file to store documents from SAP S/4HANA through aqilink to a bucket in AWS S3. It includes detailed guidelines for specifying connection parameters and managing authentication to ensure successful integration with AWS S3 as respository.
Parameter Overview
The table outlines the available parameters in storage.yaml
for specifying a connection to AWS S3.
Use the parameter name to introduce a new element in the context of YAML syntax. This can be useful for easier identification, as this name must be referenced in the related connection from SAP in the sapHttp.yaml
.
Parameter | Mandatory | Type | Default | Description |
---|---|---|---|---|
name | Yes | string | The value must be unique and should not contain special characters; only alphanumeric characters (0-9, A-Z) and dashes are allowed. | |
type | Yes | string | The type of the repository that should be connected. Since the connection routes to AWS S3, the value must be s3 . | |
region | Yes | string | The AWS region where the S3 bucket is hosted (e.g., us-east-1 ). | |
forcePathStyle | No | boolean | false | Whether to use path-style access for S3 objects. If set to true , paths will be in the form /bucket/key . |
endpoint | Yes | string | The URL endpoint to connect to the S3-service, such as s3.us-east-1.amazonaws.com . | |
port | No | number | 9000 | The port number used to connect to the S3 service. |
useSSL | No | boolean | false | Whether to use SSL (HTTPS) for connecting to the S3 bucket. |
accessKey | Yes | string | The AWS access key for authenticating the connection to the S3 bucket. | |
secretKey | Yes | string | The AWS secret key for authenticating the connection to the S3 bucket. | |
bucket | Yes | string | The name of the S3 bucket where files from SAP S/4HANA will be stored or accessed. | |
prefix | No | string | An optional prefix (or "folder") within the bucket to organize stored files. | |
certCache | No | Object | Caches the SAP certificate of the current storage configuration for a specified time. Refer to Parameter certCache below. |
Parameter certCache
If enabled, aqilink caches the SAP certificate of the current storage configuration until the cache expires. During this time, the cached certificate is used for signature validation.
Enabling the certificate cache for a storage configuration can improve performance when storing documents, as it reduces the number of requests by nearly half. However, it may also introduce security risks, as the SAP certificate remains valid in the cache for the specified time, even if it is deleted or deactivated in the repository during that period.
Use this setting with caution!
Parameter | Mandatory | Type | Default | Description |
---|---|---|---|---|
enabled | No | boolean | false | Enable or disable the certificate cache for the the current storage configuration. |
expiration | No | duration | 1h | Specifies the time before the cache expires. Specifies the time before the cache expires. Use the duration format (e.g., h for hours, m for minutes, s for seconds) |
certCache:
enabled: true
expiration: 1d
Example Configuration
This sample configuration includes the most relevant properties as explained above.
An example with the required settings to connect from aqilink to AWS S3 bucket with name sap-documents
.
- name: storage-aws
type: s3
region: us-east-1
endPoint: s3.us-east-1.amazonaws.com
port: 443
accessKey: AVRT456456765765SVCW
secretKey: 4v+sEcrE7k3y/fvw57H64h465465sfLtzhutje43
bucket: sap-documents
prefix: AL