Skip to main content

storage.yaml - AWS S3

This section provides instructions on configuring the storage.yaml file to store documents from SAP S/4HANA through aqilink to a bucket in AWS S3. It includes detailed guidelines for specifying connection parameters and managing authentication to ensure successful integration with AWS S3 as respository.

Parameter Overview

The table outlines the available parameters in storage.yaml for specifying a connection to AWS S3.

tip

Use the parameter name to introduce a new element in the context of YAML syntax. This can be useful for easier identification, as this name must be referenced in the related connection from SAP in the sapHttp.yaml.

ParameterMandatoryTypeDefaultDescription
nameYesstringThe value must be unique and should not contain special characters; only alphanumeric characters (0-9, A-Z) and dashes are allowed.
typeYesstringThe type of the repository that should be connected. Since the connection routes to AWS S3, the value must be s3.
regionYesstringThe AWS region where the S3 bucket is hosted (e.g., us-east-1).
forcePathStyleNobooleanfalseWhether to use path-style access for S3 objects. If set to true, paths will be in the form /bucket/key.
endpointYesstringThe URL endpoint to connect to the S3-service, such as s3.us-east-1.amazonaws.com.
portNonumber9000The port number used to connect to the S3 service.
useSSLNobooleanfalseWhether to use SSL (HTTPS) for connecting to the S3 bucket.
accessKeyYesstringThe AWS access key for authenticating the connection to the S3 bucket.
secretKeyYesstringThe AWS secret key for authenticating the connection to the S3 bucket.
bucketYesstringThe name of the S3 bucket where files from SAP S/4HANA will be stored or accessed.
prefixNostringAn optional prefix (or "folder") within the bucket to organize stored files.
certCacheNoObjectCaches the SAP certificate of the current storage configuration for a specified time.
Refer to Parameter certCache below.

Parameter certCache

If enabled, aqilink caches the SAP certificate of the current storage configuration until the cache expires. During this time, the cached certificate is used for signature validation.

info

Enabling the certificate cache for a storage configuration can improve performance when storing documents, as it reduces the number of requests by nearly half. However, it may also introduce security risks, as the SAP certificate remains valid in the cache for the specified time, even if it is deleted or deactivated in the repository during that period.
Use this setting with caution!

ParameterMandatoryTypeDefaultDescription
enabledNobooleanfalseEnable or disable the certificate cache for the the current storage configuration.
expirationNoduration1hSpecifies the time before the cache expires. Specifies the time before the cache expires. Use the duration format (e.g., h for hours, m for minutes, s for seconds)
Example
certCache:
enabled: true
expiration: 1d

Example Configuration

This sample configuration includes the most relevant properties as explained above.

An example with the required settings to connect from aqilink to AWS S3 bucket with name sap-documents.

Example
- name: storage-aws
type: s3
region: us-east-1
endPoint: s3.us-east-1.amazonaws.com
port: 443
accessKey: AVRT456456765765SVCW
secretKey: 4v+sEcrE7k3y/fvw57H64h465465sfLtzhutje43
bucket: sap-documents
prefix: AL