AWS for SAP
Extending SAP Field Service Management with AWS: A Clean Core Approach for Attachment Storage
Digital transformation in field service operations has led to an exponential increase in assets generation and therefore storage requirements. Organizations using SAP Field Service Management (SAP FSM) face growing challenges in managing digital assets captured by field service technicians. These assets can consist of equipment pictures, forms, customer signatures and other critical assets managed when in the field. This post demonstrates how to leverage Amazon Web Services (AWS) to create a scalable, cost-effective attachment storage solution for SAP FSM while adhering to SAP Clean Core Extensibility principle.
Overview
Field service operations generate substantial amounts of attachments throughout their daily activities. While SAP FSM provides native storage capabilities, organizations often require more storage space and a more flexible and cost-effective solutions that allow them to maintain data ownership for compliance reasons while enabling integration with other business processes. By integrating SAP FSM with an organization’s AWS infrastructure, this solution empowers enterprises to maintain control over their data, while also enabling advanced processing and analysis to extract maximum value from the assets created in the field.
The integration proposed in this blog allows organizations to store the attachments generated in SAP FSM in a Amazon Simple Storage Service (S3) bucket in one of their own AWS Accounts, enforcing data ownership and reducing the data footprint in SAP FSM. In addition, an organization can implement additional data processing and analysis on the stored attachments by leveraging AWS services such as Amazon Textract for text extraction, Amazon Rekognition for image analysis, or Amazon Comprehend for natural language processing. Having the full control of these assets is also the starting point or to power more complex solution by leveraging Large Language Models (LLMs) and Knowledge Base integrations to get valuable and contextualized insights in other service and field processes.
How it works
The process begins in the field, where a service technician completes their work at a customer site. Using their mobile device with the SAP FSM application, they capture crucial documents – perhaps taken pictures of the repaired equipment, a customer form, or a detailed service report. When they tap “upload” in their FSM application, they set in motion a chain of events designed to ensure the documents are stored, safely accessible within the organization.
(Figure 1: How it works)
As the attachment lands in SAP FSM, the system’s business rule engine immediately detects this new content. The engine, configured with specific rules for attachment handling, springs into action.
The business rule extracts essential information about the attachment.
This includes its unique identifier, filename, description, timestamp, and relationship to the service call.
The business rule then makes an HTTPS request with the attachment’s metadata to a dedicated API endpoint in the customer’s AWS environment. This API, built on Amazon API Gateway, is protected with a unique API key for the SAP FSM tenant, and IP allowlisted to the SAP FSM environment.
Upon receiving the metadata, the API publishes it to Amazon EventBridge (EventBridge). The handling of this event happens asynchronously by an AWS Lambda (Lambda) function – the attachment processor. This function performs several critical tasks in sequence. First, it authenticates with SAP FSM using OAuth2 credentials stored in AWS Secrets Manager. Once authenticated, it retrieves the actual attachment content using SAP FSM’s attachment API. The function then processes this content, enriching it with the original metadata, and stores everything in a designated S3 bucket. The S3 bucket, configured with appropriate encryption and access controls, serves as the secure, long-term home for the attachment.
Here the detailed architecture diagram:
(Figure 2: Reference Architecture)
The solution allows FSM customers to view operational metrics about the Amazon S3 back-ups of the attachments, and can be installed as an SAP FSM extension.
The extension is a web page, built with React, and hosted on Amazon CloudFront and Amazon S3. SAP FSM administrators can easily install this extension directly from the SAP FSM Extension Catalog, using the CloudFront distribution’s URL (each SAP FSM tenant has its own one). The extension provides real-time visibility into your S3 storage metrics. This built-in Amazon CloudWatch dashboard allows administrators to monitor critical metrics such as the total object count in the S3 bucket, current storage utilization, error rates and failed operations, backup completion status, and data transfer metrics.
Because the extension runs inside user’s browsers, the corresponding API method cannot use API key authentication nor an IP allowlist. Instead, the extension uses a new authentication pattern we developed for integrating SAP FSM with AWS. The extension runs as an HTML iframe inside SAP FSM (as all SAP FSM extensions do), and using the SAP FSM SDK the extension is able to acquire a short-lived token (JWT) for the user. This token contains details about the user and tenant context, and is cryptographically signed by SAP FSM. The token is then used to authorize requests from the extension to AWS API Gateway. For this purpose the solution includes another Lambda function — the custom authorizer. This Lambda function uses the library aws-jwt-verify to verify the token, checking the tenant details (account ID and company ID) and the cryptographic signature. The sample implementation will accept all valid tokens, and can be extended easily to add fine-grained authorization, based on e.g. the `permission_group_id` claim that is set by SAP FSM in the token.
Getting Started
To get started with this solution please refer to the instructions available in this github repository. The high level steps of the implementation includes:
- Review the prerequisites and ensure you have the necessary AWS and SAP FSM access
- Deploy the solution using the provided CloudFormation templates in your region
- Configure the OAuth2 credentials in SAP FSM
- Install and configure the extension in SAP FSM Extension marketplace
- Monitor the implementation through the provided CloudWatch dashboard
Cost Overview
The costs related to deploying and using the solution are mainly related to the volume of attachments created in FSM. For testing purposes, the costs are minimal, less $1 per month.
In for a real production scenario here a simple calculation based on the following assumptions:
| Assumption | Value | Details |
|---|---|---|
| Number of attachments created in SAP FSM (FSM agent) | 100.000 | per Month |
| Volume of attachment (GB) | 100 | per Month |
| Number of http requests for Extension UI (FSM admin user) | 10.000 | per Month |
| AWS Region | eu-central-1 | (Frankfurt) |
| Currency | USD | US Dollars |
(Table 1: Assumptions for cost calculation)
This results in:
Total Monthly Cost: 6.81 USD
Total Yearly Cost: 81.72 USD
Here the breakdown of the costs (full calculation here):
| Description | AWS Service | Monthly (USD) | Year (USD) |
|---|---|---|---|
| Distribution | Amazon CloudFront | 0.23 | 2.76 |
| S3 Bucket (webapp) | S3 Standard | 0.07 | 0.84 |
| S3 Bucket (webapp) | Data Transfer | 0 | 0.00 |
| S3 Bucket (attachments) | S3 Standard | 3.04 | 36.48 |
| S3 Bucket (attachments) | Data Transfer | 0 | 0.00 |
| JWT Authorizer Function | AWS Lambda | 0 | 0.00 |
| JWT Authorizer Function | AWS Lambda | 0 | 0.00 |
| Create FSM BR Function | AWS Lambda | 0 | 0.00 |
| Event Bus | Amazon EventBridge | 0.1 | 1.20 |
| REST API Gateway | Amazon API Gateway | 0.37 | 4.44 |
| Store Attachment Function | AWS Lambda | 0 | 0.00 |
| Metrics | Amazon CloudWatch | 3.0103 | 36.12 |
(Table 2: Cost details)
Conclusion
The integration between SAP Field Service Management and AWS demonstrates how organizations can leverage cloud-native services to build scalable, secure, and cost-effective solutions while maintaining a clean core approach. This solution not only addresses immediate storage challenges but also creates opportunities for advanced data processing and analytics capabilities through AWS services.
Key benefits of this integration include:
- Reduced data footprint in SAP FSM
- Enhanced data sovereignty and control
- Cost-effective scalable storage through S3
- Built-in monitoring and observability
- Potential for advanced analytics and AI/ML integration
- Seamless user experience for field technicians
For organizations looking to optimize their field service operations, this integration represents a strategic step toward digital transformation while maintaining system integrity and scalability. The solution’s serverless architecture ensures minimal operational overhead while providing maximum flexibility for future enhancements.
Join the SAP on AWS Discussion
In addition to your customer account team and AWS Support channels, AWS provides public question and answer forums on our re:Post Site. Our AWS for SAP Solution Architecture team regularly monitor the AWS for SAP topic for discussion and questions that could be answered to assist our customers and partners. If your question is not support-related, consider joining the discussion over at re:Post and adding to the community knowledge base. In addition to that, refer to the AWS Serverless blog section to learn more about serverless and event driven architecture patterns.