Skip to main content

Guidance for Building an Enterprise-Ready Network Foundation for RISE with SAP on AWS

Open guide

Overview

This Guidance demonstrates how to implement a secure AWS landing zone for RISE with SAP. By setting up direct connections and VPN tunnels, you can establish secure network connectivity between your organization’s infrastructure and AWS. This enables you to create a well-structured multi-account foundation for your SAP and non-SAP workloads, all in an environment that you manage. Without requiring extensive cloud expertise, this approach helps you accelerate deployments, implement security best practices, and create a foundation that scales with your SAP environment.

Benefits

Deploy a secure, compliant multi-account structure that simplifies connectivity between your environment and RISE with SAP. Reduce implementation time while ensuring your network meets SAP requirements.

Implement dual-path network connectivity combining Direct Connect and Site-to-Site VPN for automatic failover. Maintain continuous access to critical SAP applications even during network disruptions or maintenance events.

Enforce consistent security policies through dedicated inspection VPCs and centralized traffic management. Protect sensitive SAP workloads without compromising on the low-latency performance required for business operations.

How it works

These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.

Download the architecture diagram

Deploy with confidence

Dive deep into the implementation guide for additional customization options and service configurations to tailor to your specific needs.

Open guide

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.