Skip to end of metadata
Go to start of metadata

We recommend not modifying SAP Cloud Appliance Library solution instances via the AWS Management Console because such actions can cause solution instances to become non-functional or unsafe. SAP Cloud Appliance Library is not a managed service and therefore all further OS modifications and their consequences are only user’s responsibility.

How to create an AWS account?

You can use the procedure for creating an AWS account from the AWS documentation. For isolation we recommend using a separate AWS account for SAP Cloud Appliance Library. Such type of accounts can be created with the consolidated billing in AWS. For more information about the consolidate billing, see the AWS documentation.

How do I enable the Amazon EC2 Service for the user?

To enable AWS services for your account you have to associate a payment method to your account. Please see the AWS documentation for available payment options. 

How do I get the Access/Secret Key for my AWS account?

You can use the procedure from AWS documentation

How to configure your IAM user?

1. In AWS Identity and Access Management (IAM), create new group with the following policies:

  • AmazonEC2FullAccess
  • AmazonVPCFullAccess
  • ReadOnlyAccess
  • AWSAccountUsageReportAccess

2. Create a new user in IAM and assign to it the new group.

3. Generate the credentials for this new user.

In the SAP Cloud Appliance Library you should use the credentials of the user. 

How to configure your IAM user for Kubernetes based solutions?

If you want to use Kubernetes based solutions, you need to add also the following predefined AWS policies:

  • AmazonEC2ContainerRegistryFullAccess
  • AmazonS3FullAccess
  • AutoScalingFullAccess
  • ElasticLoadBalancingFullAccess
  • IAMFullAccess

In addition, you need to create two custom policies:

  • One for the CloudFormation service:


    "Version": "2012-10-17",

    "Statement": [


            "Effect": "Allow",

            "Action": "cloudformation:*",

            "Resource": "*"




  • One for the Elastic Kubernetes service:


    "Version": "2012-10-17",

    "Statement": [


            "Effect": "Allow",

            "Action": "eks:*",

            "Resource": "*"




For more information how to create IAM policies in AWS, see this document

What is the default AWS region in CAL?

The default AWS region for SAP Cloud Appliance Library content is US-EAST-1. 

What is the default Availability Zone (AZ) for the selected region?

The default AZ is a property of the AWS account of the customer. SAP CAL does not specify an AZ when starting an instance. If a default AZ is not set in the account the AWS backend will choose an appropriate AZ for you. 

How is the recommended t-shirt sizing calculated?

Every SAP solution available in SAP CAL comes with a recommended t-shirt size. The t-shirt sizes may differ between the solutions. The recommended size is a guidance from SAP to satisfy the minimum requirements to run the solution on AWS. It does not provide any guidance on the maximum amount of application users which are supported, the guaranteed IOPS, response time and storage/network bandwidth. For additional sizing questions please get in touch with Amazon Web Services or take a look at the SAPS ratings of conducted Benchmarks on the AWS infrastructure available here: (SAP S-User credentials required). 

When will other AWS regions be supported?

If you have already purchased the SAP Cloud Appliance Library subscription and you need a solution to be available in a region different from US-EAST-1, you can open a normal support ticket within the SAP Cloud Appliance Library (BC-VCM-CAL) component and we enable the solution in your desired AWS region free of charge. 

Where do I find information on the configuration of an Amazon VPC / VPN?

There are various ways to do the VPC and VPN configuration on AWS. For example via hardware assisted VPN through routers (external Link - Hardware assisted VPC) or software assisted with OpenVPN as described here ( For more information about Amazon VPC, see the AWS documentation

How to increase your AWS Service quotas?

To see the procedure how to increase the AWS Service quota, please check the following AWS documents: 

Note that you can check the size requirements by going to the solution details in the SAP Cloud Appliance Library and navigating to the RECOMMENDED VM SIZES section. There you can see the required cores for each virtual machine.

If you would like to see the details of the different available sizes for the solution, you can choose Calculate Cost and choose the desired cloud provider and select the required region. There you will see the different available sizes and their details, as well as the required storage to successfully start the solution instance. Please note that the update of the quota generally takes some time. Additionally, it is possible that some of the quota may be consumed by activities not related to the work with the SAP Cloud Appliance Library.

How to activate already created instance without sufficient Amazon r4 VM sizes quota?

If instance activation fails due to not enough r4 resources in your AWS account, please follow this procedure:


You should create a backup of your instance in SAP Cloud Appliance Library. For more information, see Backing Up Solution Instances.

  1. Activate your solution instance to execute some manual commands on it. And if the resource shortage persists, please contact Amazon Web Services support.
  2. For every Linux-based virtual machine in your system landscape, log on to the OS level.
  • For SLES 12 SP4 and earlier SLES 12 version execute the following command on the OS level:

echo 'add_drivers+=" ena ext4 nvme nvme-core virtio virtio_scsi xen-blkfront xen-netfront "' >> /etc/dracut.conf.d/07-aws-type-switch.conf; mkinitrd

  • For SLES 12 SP5 and later based instances execute the following command on the OS level:

echo 'add_drivers+=" ena ext4 nvme nvme-core xen-blkfront xen-netfront "' >>  /etc/dracut.conf.d/07-aws-type-switch.conf; mkinitrd

   For more information about those updates, check this page.

  • If your system landscape contains an "SAP BusinessObjects BI Platform" virtual machine, execute these additional commands on the OS level:

                cp /etc/fstab /etc/fstab.1

                while read d r ; do if [ -b $d ]; then echo "$(blkid -o export $d | grep ^UUID) $r" ; else echo "$d $r" ; fi ; done  < /etc/fstab.1 > /etc/fstab

                diff -u /etc/fstab.1  /etc/fstab

3. Save the output of the last command on your desktop for future reference.

4. Go to SAP Cloud Appliance Library and open the instance details. Then choose EditFor more information, see Editing a Solution Instance

5. Navigate to the Virtual Machines section and for every virtual machine running with an r4 VM size from the dropdown select the corresponding r5 value.

6. Save your entries. Note that saving the changes will suspend your solution instance.

7. Activate this solution instance and continue working on it.


If you experience any problems, please contact us via the official support channels.

Can I use Reserved Instances with SAP Cloud Appliance Library?

Yes, you can. Reserved instances are similar to a billing entitlement that you purchase. You need to purchase a suitable Reserved Instance that matches your desired instance within CAL. If the instance in CAL for example is using the instance type r3.8xlarge in the us-east region, you would need to purchase a Reserved Instance of r3.8xlarge with SUSE Linux in the us-east region. Once you purchased the Reserved Instance you can benefit from the new cost structure (e.g. lower hour costs). For more information about Amazon Reserved Instances, see the AWS Reserved Instances Documentation

Can I restart the SAP System during the initial waiting period?

No, you should not do that at any point in time during the provisioning process. The initial waiting time is required so that mandatory configurations of the SAP system are performed before you can use it. In case you log on with SSH to the instance and execute stopsap on the command line – you corrupted the configuration process and the SAP system is in an unrecoverable state. If this happened you have to terminate the instance in SAP Cloud Appliance Library and start it from scratch. 

Can I connect a CAL deployed solution to my on-premise systems?

Yes, you can do that. First you would need a VPC with a functional VPN connection to your corporate network.  

How to proceed when my instance is in the status Undefined and the AWS account that I use is currently being verified?

This issue might occur when a user creates a solution instance in the SAP Cloud Appliance Library and he or she uses a newly created AWS account that is still being verified. In this case the user has to terminate the failed solution instance from the SAP Cloud Appliance Library as it will not be recovered and then to try to create a new instance a few hours later. If the verification of the new AWS account takes more than two hours, please contact the AWS support team. 

How to access to backend servers on the Operating System (OS) level?

Depending on the overall requirements your solution may consist of one or more servers running either on a Linux OS and/or on a Windows OS.

Access to Linux OS on Backend

If you need OS access, you can use SSH connectivity:

Parameter IDValueDescription
OS User NamerootThe default Operating System administrator user.
OS Password<none>Use the private key (downloaded during the activation of the SAP instance in SAP Cloud Appliance Library) for logging on with the root user.

Access to Windows OS on Backend

If you need OS access, you can use RDP connectivity:

  • Microsoft Windows : Start the Remote Desktop Connection using the Start Menu (All Programs > Accessories) or executing mstsc.exe.
  • Apple Mac OS X Use the free Microsoft Remote Desktop app available in the Mac App Store to connect to your frontend.
  • Linux : Use your preferred RDP client.
Parameter IDValueDescription
OS User NameAdministratorThe default OS administrator user for Windows.
OS Password<none>

The master password is used for accessing the system. It is provided by the user during the creation of the solution instance in SAP Cloud Appliance Library.


  • No labels