AWS sap documentation change
Summary
Formatting changes, URL syntax fixes, command placeholder standardization, and minor text corrections (e.g., quotes, hyphens). Added proper CLI command formatting with angle brackets for placeholder values.
Security assessment
Changes are primarily documentation formatting improvements and command syntax standardization. No new security content added or vulnerabilities addressed. Existing security-relevant content (IAM roles, instance hardening) remains unchanged in substance.
Diff
diff --git a/sap/latest/sap-AnyDB/ase-sles-ha-settings.md b/sap/latest/sap-AnyDB/ase-sles-ha-settings.md index 92bfa2ac8..81a625ecf 100644 --- a//sap/latest/sap-AnyDB/ase-sles-ha-settings.md +++ b//sap/latest/sap-AnyDB/ase-sles-ha-settings.md @@ -145 +145 @@ Create these policies with least-privilege permissions, granting access to only -For more information, see [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile). +For more information, see {https---docs-aws-amazon-com-AWSEC2-latest-UserGuide-iam-roles-for-amazon-ec2-html-ec2-instance-profile}[IAM roles for Amazon EC2]. @@ -236 +235 @@ AWS CLI -Use the [modify-instance-attribute](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-instance-attribute.html) command to disable source/destination check. + * Use the [modify-instance-attribute](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-instance-attribute.html) command to disable source/destination check. @@ -240 +239,5 @@ Run the following commands for both instances in the cluster. - * aws ec2 modify-instance-attribute --instance-id i-xxxxinstidforhost1 --no-source-dest-check +** + + + + @@ -242 +245 @@ Run the following commands for both instances in the cluster. - * aws ec2 modify-instance-attribute --instance-id i-xxxxinstidforhost2 --no-source-dest-check + aws ec2 modify-instance-attribute --instance-id <i-xxxxinstidforhost1> --no-source-dest-check @@ -243,0 +247 @@ Run the following commands for both instances in the cluster. +** @@ -245,0 +250 @@ Run the following commands for both instances in the cluster. + aws ec2 modify-instance-attribute --instance-id <i-xxxxinstidforhost2> --no-source-dest-check @@ -250 +255 @@ AWS Management Console -Ensure that the **Stop** option is checked in [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). + * Ensure that the **Stop** option is checked in [https://console.aws.amazon.com/ec2/](https://console.aws.amazon.com/ec2/). @@ -267 +275 @@ Modifying instance maintenance options will require admin privileges not covered - aws ec2 modify-instance-maintenance-options --instance-id i-xxxxinstidforhost1 --auto-recovery disabled + aws ec2 modify-instance-maintenance-options --instance-id <i-xxxxinstidforhost1> --auto-recovery disabled @@ -270 +278 @@ Modifying instance maintenance options will require admin privileges not covered - aws ec2 modify-instance-maintenance-options --instance-id i-xxxxinstidforhost2 --auto-recovery disabled + aws ec2 modify-instance-maintenance-options --instance-id <i-xxxxinstidforhost2> --auto-recovery disabled @@ -279 +287 @@ Modifying instance attributes will require admin privileges not covered by the I - aws ec2 modify-instance-attribute --instance-id i-xxxxinstidforhost1 --no-disable-api-stop + aws ec2 modify-instance-attribute --instance-id <i-xxxxinstidforhost1> --no-disable-api-stop @@ -282 +290 @@ Modifying instance attributes will require admin privileges not covered by the I - aws ec2 modify-instance-attribute --instance-id i-xxxxinstidforhost2 --no-disable-api-stop + aws ec2 modify-instance-attribute --instance-id <i-xxxxinstidforhost2> --no-disable-api-stop @@ -290 +298 @@ Use the same tag key and the local hostname returned using the command `hostname -Amazon EC2 | Key example | Value example + Amazon EC2 | Key example | Value example @@ -414 +417 @@ This is applicable to both cluster nodes. Time synchronization is important for -You can use Amazon Time Sync Service that is available on any instance running in a VPC. It does not require internet access. To ensure consistency in the handling of leap seconds, don't mix Amazon Time Sync Service with any other `ntp` time sync servers or pools. +You can use Amazon Time Sync Service that is available on any instance running in a VPC. It does not require internet access. To ensure consistency in the handling of leap seconds, don’t mix Amazon Time Sync Service with any other `ntp` time sync servers or pools. @@ -429,2 +431 @@ Start the `chronyd.service`, using the following command. - -For more information, see [Set the time for your Linux instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html). +For more information, see <https://docs.aws.amazon.com/> AWSEC2/latest/UserGuide/set-time.html[Set the time for your Linux instance]. @@ -436 +437 @@ This is applicable to both cluster nodes. The cluster resource agents use AWS Co -You can either edit the config file at `/root/.aws` manually or by using [`aws configure`](https://docs.aws.amazon.com/cli/latest/reference/configure/index.html) AWS CLI command. +You can either edit the config file at `/root/.aws` manually or by using [aws configure](https://docs.aws.amazon.com/cli/latest/reference/configure/index.html) AWS CLI command. @@ -441,3 +442,3 @@ You can skip providing the information for the access and secret access keys. Th - # aws configure - AWS Access Key ID [None]: - AWS Secret Access Key [None]: + aws configure + {aws} Access Key ID [None]: + {aws} Secret Access Key [None]: @@ -451,3 +451,3 @@ The profile name is configurable. The name chosen in this example is **cluster** - # aws configure –-profile cluster - AWS Access Key ID [None]: - AWS Secret Access Key [None]: + aws configure –-profile <cluster> + {aws} Access Key ID [None]: + {aws} Secret Access Key [None]: @@ -531 +529 @@ Target | i-xxxxinstidforhost1 -The preceding steps can also be performed programmatically. We suggest performing the steps using administrative privileges, instead of instance-based privileges to preserve least privilege. CreateRoute API isn't necessary for ongoing operations. +The preceding steps can also be performed programmatically. We suggest performing the steps using administrative privileges, instead of instance-based privileges to preserve least privilege. CreateRoute API isn’t necessary for ongoing operations. @@ -536 +534 @@ Run the following command as a dry run on both nodes to confirm that the instanc - aws ec2 replace-route --route-table-id rtb-xxxxxroutetable1 --destination-cidr-block 172.16.0.29/32 --instance-id i-xxxxinstidforhost1 --dry-run --profile <aws_cli_cluster_profile> + aws ec2 replace-route --route-table-id <rtb-xxxxxroutetable1> --destination-cidr-block <172.16.0.29/32> --instance-id <i-xxxxinstidforhost1> --dry-run --profile <aws_cli_cluster_profile> @@ -549 +547 @@ On EC2 instance 1, where you are installing SAP ASE database, add the overlay IP - ip addr add 172.16.0.29/32 dev eth0 + ip addr add <172.16.0.29/32> dev eth0 @@ -556,5 +554,4 @@ This is applicable to both cluster nodes. You must ensure that both instances ca - # cat /etc/hosts - 10.1.10.1 slxdbhost01.example.com slxdbhost01 - 10.1.20.1 slxdbhost02.example.com slxdbhost02 - 172.16.0.29 slxvdb.example.com slxvdb - + cat /etc/hosts + <10.1.10.1 slxdbhost01.example.com slxdbhost01> + <10.1.20.1 slxdbhost02.example.com slxdbhost02> + <172.16.0.29 slxvdb.example.com slxvdb> @@ -589 +586 @@ Select a file system based on your business requirements, evaluating the resilie -The SVM's DNS name is your simplest mounting option. The file system DNS name automatically resolves to the mount target's IP address on the Availability ZOne of the connecting Amazon EC2 instance. +The SVM’s DNS name is your simplest mounting option. The file system DNS name automatically resolves to the mount target’s IP address on the Availability ZOne of the connecting Amazon EC2 instance. @@ -626 +623 @@ You need to perform this step only on the primary Amazon EC2 instance for the in -Review the mount options to ensure that they match with your operating system, NFS file system type, and SAP's latest recommendations. +Review the mount options to ensure that they match with your operating system, NFS file system type, and SAP’s latest recommendations. @@ -631 +628 @@ Use the following command to check that the required file systems are available. - # df -h + df -h @@ -673 +670 @@ Using the overlay IP agent with a shared Amazon VPC requires a different set of -In sharing VPC account, create an IAM role to delegate permissions to the EC2 instances that will be part of the cluster. During the IAM Role creation, select “Another AWS account” as the type of trusted entity, and enter the AWS account ID where the EC2 instances will be deployed/running from. +In sharing VPC account, create an IAM role to delegate permissions to the EC2 instances that will be part of the cluster. During the IAM Role creation, select "Another AWS account" as the type of trusted entity, and enter the AWS account ID where the EC2 instances will be deployed/running from. @@ -699 +696 @@ After the IAM role has been created, create the following IAM policy on the shar -Next, edit move to the “Trust relationships” tab in the IAM role, and ensure that the AWS account you entered while creating the role has been correctly added. +Next, edit move to the "Trust relationships" tab in the IAM role, and ensure that the AWS account you entered while creating the role has been correctly added.