AWS sap documentation change
Summary
Restructured CI/CD documentation, added AWS CodeCommit to the automation suite, expanded environment isolation details, and updated monitoring tools
Security assessment
The change adds explicit security documentation by emphasizing environment isolation through separate AWS accounts/permission boundaries and mentions DevOps Agent for monitoring. It describes secure access control via IAM and secure Git-based source control in CodeCommit. However, there's no evidence of addressing a specific security vulnerability.
Diff
diff --git a/sap/latest/general/rise-change-management-for-aws.md b/sap/latest/general/rise-change-management-for-aws.md index 11ba2e6bd..ed292a209 100644 --- a//sap/latest/general/rise-change-management-for-aws.md +++ b//sap/latest/general/rise-change-management-for-aws.md @@ -6,0 +7,2 @@ +CI/CD Automation Suite + @@ -9 +11,5 @@ -You manage the change management of the AWS services that are connected to RISE with SAP; therefore, AWS provides services to automate pipeline provisioning and control. [AWS for DevOps](https://aws.amazon.com/devops/) provides a comprehensive set of flexible services designed to help companies build and deliver products more rapidly and reliably using AWS and DevOps practices. +You manage the change management of the AWS services that are connected to RISE with SAP; therefore, AWS provides services to automate pipeline provisioning and control. + +[AWS for DevOps](https://aws.amazon.com/devops/) provides a comprehensive set of flexible services designed to help companies build and deliver products more rapidly and reliably using AWS and DevOps practices. These services simplify infrastructure provisioning, application code deployment, software release process automation, and performance monitoring. For more information, see [AWS for DevOps](https://aws.amazon.com/devops/). + +AWS offers fully managed services that require no setup, are ready to use with an AWS account, and can scale from a single instance to thousands. The platform supports automation of manual tasks, secure access control through IAM, and integrates with a large ecosystem of partners. @@ -11 +17 @@ You manage the change management of the AWS services that are connected to RISE -These services simplify infrastructure provisioning, application code deployment, software release process automation, and performance monitoring. AWS offers fully managed services that require no setup, are ready to use with an AWS account, and can scale from a single instance to thousands. The platform supports automation of manual tasks, secure access control through IAM, and integrates with a large ecosystem of partners. +## CI/CD Automation Suite @@ -13 +19 @@ These services simplify infrastructure provisioning, application code deployment -[AWS CodePipeline](https://aws.amazon.com/codepipeline/), [AWS CodeBuild](https://aws.amazon.com/codebuild/), and [AWS CodeDeploy](https://aws.amazon.com/codedeploy/) together form a highly effective CI/CD automation suite that supports synchronized deployments across development (dev), pre-production (pre-prd), and production (prd) landscapes by enabling automated build, test, and deployment workflows that are tailored for multi-environment scenarios. +[AWS CodePipeline](https://aws.amazon.com/codepipeline/), [AWS CodeBuild](https://aws.amazon.com/codebuild/), [AWS CodeDeploy](https://aws.amazon.com/codedeploy/), and [AWS CodeCommit](https://aws.amazon.com/codecommit/) together form a highly effective CI/CD automation suite that supports synchronized deployments across development (dev), pre-production (pre-prd), and production (prd) landscapes by enabling automated source control, build, test, and deployment workflows that are tailored for multi-environment scenarios. @@ -15 +21 @@ These services simplify infrastructure provisioning, application code deployment -How the Services Work Together +### How the Services Work Together @@ -17 +23 @@ How the Services Work Together - * CodePipeline orchestrates the workflow by connecting stages for source, build, test, and deploy actions across environments. + * **AWS CodeCommit** : Provides a fully managed, secure Git-based source control repository for storing SAP custom code, Fiori apps, BTP extensions, and configuration files. Acts as the source stage that triggers the CI/CD pipeline on every commit. @@ -19 +25 @@ How the Services Work Together - * CodeBuild handles compiling, packaging, and testing code for each environment (dev, pre-prd, prd), offering isolation for dependencies and configuration. + * **AWS CodePipeline** : Orchestrates the workflow by connecting stages for source, build, test, and deploy actions across environments. @@ -21 +27 @@ How the Services Work Together - * CodeDeploy manages the deployment process to targets such as EC2, ECS, Lambda, and supports advanced strategies like blue/green and canary deployments for safe releases to production. + * **AWS CodeBuild** : Handles compiling, packaging, and testing code for each environment (dev, pre-prd, prd), offering isolation for dependencies and configuration. @@ -22,0 +29 @@ How the Services Work Together + * **AWS CodeDeploy** : Manages the deployment process to targets such as EC2, ECS, Lambda, and supports advanced strategies like blue/green and canary deployments for safe releases to production. @@ -26 +32,0 @@ How the Services Work Together -Multi-Environment Design @@ -28 +34 @@ Multi-Environment Design - * Separate pipelines or stages can be configured for dev, pre-prd, and prd. Typically: +### Multi-Environment Design @@ -30 +36 @@ Multi-Environment Design - * A new commit triggers a pipeline that builds in dev, runs automatic tests, and deploys to the dev landscape. +Separate pipelines or stages can be configured for dev, pre-prd, and prd. Typically: @@ -32 +38 @@ Multi-Environment Design - * Upon successful tests, a manual or automated approval can promote the artifact to pre-prd for further integration or user acceptance testing. + 1. A new commit to CodeCommit triggers a pipeline that builds in dev, runs automatic tests, and deploys to the dev landscape. @@ -34 +40 @@ Multi-Environment Design - * After all checks in pre-prd, another approval or trigger deploys the artifact to prd, leveraging deployment strategies to minimize risk. + 2. Upon successful tests, a manual or automated approval can promote the artifact to pre-prd for further integration or user acceptance testing. @@ -36 +42 @@ Multi-Environment Design - * Best practice is to isolate environments using separate AWS accounts or permission boundaries to enhance security and traceability. + 3. After all checks in pre-prd, another approval or trigger deploys the artifact to prd, leveraging deployment strategies to minimize risk. @@ -41 +47,3 @@ Multi-Environment Design -Key Considerations for DEV, PRE-PRD, PRD CI/CD +Best practice is to isolate environments using separate AWS accounts or permission boundaries to enhance security and traceability. + +### Key Considerations for DEV, PRE-PRD, PRD CI/CD @@ -51 +59 @@ Key Considerations for DEV, PRE-PRD, PRD CI/CD - * Enable monitoring (CloudWatch/X-Ray) and restrict direct environment access, particularly for the production landscape. + * Enable monitoring (CloudWatch/X-Ray, DevOps Agent) and restrict direct environment access, particularly for the production landscape. @@ -60 +68,3 @@ This modular and environment-aware CI/CD setup automates releases, enables fast - + + +The preceding diagram describes how you can implement DevOps in AWS alongside SAP solutions.