parser: v2

author_name: Madeline Schaefer

author_profile: https://github.com/Madeline-Schaefer

auto_validation: true

time: 20

tags: [ tutorial>beginner, software-product-function>sap-btp-cockpit, software-product>sap-business-technology-platform, tutorial>license, software-product-function>sap-btp-command-line-interface, software-product-function>sap-private-link-Service]

primary_tag: software-product-function>sap-btp-cockpit

<!-- description --> Connect SAP Private Link service to AWS Private Link Service with Cloud Foundry CLI and bind the service instance to your app or create a service key.

- You have a global account and subaccount on SAP Business Technology Platform with SAP Private Link service entitlement: [Set Up SAP Private Link Service](developers-qa-blue.wcms-nonprod.c.eu-de-2.cloud.sap/tutorials/private-link-onboarding).

- You have created an AWS Private Link Service in the Amazon VPC Console. [Create a service powered by AWS Private Link](https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html).

- You have installed Cloud Foundry CLI. See [Install the Cloud Foundry Command Line Interface (CLI)](developers.sap.com/tutorials/cp-cf-download-cli).

- How to create an SAP Private Link service instance to connect to your AWS Private Link Service using Cloud Foundry CLI.

- How to bind the service instance to your application using Cloud Foundry CLI.

SAP Private Link service establishes a private connection between applications running on SAP BTP and selected services in your own IaaS provider accounts. By reusing the private link functionality of our partner IaaS providers, you can access your services through private network connections to avoid data transfer via the public internet.

<!-- border -->

After you've logged in to the BTP Cloud Foundry region as described in [Install the Cloud Foundry Command Line Interface (CLI)](developers.sap.com/tutorials/cp-cf-download-cli.), please access the **Service Marketplace** of SAP BTP. To do this, open a command prompt on your computer and type in the following:

``Shell/Bash

cf marketplace

``

Make sure you can see `privatelink` in the sample output.

To create and enable a private link, you need to define the connection to the service first. To do so, you need the service name of the endpoint service that you created as part of the prerequisites:

1. Go to the VPC console.

<!-- border -->

2. Navigate to the **Endpoint Services**.

3. Search for the endpoint service you want to connect, select it and copy the Service name from the **Details** tab. You need it in the next step.

<!-- border -->

Currently, you do not have any service instances enabled. Therefore, you need to create one. To create a new private link, you need the following information:

- service offering (`private link`),

- service plan (`standard`),

- a unique name (for instance, `privatelink-test`),

- service name from AWS (for example, `com.amazonaws.vpce.us-east-1.<service-id>`).

Enter `cf create-service` and add that information. Your command should look like this:

`cf create-service privatelink standard privatelink-test -c '{"serviceName": "com.amazonaws.vpce.us-east-1.<service-id>"}'

`

If the creation of the service instance was accepted, you receive a success message telling you to proceed.

To check the current status of the newly created service instance, you need the name of your service instance (in this example `privatelink-test`). Type in the following:

Under "message", you can see the current status. Please renew the command after approximately one minute. You should see the following message:

Copy the VPC Endpoint ID from the success message. You need it in the next step.

Return to the VPC console:

1. Navigate to the **Endpoint Services**.

2. Select the endpoint service you want to connect to.

3. Go to **Endpoint Connections**.

4. Search for the endpoint ID and select the connection request.

5. Accept the endpoint connection request by pressing on **Actions > Accept endpoint connection request**.

<!-- border -->

You should now receive a success message that the approval is pending.

To check the current status of the newly created service instance, you need the name of your service instance (in this example `privatelink-test`). Type in the following:

You should see the following success message:

Upon the creation of a binding between a CF application and a private link service instance, Private Link service creates a space-scoped [Cloud Foundry application security group](https://docs.cloudfoundry.org/concepts/asg.html) hat enables network access to the IP address associated with the private endpoint.

To bind the service instance to your application, You need to know the name of your application and your service instance (in this example `privatelink-test`). Then, execute the following command:

For more information, see [Binding Credentials](https://help.sap.com/docs/PRIVATE_LINK/d5fcaf2c5262485a87c6143b61b2c76b/6d1453baa5fa4e8fb3297e53ceb96bf6.html?locale=en-US&state=DRAFT#binding-credentials).

Congratulations! You have successfully completed the tutorial.