# Installing a connector on AWS ECS using Terraform

Connectors are secure on-prem components that link Apono and your resources:

* No secrets are read, cached, or stored.
* No account admin privileges need to be granted to Apono.
* The connector contacts your secret store or key vault to sync data or provision access.

Once set up, this connector will enable you to sync data from cloud applications and grant and revoke access permissions through Amazon Elastic Container Service (ECS).

***

### Prerequisites

<table><thead><tr><th width="202">Item</th><th>Description</th></tr></thead><tbody><tr><td><strong>AdminstratorAccess Role</strong></td><td><a href="https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AdministratorAccess.html">AWS role</a> that provides full access to AWS services and resources</td></tr><tr><td><strong>Apono Token</strong></td><td><p>Account-specific Apono authentication value<br><br>Use the following steps to obtain your token:</p><ol><li>On the <a href="https://app.apono.io/connectors"><strong>Connectors</strong></a> page, click <strong>Install Connector</strong>. The <strong>Install Connector</strong> page appears.</li><li>Click <strong>AWS > Install and Connect AWS Account. > Terraform (ECS)</strong>.</li><li>Copy the token in step listed on the page in step <strong>1</strong>.</li></ol></td></tr><tr><td><strong>Virtual Private Cloud (VPC) ID</strong></td><td><a href="https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-vpcs.html">Unique identifier for a virtual network</a> dedicated to an AWS account</td></tr><tr><td><strong>Subnet IDs</strong></td><td><a href="https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-subnets.html">Unique identifier for a specific subnet</a> within a VPC</td></tr><tr><td><strong>Terraform CLI</strong></td><td><a href="https://developer.hashicorp.com/terraform/downloads">HashiCorp's tool</a> for provisioning and managing infrastructure</td></tr></tbody></table>

***

### Install a connector

Use the following steps to install an Apono connector for AWS on ECS:

1. At the shell prompt, define an environment variable named `TF_VAR_APONO_TOKEN` with your Apono token value.

```sh
export TF_VAR_APONO_TOKEN="<APONO_TOKEN>"
export TF_VAR_REGION="<AWS_REGION>"
export TF_VAR_CONNECTOR_ID="<APONO_CONNECTOR_NAME>"
export TF_VAR_VPC_ID="<AWS_VPC_ID>"
export TF_VAR_SUBNET_IDS="<["SUBNET_ID1","SUBNET_ID2"]>"
export TF_VAR_TAGS="<{tag1="value1"}>"
```

2. In a new or existing Terraform (.tf) file, add the following provider and module information to create a connector [with permissions](#with-permissions) or [without permissions](#without-permissions).

{% hint style="warning" %}
When using the following snippets, be sure to use the correct value for `assignPublicIp`:

* `true`: Set when a subnet has an Internet Gateway
* `false`: Set shen a subnet has a NAT Gateway
  {% endhint %}

{% tabs %}
{% tab title="With Permissions" %}
Enables installing the connector in the cloud environment and managing access to resources, such as Amazon RDS, S3 buckets, EC2 machines, and self-hosted databases

{% code title="Terraform" overflow="wrap" %}

```
provider "aws" {
    region = "{var.REGION}"
}

module "apono-connector" {
    source = "github.com/apono-io/terraform-modules//aws/connector-with-permissions/stacks/apono-connector"
    connectorId = "{var.CONNECTOR_ID}"
    aponoToken = "{var.APONO_TOKEN}"
    vpcId = "{var.VPC_ID}"
    subnetIds = "{var.SUBNET_IDS}"
    assignPublicIp = true
    tags = "{var.TAGS}"
}
```

{% endcode %}
{% endtab %}

{% tab title="Without Permissions" %}
Enables installing the connector in the cloud environment but managing access to non-AWS resources, such as self-hosted databases

{% code title="Terraform" overflow="wrap" %}

```
provider "aws" {
    region = "{var.REGION}"
}

module "apono-connector" {
    source = "github.com/apono-io/terraform-modules//aws/connector-without-permissions/stacks/apono-connector"
    connectorId = "{var.CONNECTOR_ID}"
    aponoToken = "{var.APONO_TOKEN}"
    vpcId = "{var.VPC_ID}"
    subnetIds = "{var.SUBNET_IDS}"
    assignPublicIp = true
    tags = "{var.TAGS}"
}
```

{% endcode %}
{% endtab %}
{% endtabs %}

3. At the Terraform CLI, download and install the provider plugin and module.

```
terraform init
```

4. Apply the Terraform changes. The proposed changes and a confirmation prompt will be listed.

```
terraform apply
```

5. Enter *yes* to confirm deploying the changes to your AWS account.
6. On the [**Connectors**](https://app.apono.io/connectors) page, verify that the connector has been deployed.

***

### FAQ

<details>

<summary><strong>Can the Apono Terraform module be pinned to a version?</strong></summary>

Yes. You can append the version number to the `source` location with the `?ref=vX.X.X` query string.

The following example pins the version to **1.0.0** for a connector without permissions.

{% code title="Terraform" overflow="wrap" %}

```
provider "aws" {
    region = "{var.REGION}"
}

module "apono-connector" {
    source = "github.com/apono-io/terraform-modules//aws/connector-without-permissions/stacks/apono-connector"
    connectorId = "{var.CONNECTOR_ID}"
    aponoToken = "{var.APONO_TOKEN}"
    vpcId = "{var.VPC_ID}"
    subnetIds = "{var.SUBNET_IDS}"
    assignPublicIp = true
    tags = "{var.TAGS}"
}
```

{% endcode %}

</details>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apono.io/docs/aws-environment/apono-connector-for-aws/installing-a-connector-on-aws-ecs-using-terraform.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.