search

Installing a connector on AWS ECS using Terraform

Create a connector on Amazon Elastic Container Service

Connectors are secure on-prem components that link Apono and your resources:

  • No secrets are read, cached, or stored.

  • No account admin privileges need to be granted to Apono.

  • The connector contacts your secret store or key vault to sync data or provision access.

Once set up, this connector will enable you to sync data from cloud applications and grant and revoke access permissions through Amazon Elastic Container Service (ECS).

hashtag
Prerequisites

Item
Description

AdminstratorAccess Role

AWS rolearrow-up-right that provides full access to AWS services and resources

Apono Token

Account-specific Apono authentication value Use the following steps to obtain your token:

  1. On the Connectorsarrow-up-right page, click Install Connector. The Install Connector page appears.

  2. Click AWS > Install and Connect AWS Account. > Terraform (ECS).

  3. Copy the token in step listed on the page in step 1.

Virtual Private Cloud (VPC) ID

Unique identifier for a virtual networkarrow-up-right dedicated to an AWS account

Subnet IDs

Unique identifier for a specific subnetarrow-up-right within a VPC

Terraform CLI

HashiCorp's toolarrow-up-right for provisioning and managing infrastructure

hashtag
Install a connector

Use the following steps to install an Apono connector for AWS on ECS:

  1. At the shell prompt, define an environment variable named TF_VAR_APONO_TOKEN with your Apono token value.

export TF_VAR_APONO_TOKEN="<APONO_TOKEN>"
export TF_VAR_REGION="<AWS_REGION>"
export TF_VAR_CONNECTOR_ID="<APONO_CONNECTOR_NAME>"
export TF_VAR_VPC_ID="<AWS_VPC_ID>"
export TF_VAR_SUBNET_IDS="<["SUBNET_ID1","SUBNET_ID2"]>"
export TF_VAR_TAGS="<{tag1="value1"}>"

  1. In a new or existing Terraform (.tf) file, add the following provider and module information to create a connector with permissions or without permissions.

circle-exclamation

When using the following snippets, be sure to use the correct value for assignPublicIp:

  • true: Set when a subnet has an Internet Gateway

  • false: Set shen a subnet has a NAT Gateway

Enables installing the connector in the cloud environment and managing access to resources, such as Amazon RDS, S3 buckets, EC2 machines, and self-hosted databases

  1. At the Terraform CLI, download and install the provider plugin and module.

  1. Apply the Terraform changes. The proposed changes and a confirmation prompt will be listed.

  1. Enter yes to confirm deploying the changes to your AWS account.

  2. On the Connectorsarrow-up-right page, verify that the connector has been deployed.

hashtag
FAQ

chevron-rightCan the Apono Terraform module be pinned to a version?hashtag

Yes. You can append the version number to the source location with the ?ref=vX.X.X query string.

The following example pins the version to 1.0.0 for a connector without permissions.

PreviousInstalling a connector on AWS ECS using Terraform (AWS Organization)NextInstalling a connector on EKS using CloudFormation

Last updated

Was this helpful?