search

Installing a connector on ECS using CloudFormation to manage EKS clusters

Install the Apono connector on Amazon ECS to manage your EKS clusters in an AWS Organization

Apono integrates seamlessly with your AWS Organization, using CloudFormation to automate the deployment of all the necessary configurations:

  • Cross-account IAM role with read permissions

  • Amazon SNS topic for event notifications

  • Apono connector, which runs on AWS Elastic Container Service (ECS)

Once installed, the connector syncs data from cloud applications and enables you to manage access to your Elastic Kubernetes Service (EKS) clusters.

hashtag
Prerequisites

Item
Description

AWS IAM Role

IAM role with permissions to manage EKS resources in your AWS Organization

We recommend AdministratorAccessarrow-up-right for connector deployment, but this policy is not required. Apono supports Amazon’s EKS permission modelsarrow-up-right.

Full AWS access is not granted to Apono.

OrganizationID

Unique identifier of the Organization that will be connected via the integration (ex. o-k012345a67)

Follow these steps to find your OrganizationUnitID:

  1. Your AWS console settings, click Organization. The AWS accounts page appears.

  2. In the left navigation, click Settings. The Settings page appears.

  3. Under Organization details, copy your OrganizationID.

OrganizationUnitID

Root ID for the AWS Organization Unit that will be connected via the integration (ex. r-1a2b)

Follow these steps to obtain your OrganizationUnitID:

  1. In your IAM Identity Center, expand Multi-account permissions.

  2. Click AWS accounts. The AWS accounts page appears.

  3. In the Organizational structure section, copy the ID from the Root folder. This is the parent organizational unit for all accounts in your organization.

VPC

Virtual Private Cloud (VPC) with outbound connectivity

Subnet

One or more Subnet IDs within the selected VPC where the connector resources will run

Permission

Full access (Manage IAM) permissions to enable the connector to create and manage the required IAM resources during deployment

hashtag
Install the connector

Follow these steps to install the connector:

  1. Start integrating your AWS Organization (steps 1-4).

  2. From the Select Connector dropdown menu, click + Add new connector. The Select connector installation strategy section appears.

circle-check

If you choose an existing connector, we recommend updating the connector in CloudFormation.

  1. Click Cloud installation > CloudFormation (ECS).

  2. Under Follow these steps to install connector, click Open Cloud Formation. AWS CloudFormation opens. The Create stack page appears with one of Apono's stack templates.

circle-info

If you are not already signed in, AWS will prompt you to log in to your AWS Management account.

  1. From the settings dropdown at the top of the page, select your Region.

  2. Enter the Stack name.

  3. Define the following Parameters:

    1. Enter the AponoConnectorId. This can be any alphanumeric name to identify the connector.

    2. Enter your OrganizationId.

    3. Enter your OrganizationUnitId.

    4. From the Permissions dropdown menu, select Full-Access (Manage IAM).

    5. Select one or more SubnetIDs.

    6. Select one or more VpcId parameters.

  4. Under Capabilities, select I acknowledge that AWS CloudFormation might create IAM resources with custom names.

  5. Click Create stack.

  6. On the Connectorsarrow-up-right page, verify that the connector has been deployed.

  7. Complete the integration (steps 6-10).

PreviousInstalling a connector on EKS using CloudFormationNextUpdating a connector in AWS

Last updated

Was this helpful?