Installing a connector on EKS using CloudFormation (AWS Organization)
Create a connector on Amazon Elastic Kubernetes Service (EKS)
Apono integrates seamlessly with AWS, using AWS CloudFormation to automate the deployment of all the necessary configurations:
Cross-account IAM role with read permissions
Amazon SNS topic for event notifications
Apono connector, which runs on AWS EKS
Once installed, the connector syncs data from cloud applications and enables you to manage access permissions through access flows within Amazon EKS.
Prerequisites
AdminstratorAccess policy
AWS role with AdministratorAccess policy providing full access to AWS services and resources, required for installing the connector
Full AWS access is not granted to Apono.
AWS Account connector
Connector installed and deployed on EKS using Cloudformation for an AWS Account
Learn how to install a connector for your AWS Account.
Account-specific connector values
CloudFormation values from your AWS Account installation
Copy the following values from CloudFormation:
On the Outputs tab, copy the Value for the ConnectorRoleArnOutput.
On the Parameters tab, copy the Value for the AponoConnectorId key.
Install a connector for your AWS Organization
Using IAM role permissions, you can enable the Apono connector to manage an entire AWS Organization.
Follow these steps to install a connector for your AWS Organization:
Log in to the management account for your AWS Organization.
Obtain the parent organizational unit ID:
From your user dropdown menu (at the top right of the page), click Organization.
In the Organization section, copy the ID for the Root.
In CloudFormation, open the Quick create stack. The page will be populated with Apono's EKS organization roles stack template.
Under Parameters, enter values for the following fields:
AponoConnectorId: Value copied in Prerequisites.
ConnectorRoleArn: Value copied in Prerequisites.
OrganizationalUnitId: Root ID copied in step 2.
Click Create stack.
On the Connectors page, verify that the connector has been deployed.
After installation, you can now manage access across your AWS Organization from Apono.
Last updated
Was this helpful?
