# Installing a connector on EKS using CloudFormation (AWS Organization)

Apono integrates seamlessly with AWS, using AWS CloudFormation to automate the deployment of all the necessary configurations:

* **Cross-account IAM role** with read permissions
* **Amazon SNS topic** for event notifications
* **Apono connector**, which runs on AWS EKS

Once installed, the connector syncs data from cloud applications and enables you to manage access permissions through access flows within Amazon EKS.

***

### Prerequisites

<table><thead><tr><th width="198.734375">Item</th><th>Description</th></tr></thead><tbody><tr><td><strong>AdminstratorAccess policy</strong></td><td><p>AWS role with <a href="https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AdministratorAccess.html">AdministratorAccess</a> policy providing full access to AWS services and resources, required for installing the connector</p><p><strong>Full AWS access is not granted to Apono</strong>.</p></td></tr><tr><td><strong>AWS Account connector</strong></td><td><p>Connector installed and deployed on EKS using Cloudformation for an AWS Account</p><p><br>Learn how to <a href="/pages/HA4x4VFiCLwYrFzY6E56">install a connector</a> for your AWS Account.</p></td></tr><tr><td><strong>Account-specific connector values</strong></td><td><p>CloudFormation values from your AWS Account installation</p><p>Copy the following values from CloudFormation:</p><ul><li>On the <strong>Outputs</strong> tab, copy the <strong>Value</strong> for the <strong>ConnectorRoleArnOutput</strong>.</li><li>On the <strong>Parameters</strong> tab, copy the <strong>Value</strong> for the <strong>AponoConnectorId</strong> key.</li></ul></td></tr></tbody></table>

***

### Install a connector for your AWS Organization

Using IAM role permissions, you can enable the Apono connector to manage an entire AWS Organization.

Follow these steps to install a connector for your AWS Organization:

1. Log in to the management account for your AWS Organization.
2. Obtain the parent organizational unit ID:
   1. From your user dropdown menu (at the top right of the page), click **Organization**.
   2. In the **Organization** section, copy the ID for the **Root**.
3. In [CloudFormation](https://console.aws.amazon.com/cloudformation/home#/stacks/quickcreate?templateURL=https%3A%2F%2Fapono-public.s3.amazonaws.com%2Fcloudformation%2Faws_organization_roles_only_integration_template.yml\&stackName=apono-aws-organization-integration), open the **Quick create stack**. The page will be populated with Apono's EKS organization roles [stack template](https://apono-public.s3.amazonaws.com/cloudformation/aws_organization_roles_only_integration_template.yml).
4. Under **Parameters**, enter values for the following fields:
   * **AponoConnectorId**: Value copied in [Prerequisites](#prerequisites).
   * **ConnectorRoleArn**: Value copied in [Prerequisites](#prerequisites).
   * **OrganizationalUnitId**: Root ID copied in step **2**.
5. Click **Create stack**.
6. On the [**Connectors**](https://app.apono.io/connectors) page, verify that the connector has been deployed.

After installation, you can now manage access across your AWS Organization from Apono.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apono.io/docs/aws-environment/apono-connector-for-aws/installing-a-connector-on-eks-using-cloudformation-aws-organization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.