Azure Container Instances (ACI) is a managed, serverless compute platform for running containerized applications. This guide explains how to install and configure an Apono connector on ACI in your Azure environment using PowerShell.
Management Group Subscription
Follow these steps to install a new connector:
At the shell prompt, set the environment variables.
Copy APONO_CONNECTOR_ID =< A_UNIQUE_CONNECTOR_NAME >
APONO_TOKEN =< APONO_TOKEN >
SUBSCRIPTION_ID =< AZURE_SUBSCRIPTION_ID >
RESOURCE_GROUP_NAME =< AZURE_RESOURCE_GROUP_NAME >
MANAGEMENT_GROUP_NAME =< AZURE_MANAGEMENT_GROUP_NAME > Log in to your Azure account.
Set the REGION environment variable.
Copy $REGION =$ ( Get-AzResourceGroup - Name $RESOURCE_GROUP_NAME).Location Run the following command to deploy the connector on your ACI.
Copy $port = New-AzContainerInstancePortObject - Port 80 - Protocol TCP
$env_var1 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_CONNECTOR_ID" - Value $APONO_CONNECTOR_ID
$env_var2 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_TOKEN" - Value $APONO_TOKEN
$env_var3 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_URL" - Value "api.apono.io"
$jsonValue = @ {
cloud_provider = "AZURE"
subscription_id = $SUBSCRIPTION_ID
resource_group = $RESOURCE_GROUP_NAME
region = $REGION
is_azure_admin = $true
} | ConvertTo-Json - Compress
$env_var4 = New-AzContainerInstanceEnvironmentVariableObject - Name "CONNECTOR_METADATA" - Value $jsonValue
$container = New-AzContainerInstanceObject - Image registry.apono.io / apono - connector:v1. 6.7 - Name $APONO_CONNECTOR_ID - Port @ ($port) - EnvironmentVariable @ ($env_var1 , $env_var2 , $env_var3 , $env_var4) - RequestCpu 1 - RequestMemoryInGb 1.5
$imageRegistryCredential = New-AzContainerGroupImageRegistryCredentialObject - Server "registry.apono.io" - Username "apono" - Password ( ConvertTo-SecureString $APONO_TOKEN - AsPlainText - Force)
$PRINCIPAL_ID =$ ( New-AzContainerGroup - SubscriptionId $SUBSCRIPTION_ID - ResourceGroupName $RESOURCE_GROUP_NAME - Name $APONO_CONNECTOR_ID - Container $container - OsType Linux - ImageRegistryCredential $imageRegistryCredential - Location $REGION - IdentityType "SystemAssigned" ).IdentityPrincipalId Add the User Access Administrator role to the connector in the management group scope.
Copy New-AzRoleAssignment - ObjectId $PRINCIPAL_ID - ObjectType "ServicePrincipal" - RoleDefinitionName "User Access Administrator" - Scope / providers / Microsoft.Management / managementGroups / $MANAGEMENT_GROUP_NAME For Azure AD, add the Director Readers role to the connector. For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.
Azure AD Azure AD Groups
Copy $payload = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload
Copy # First role assignment
$payload1 = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload1
# Second role assignment
$payload2 = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "e8611ab8-c189-46e8-94e1-60213ab1f814"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload2 On the Connectors
You can now integrate with an Azure Management Group or Azure Subscription .
Follow these steps to install a new connector:
Export the following environment variables.
Copy APONO_CONNECTOR_ID =< A_UNIQUE_CONNECTOR_NAME >
APONO_TOKEN =< APONO_TOKEN >
SUBSCRIPTION_ID =< AZURE_SUBSCRIPTION_ID >
RESOURCE_GROUP_NAME =< AZURE_RESOURCE_GROUP_NAME > Log in to your Azure account.
Set the REGION environment variable.
Copy $REGION =$ ( Get-AzResourceGroup - Name $RESOURCE_GROUP_NAME).Location Run the following command to deploy the connector on your ACI.
Copy $port = New-AzContainerInstancePortObject - Port 80 - Protocol TCP
$env_var1 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_CONNECTOR_ID" - Value $APONO_CONNECTOR_ID
$env_var2 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_TOKEN" - Value $APONO_TOKEN
$env_var3 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_URL" - Value "api.apono.io"
$jsonValue = @ {
cloud_provider = "AZURE"
subscription_id = $SUBSCRIPTION_ID
resource_group = $RESOURCE_GROUP_NAME
region = $REGION
is_azure_admin = $true
} | ConvertTo-Json - Compress
$env_var4 = New-AzContainerInstanceEnvironmentVariableObject - Name "CONNECTOR_METADATA" - Value $jsonValue
$container = New-AzContainerInstanceObject - Image registry.apono.io / apono - connector:v1. 6.7 - Name $APONO_CONNECTOR_ID - Port @ ($port) - EnvironmentVariable @ ($env_var1 , $env_var2 , $env_var3 , $env_var4) - RequestCpu 1 - RequestMemoryInGb 1.5
$imageRegistryCredential = New-AzContainerGroupImageRegistryCredentialObject - Server "registry.apono.io" - Username "apono" - Password ( ConvertTo-SecureString $APONO_TOKEN - AsPlainText - Force)
$PRINCIPAL_ID =$ ( New-AzContainerGroup - SubscriptionId $SUBSCRIPTION_ID - ResourceGroupName $RESOURCE_GROUP_NAME - Name $APONO_CONNECTOR_ID - Container $container - OsType Linux - ImageRegistryCredential $imageRegistryCredential - Location $REGION - IdentityType "SystemAssigned" ).IdentityPrincipalId Add the User Access Administrator role to the connector in the subscription scope.
Copy New-AzRoleAssignment - ObjectId $PRINCIPAL_ID - ObjectType "ServicePrincipal" - RoleDefinitionName "User Access Administrator" - Scope / subscriptions / $SUBSCRIPTION_ID For Azure AD, add the Director Readers role to the connector. For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.
Azure AD Azure AD Groups
Copy $payload = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload
Copy # First role assignment
$payload1 = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload1
# Second role assignment
$payload2 = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "e8611ab8-c189-46e8-94e1-60213ab1f814"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload2 On the Connectors
You can now create integrate with an Azure Management Group or Azure Subscription .
