# Connector Management ## What is a Connector The Apono Connector is an on-prem connection that can be used to connect resources to Apono and separate the Apono web app from the environment for [security purposes](https://docs.apono.io/docs/about-apono/security-and-architecture). You can view the recommended [AWS Installation Architecture](https://docs.apono.io/docs/about-apono/security-and-architecture#apono-and-aws),[ Azure Installation Architecture](https://docs.apono.io/docs/about-apono/security-and-architecture#apono-and-azure), or[ GCP Installation Architecture](https://docs.apono.io/docs/about-apono/security-and-architecture#apono-and-gcp). ## Automatic Installation Using AWS CloudFormation or GCP Deployment Manager, the Connector is seamlessly installed in the environment. * [Integrate with AWS](https://docs.apono.io/docs/aws-environment/aws-integrations) * [Integrate with Azure](https://docs.apono.io/docs/azure-environment/azure-integrations) * [Integrate with GCP](https://docs.apono.io/docs/gcp-environment/gcp-integrations) ## Advanced Installation * You can also choose to install the Connector on an [EKS](https://docs.apono.io/docs/aws-environment/aws-integrations/integrate-with-eks) or a [Kubernetes](https://docs.apono.io/docs/kubernetes-environment/kubernetes-integrations) cluster yourself. {% hint style="info" %} Just getting started? Read more about: {% endhint %} #### Required Permissions These are the required permissions for the Connector to function in AWS #### S3 ```json { "Statement": [ { "Action": [ "s3:GetBucketTagging", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": "arn:aws:s3:::*" } ], "Version": "2012-10-17" } { "Statement": [ { "Action": [ "iam:ListPolicies", "iam:CreateInstanceProfile" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:CreateInstanceProfile", "iam:GetRole", "iam:ListRoleTags", "iam:TagRole", "iam:CreateRole", "iam:DeleteRole", "iam:AttachRolePolicy", "iam:PutRolePolicy", "iam:AddRoleToInstanceProfile", "iam:ListInstanceProfilesForRole", "iam:DetachRolePolicy", "iam:ListAttachedRolePolicies", "iam:DeleteRolePolicy", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:UpdateAssumeRolePolicy" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::*", "arn:aws:iam::*:role/*", "arn:aws:iam::*:instance-profile/*" ] } ], "Version": "2012-10-17" } { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "tag:GetResources", "Resource": "*" } ] } ``` #### SSM ```json { "Statement": [ { "Action": [ "ssm:GetParameters*" ], "Effect": "Allow", "Resource": "arn:aws:ssm:*:*:parameter/*" }, { "Action": [ "ssm:DescribeParameters" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" } { "Statement": [ { "Action": [ "iam:ListPolicies", "iam:CreateInstanceProfile" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:CreateInstanceProfile", "iam:GetRole", "iam:ListRoleTags", "iam:TagRole", "iam:CreateRole", "iam:DeleteRole", "iam:AttachRolePolicy", "iam:PutRolePolicy", "iam:AddRoleToInstanceProfile", "iam:ListInstanceProfilesForRole", "iam:DetachRolePolicy", "iam:ListAttachedRolePolicies", "iam:DeleteRolePolicy", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:UpdateAssumeRolePolicy" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::*", "arn:aws:iam::*:role/*", "arn:aws:iam::*:instance-profile/*" ] } ], "Version": "2012-10-17" } { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "tag:GetResources", "Resource": "*" } ] } ``` #### IAM Policy ```json { "Statement": [ { "Action": [ "iam:ListPolicies", "iam:CreateInstanceProfile" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:CreateInstanceProfile", "iam:GetRole", "iam:ListRoleTags", "iam:TagRole", "iam:CreateRole", "iam:DeleteRole", "iam:AttachRolePolicy", "iam:PutRolePolicy", "iam:AddRoleToInstanceProfile", "iam:ListInstanceProfilesForRole", "iam:DetachRolePolicy", "iam:ListAttachedRolePolicies", "iam:DeleteRolePolicy", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:UpdateAssumeRolePolicy" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::*", "arn:aws:iam::*:role/*", "arn:aws:iam::*:instance-profile/*" ] } ], "Version": "2012-10-17" } { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "tag:GetResources", "Resource": "*" } ] } ```