Connector Management

What's an Apono Connector?

What is a Connector

The Apono Connector is an on-prem connection that can be used to connect resources to Apono and separate the Apono web app from the environment for security purposes.

You can view the recommended AWS Installation Architecture, Azure Installation Architecture, or GCP Installation Architecture.

Automatic Installation

Using AWS CloudFormation or GCP Deployment Manager, the Connector is seamlessly installed in the environment.

Advanced Installation

You can also choose to install the Connector on an EKS or a Kubernetes cluster yourself.

Just getting started? Read more about:

Required Permissions

These are the required permissions for the Connector to function in AWS

S3

{
    "Statement": [
        {
            "Action": [
                "s3:GetBucketTagging",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::*"
        }
    ],
    "Version": "2012-10-17"
}

{
    "Statement": [
        {
            "Action": [
                "iam:ListPolicies",
                "iam:CreateInstanceProfile"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:GetRole",
                "iam:ListRoleTags",
                "iam:TagRole",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:AttachRolePolicy",
                "iam:PutRolePolicy",
                "iam:AddRoleToInstanceProfile",
                "iam:ListInstanceProfilesForRole",
                "iam:DetachRolePolicy",
                "iam:ListAttachedRolePolicies",
                "iam:DeleteRolePolicy",
                "iam:ListRolePolicies",
                "iam:GetRolePolicy",
                "iam:UpdateAssumeRolePolicy"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*",
                "arn:aws:iam::*:role/*",
                "arn:aws:iam::*:instance-profile/*"
            ]
        }
    ],
    "Version": "2012-10-17"
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "tag:GetResources",
            "Resource": "*"
        }
    ]
}

SSM

{
    "Statement": [
        {
            "Action": [
                "ssm:GetParameters*"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:ssm:*:*:parameter/*"
        },
        {
            "Action": [
                "ssm:DescribeParameters"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ],
    "Version": "2012-10-17"
}

{
    "Statement": [
        {
            "Action": [
                "iam:ListPolicies",
                "iam:CreateInstanceProfile"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:GetRole",
                "iam:ListRoleTags",
                "iam:TagRole",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:AttachRolePolicy",
                "iam:PutRolePolicy",
                "iam:AddRoleToInstanceProfile",
                "iam:ListInstanceProfilesForRole",
                "iam:DetachRolePolicy",
                "iam:ListAttachedRolePolicies",
                "iam:DeleteRolePolicy",
                "iam:ListRolePolicies",
                "iam:GetRolePolicy",
                "iam:UpdateAssumeRolePolicy"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*",
                "arn:aws:iam::*:role/*",
                "arn:aws:iam::*:instance-profile/*"
            ]
        }
    ],
    "Version": "2012-10-17"
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "tag:GetResources",
            "Resource": "*"
        }
    ]
}

IAM Policy

{
    "Statement": [
        {
            "Action": [
                "iam:ListPolicies",
                "iam:CreateInstanceProfile"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "iam:CreateInstanceProfile",
                "iam:GetRole",
                "iam:ListRoleTags",
                "iam:TagRole",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:AttachRolePolicy",
                "iam:PutRolePolicy",
                "iam:AddRoleToInstanceProfile",
                "iam:ListInstanceProfilesForRole",
                "iam:DetachRolePolicy",
                "iam:ListAttachedRolePolicies",
                "iam:DeleteRolePolicy",
                "iam:ListRolePolicies",
                "iam:GetRolePolicy",
                "iam:UpdateAssumeRolePolicy"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::*",
                "arn:aws:iam::*:role/*",
                "arn:aws:iam::*:instance-profile/*"
            ]
        }
    ],
    "Version": "2012-10-17"
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "tag:GetResources",
            "Resource": "*"
        }
    ]
}

Last updated 21 days ago

Was this helpful?

hashtagWhat is a Connector

hashtagAutomatic Installation

hashtagAdvanced Installation

hashtagRequired Permissions

hashtagS3

hashtagSSM

hashtagIAM Policy

What is a Connector

Automatic Installation

Advanced Installation

Required Permissions

S3

SSM

IAM Policy