# Integrating with Apono
## Integrating with Apono
## Intro
In order to manage just-in-time access, Apono needs to integrate with your cloud applications. Our integration:
1. Syncs data on users, resources and permissions
2. Automates granting and revoking of users' access to cloud resources
Each integration requires:
1. An installed connector in your cloud environment
2. A specific configuration, which may include:
1. A role created for Apono
2. Metadata like proxy address, hostname, port, region, clusters, secret store, etc.\
To learn more about each integration's required config, visit the integration guide or our [Metadata for Integration Config](https://docs.apono.io/metadata-for-integration-config) guides.
{% hint style="info" %}
Apono's unique architecture makes the integration extra secure. Learn more [here](https://docs.apono.io/docs/about-apono/security-and-architecture).
{% endhint %}
## How it works
1. Install a connector
1. A connector can be installed on AWS *(using Cloudformation \[ECS], Terraform \[EKS], CLI \[EKS])* , GCP *(using CLI \[GKE])*, Azure *(using Terraform or CLI)* or Kubernetes *(using Terraform or Helm)*.
2. Follow [this guide](https://docs.apono.io/docs/connectors-and-secrets/connector-management)\
\
**NOTE**: If you have installed a connector in the past, you may use it for more than 1 integration
2. Follow the integration guide\
Per each integration's requirements, supply Apono with:
1. The role or permission needed to manage access
2. The metadata to complete the integration\
\
**NOTE**: During this process, you may be required to leave Apono and complete some steps in the source application portal
3. Give the integration a name
1. The integration name is used when creating Access Flows
2. This name will be displayed to end-users when creating access requests
4. Wait for the first sync to complete
1. Follow the status in the Integrations page Connected tab. A healthy integration looks like this:\
2. In case of an error, follow our [troubleshoot guide](https://docs.apono.io/docs/help-and-debugging/troubleshooting-errors)
5. All set! [Create Access Flows](https://docs.apono.io/docs/access-flows/access-flows) with your new integration
This is what a healthy AWS Account integration process looks like when using an existing connector:
### Integration types
Apono currently supports 3 types of integrations:
1. Resources - these integrations sync data on resources and permissions. Apono then manages JIT access to these resources by granting and revoking users' access based on the Access Flows.
1. Cloud infrastructure
2. Databases
3. CI/CD and development tools
4. Network and VPN
5. IdP groups
2. User information - these integrations sync data on your users and their attributes, like manager, shift, groups, etc.
1. Identity providers (IdP)
2. Incident response/on-call tools
3. IT service management (ITSM) tools
3. Communications (chat-ops)
Browse our [integrations catalog](https://app.apono.io/catalog) in the Apono app.
### Integrating cloud environments
#### Overview
Whether you manage your cloud environment in AWS, GCP or Azure, Apono lets you integrate all your cloud services at once!
This means you can manage your entire environment with Apono in a single integration: Apono integrates multiple cloud services from the same AWS Account, GCP Project or Azure Subscription.
**In AWS**, simply install the connector and secret on any Account you'd like to manage, provide the region and we will do the rest: we'll sync all your resource types, like EC2, RDS, S3 buckets, IAM roles\&policies, ECR, EKS, and more all at once.
**In GCP**, simply install the connector and secret on any Project you'd like to manage and we will do the rest: we'll sync all your resource types, like BigQuery tables, Spanner, Storage, and more all at once.
**In Azure**, simply install the connector and secret on any Subscription you'd like to manage, and we will do the rest: we'll sync all your resource types, like Storage, MySQL, PostgreSQL, and more all at once.
#### How it works
1. Go to the Apono **Integrations page** and click the **Catalog tab**.
2. **Pick your cloud provider**: AWS, GCP or Azure
3. Pick the level you'd like to integrate on:
1. AWS:
1. Pick Organization to manage access to the SSO Identity Center
2. Pick Account to sync and manage access to a specific Account and multiple services it contains
2. GCP
1. Pick Organization to manage access to the Organization or Folder roles.
2. Pick Project to sync and manage access to a specific Project and multiple services it contains
3. Azure
1. Pick Subscription to sync and manage access to a specific Resource Group and multiple services it contains
4. Provide Apono with the **required configuration**, and you're done! We'll sync all the services for you.
5. You'll be redirected to the **Connected tab**, where you can see your integrations and all the services or resource types that were synced for it.\
This is also the place to see and troubleshoot integration errors and create new Access Flows.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.apono.io/docs/getting-started/integrating-with-apono.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
