Installing a connector on AWS ECS using Terraform
Create a connector on Amazon Elastic Container Service
Overview
Connectors are secure on-prem components that link Apono and your resources:
- No secrets are read, cached, or stored.
- No account admin privileges need to be granted to Apono.
- The connector contacts your secret store or key vault to sync data or provision access.
Once set up, this connector will enable you to sync data from cloud applications and grant and revoke access permissions through Amazon Elastic Container Service (ECS).
Prerequisites
Item | Description |
---|---|
AdminstratorAccess Role | AWS role that provides full access to AWS services and resources |
Apono Token | Account-specific Apono authentication value Use the following steps to obtain your token:
|
Virtual Private Cloud (VPC) ID | Unique identifier for a virtual network dedicated to an AWS account |
Subnet IDs | Unique identifier for a specific subnet within a VPC |
Terraform CLI | HashiCorp's tool for provisioning and managing infrastructure |
Install a connector
Use the following steps to install an Apono connector for AWS on ECS:
-
In a new or existing Terraform (.tf) file, add the following provider and module information to create a connector with permissions or without permissions:
-
With permissions: Enables installing the connector in the cloud environment and managing access to resources, such as Amazon RDS, S3 buckets, EC2 machines, and self-hosted databases
provider "aws" { region = "REGION" } module "apono-connector" { source = "github.com/apono-io/terraform-modules/aws/connector-with-permissions/stacks/apono-connector" connectorId = "CONNECTOR_NAME" aponoToken = "APONO_TOKEN" vpcId = "VPC_ID" subnetIds = ["SUBNET_ID1","SUBNET_ID2"] assignPublicIp = true }
-
Without permissions: Enables installing the connector in the cloud environment but managing access to non-AWS resources, such as self-hosted databases
provider "aws" { region = "REGION" } module "apono-connector" { source = "github.com/apono-io/terraform-modules/aws/connector-without-permissions/stacks/apono-connector" connectorId = "CONNECTOR_NAME" aponoToken = "APONO_TOKEN" vpcId = "VPC_ID" subnetIds = ["SUBNET_ID1","SUBNET_ID2"] assignPublicIp = true }
Be sure to define the values for the
region
,connectorId
(the name you assign to the connector),aponoToken
,vpcId
, andsubnetIds
.Also note the following when defining
assignPublicIp
:- When a subnet has an Internet Gateway, set the value to
true
. - When a subnet has a NAT Gateway , set the value to
false
.
-
- At the Terraform CLI, download and install the provider plugin and module.
terraform init
- Apply the Terraform changes. The proposed changes and a confirmation prompt will be listed.
terraform apply
- Enter yes to confirm deploying the changes to your AWS account.
- On the Connectors page, verify that the connector has been deployed.
Updated 3 months ago