Integrate an AWS account or organization

Overview

Apono offers AWS users a simple way to centralize cloud management through our platform. Through a single integration, you can manage multiple AWS services across various accounts and organizations.

Integrate an AWS account

Prerequisites

Apono connector installed in your AWS account
To sync and manage access to EC2 servers, make sure you add the AmazonSSMManagedInstanceCore policy to the connector's IAM role

Integration

Follow these steps to integrate Apono with your AWS account:

On the Catalog tab, click AWS. The Add a new integration page appears.
Click Amazon Account. The account settings appear below.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.

💡
If the desired connector is not listed, click + Add new connector and follow the instructions for creating an Apono connector.
Under Select resource types, click one or more resource types and cloud services to sync with Apono.

📘
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage Access Flows to these resources.
Click Next. The Complete setup page appears.
Enter a unique, alphanumeric, user-friendly Integration Name. This name is used to identify this integration when constructing an access flow.
From the Region dropdown menu, select the region in which your organization runs. You may only select one region.
Click Connect.

After connecting your AWS account to Apono, you will be redirected to the Connected tab to view your integrations. The new AWS integration will initialize once it completes its first data fetch. Upon completion, the integration will be marked Active.

Now that you have completed this integration, you can create access flows that grant permission to AWS IAM resources, such as AWS Roles.

Integrate an AWS organization

Prerequisites

Apono connector installed in your AWS management account OR a connector with delegate permissions
To sync and manage access to EC2 servers, make sure you add the AmazonSSMManagedInstanceCore policy to the connector's IAM role

Integration

Follow these steps to integrate Apono with your AWS organization:

On the Catalog tab, click AWS. The Add a new integration page appears.
Click Amazon Organization. The account settings appear below.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.

💡
If the desired connector is not listed, click + Add new connector and follow the instructions for creating an AWS connector.
Under Select resource types, click one or more resource types and cloud services to sync with Apono.

📘
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage Access Flows to these resources.
Click Next. The Complete setup page appears.
Enter a unique, alphanumeric, user-friendly Integration Name. This name is used to identify this integration when constructing an access flow.
From the Region dropdown menu, select the region in which your organization runs. You may only select one region.
From the AWS SSO Region dropdown menu, select the region for which your single sign-on is configured. You may only select one region.

📘
AWS SSO Region defaults to the same value as your Region field.
Under SSO Portal, enter your single sign-on URL.
1. This is required for Apono to generate a sign-in link for end users to use their granted access.
(For connectors with delegate permissions) Under Manage Account Role, enter the ARN (step 5) of the role you are to assume.
Click Connect.

Now that you have completed this integration, you can create access flows that grant permission to AWS IAM resources, such as AWS Roles.

Troubleshooting

Please refer to our troubleshooting guide if you encounter errors while integrating.