If your organization is using Apono, access to cloud resources in development, CI/CD, data repositories, cloud infrastructure and more is managed centrally.
With Apono' CLI, developers can schedule requests for access that is needed daily or weekly simply by rerunning the same command. s
- Apono account
- Membership in one or more groups having Access Flows to manage resources (an Apono admin account is not required)
- Go to the Apono CLI GitHub repository.
- Follow the installation instructions for MacOS/Linux or Windows.
aponoto see all available commands (or with the -h, --help flags).
Auto-completion recognizes the
tab tab key combination to complete typing commands and flags. Follow these instructions to set it up for your shell/terminal:
apono completion [shell]where [shell] is one of:
- A script for your shell type is generated and displayed.
- Copy the script and paste it into a text editor.
- On MacOS/Linux, save the file as .sh and make it executable. On Windows, save the file as .exe.
- Run the script to enable auto-completion.
- You can then use the tab key to see get auto-complete suggestions for commands and flags with the CLI
If you encounter
Error: profile not existserror, you are not logged in. Run the command
apono loginand log in through your browser
- Echo "autoload -U compinit; compinit" >> ~/.zshrc
- Open a new terminal and run the following -
source <(apono completion zsh); compdef _apono apono
- This command should run every new session
Log in to your Apono account before you can run any other commands.
- A browser tab will open.
- Follow the directions to log into your Apono account.
- Close the browser tab once you see the message confirming that you have successfully logged in.
- With each command, all of its flags are required
- flags can be written in their abbreviated form with a single hyphen (e.g. "-i") or in their long form with a double hyphen (e.g. "--integration").
|apono integrations||(none)||Lists ID, type and name of all available integrations|
|apono resource-types||-i integration-id||Lists ID and name of all resource types in an integration|
|apono resources||-i integration -t, resource-type-id||Lists ID and name of all resources for an integration and its resource type. (note: the resource-type-id is the id returned by |
|apono permissions||-i integration-id, -t resource-type-id||Lists the type of permissions available for a resource in an integration|
|Command||Flags||What is does|
|apono request||-i integration-id -t resource-type-id -r resource-id -p permission -j "text"||Creates a new access request.|
Provide one integration-id and one resource-type, but more than one resource-id and permissions is allowed
Upon successful creation, a request summary is returned:
|apono requests||(none)||Displays the status of all existing access requests|
With multiple components as above, response is organized as follows:The user will get:
--resource1, status1 permissions1
--resource2, status2, permissions2
(a parameter, not a flag. Use the friendly ID)
|Displays instructions for accessing the resource once permission granted.|
For security purposes, we recommend closing the terminal once the login details have been copied
This example illustrates the sequence of commands to obtain all the necessary information about an integration to be able to request access according to the defined access flows.
apono resource-types-i 85a8f7b4-ee5b-48d1-ae59
apono resources-i 85a8f7b4-ee5b-48d1-ae59 -t aws-account-s3-bucket
apono permissions-i 85a8f7b4-ee5b-48d1-ae59 -t aws-account-s3-bucket
Justification: fix J 1504
- Follow the status of your access requests with
apono requests. Once the status of a request has changed to Granted, get the instructions on accessing the resource with
apono access-details [request-ID]which for our example returns:
You can open AWS Console with following command: bash <(curl -s https://apono-public.s3.amazonaws.com/scripts/open_aws_console.sh)
For security purposes, we recommend closing the terminal once the login details have been copied.
To save time, you can give access requests that are needed frequently as an alias. Simply run (on Windows or Mac/Linux):
- Pending: waiting for the approver(s) to approve or reject
- Granting: the request is approved and Apono is provisioning the access
- Granted: you have successfully been given access. Check the Access Details to learn about logging in.
- Expired: Your access time is up and access is revoked.
- Rejected: the request was automatically rejected or rejected by approvers
- Failed: An error has occurred. Contact your admin.
This version does not support:
- Approving access requests with CLI. We recommend creating Access Flows for CLI with automatic approval. Otherwise, approvers will get approve/reject messages via your connected ChatOps tool (Slack or Teams)
- Reseting credentials
- Revoking access
- Requesting bundles
The CLI supports making access requests for any resource integrated with Apono.
Access requests can now be made without a UI.
The CLI functions similarly to the ChatOps integrations with Slack and Teams.
This is the first version of the Apono CLI. Commands may be added or changed in the future so be sure to chck this documentation regularly.
Refer to Troubleshooting Errors for information about errors that may occur.
Updated 13 days ago