Create a space
Define an environment for managing team-specific resources
A space allows your organization to segment the global account into independently governed environments. Each space defines a set of resources and managing users.
Prerequisites
Admin role
Only Apono users with an Admin role can create a new space.
Resource inventory
One or more integrations must be configured in the global account.
Identity provider
You must have an identify provider (IdP) integrated to add space members.
Create a new space
Follow these steps to create a new space:
On the Spaces Management page, click Create New Space. The Space details page appears.
You can also click Space Settings at the top right of the screen to access the Spaces Management page.
Enter a Space name. The name should be unique and reflect the environment or group that will own it.
Define the space membership.
Define the space inventory.
Click Create Space. The new space appears as a tile with summary details on the Spaces Management page.
Define membership
Follow these steps to add members to manage the space:
Click Invite User. The Select Space Members pop-up window appears.
In the User field, select one or more users to assign to a role.
Select a Role option.
Space Owner
Can perform the following tasks:
Add and remove users from a space
Manage access objects within a space
Space Manager
Can perform the following task:
Manage access objects within a space
Click Done. The selected users and roles appear in the summary pane.
Click Save Changes. The pop-up window closes.
Click Next.
Define inventory
Follow these steps to define the space-managed resources:
In the Space Access scope pane, filter the resources by one or several of the following filters.
To create complex queries, click AQL to build a query in the code box.
The Apono Query Language enables you to extend your query capabilities beyond the standard options available with the UI.
Integration
Follow these steps to filter by integration:
Click the Integration dropdown menu.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
(Optional) In the Search field, enter a value to filter the list of integrations.
Select one or several integrations. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Resource Type
Follow these steps to filter by resource type:
Click the Resource Type dropdown menu.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
(Optional) In the Search field, enter a value to filter the list of resource types.
Select one or several resource types. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Resource Status
Follow these steps to filter by resource status:
Click the Resource Status dropdown menu.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
(Optional) In the Search field, enter a value to filter the list of resource statuses.
Select one or several resource statuses. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Resource Name
Follow these steps to filter by resource name:
Click the More Filters dropdown menu.
Select Resource Name.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
Contains (a*b)
Does not contain (!a*b)
Starts with (*b)
Ends with (a*)
(Optional) In the Search field, enter a value to filter the list of resource names.
(Equals, Not Equals only) Select one or several resource names. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Resource Path
Follow these steps to filter by resource path:
Click the More Filters dropdown menu.
Select Resource Path.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
Contains (a*b)
Does not contain (!a*b)
Starts with (*b)
Ends with (a*)
(Optional) In the Search field, enter a value to filter the list of resource paths.
Select one or several resource paths. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Resource Tag
Follow these steps to filter by resource tag:
Click the More Filters dropdown menu.
Select Resource Tag.
(Optional) In the Search field, enter a value to filter the list of resource names.
Click the resource name.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
Contains (a*b)
Does not contain (!a*b)
Starts with (*b)
Ends with (a*)
(Optional) In the Search field, enter a value to filter the list of resource tags.
(Equals, Not Equals only) Select one or several resource tags. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Permission Name
Follow these steps to filter by permission name:
Click the More Filters dropdown menu.
Select Permission Name.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
Contains (a*b)
Does not contain (!a*b)
Starts with (*b)
Ends with (a*)
(Optional) In the Search field, enter a value to filter the list of resource names
(Equals, Not Equals only) Select one or several permission names. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Resource Risk Level
Follow these steps to filter by resource risk level:
Click the More Filters dropdown menu.
Select Resource Risk Level.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
Select one or several resource risk level. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Permission Risk Level
Follow these steps to filter by permission risk level:
Click the More Filters dropdown menu.
Select Permission Risk Level.
From the dropdown menu, select the comparative logic:
Equals (=)
Not Equals (!=)
Select one or several pemission risk level. Only the values meeting the criteria will be shown.
Click the top or outside of the dropdown menu to close it.
Comparative Logic
Equals (=)
Checks if values are the same
Examples:
Resource Type equals DynamoDB Table
Resource Status equals ACTIVE
After filtering by this value, you can select the exact resources to include in your filtered query.
Not Equals (!=)
Checks if values are different
Examples:
Integration does not equal AWS Playground
Resource Type does not equal S3 Bucket
After filtering by this value, you can select the exact resources to include in your filtered query.
Contains (a*b)
Checks if a value contains another value as a substring or pattern
Examples:
Resource Name contains playground
Resource Tag contains true
Does not contain (!a*b)
Checks if a value does NOT contain another value as a substring or pattern
Examples:
Resource Name does not contain production
Permission Name does not contain admin
Starts with (*b)
Checks if a value begins with a specific value or pattern
Examples:
Resource Name starts with aws
Resource Tag for a region starts with eu
Ends with (a*)
Checks if a value ends with a specific value or pattern
Examples:
Resource Name ends with terraform-state
Resource Tag for an env ends with dev
Click +. The Create Space Access Scope pop-up window appears.
Enter a Space Access Scope Name.
Click Create Space Access Scope.
(Optional) Repeat steps 1-4 to create an additional space access scope.
Select one or more space access scopes.
When multiple space access scopes are selected, they are combined with OR logic. The space will include all resources matching any selected scope.
Global account access scopes cannot be used to define a space’s inventory.
Click Create Space with X scopes.
To view or manage a space, select it from the space selector in the top navigation. Space-scoped pages will update automatically based on your selection.
Last updated
Was this helpful?