Create a space

Define an environment for managing team-specific resources

A space allows your organization to segment the global account into independently governed environments. Each space defines a set of resources and managing users.

Prerequisites

Item
Description

Admin role

Only Apono users with an Admin role can create a new space.

Resource inventory

One or more integrations must be configured in the global account.

Identity provider

You must have an identify provider (IdP) integrated to add space members.

Create a new space

Follow these steps to create a new space:

  1. On the Spaces Management page, click Create New Space. The Space details page appears.

You can also click Space Settings at the top right of the screen to access the Spaces Management page.

  1. Enter a Space name. The name should be unique and reflect the environment or group that will own it.

  2. Define the space membership.

  3. Define the space inventory.

  4. Click Create Space. The new space appears as a tile with summary details on the Spaces Management page.

Define membership

Select Space Member window

Follow these steps to add members to manage the space:

  1. Click Invite User. The Select Space Members pop-up window appears.

  2. In the User field, select one or more users to assign to a role.

  3. Select a Role option.

Role
Description

Space Owner

Can perform the following tasks:

  • Add and remove users from a space

  • Manage access objects within a space

Space Manager

Can perform the following task:

  • Manage access objects within a space

  1. Click Done. The selected users and roles appear in the summary pane.

  2. Click Save Changes. The pop-up window closes.

  3. Click Next.

Define inventory

Space Access scope pane

Follow these steps to define the space-managed resources:

  1. In the Space Access scope pane, filter the resources by one or several of the following filters.

To create complex queries, click AQL to build a query in the code box.

The Apono Query Language enables you to extend your query capabilities beyond the standard options available with the UI.

Integration

Follow these steps to filter by integration:

  1. Click the Integration dropdown menu.

  2. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

  3. (Optional) In the Search field, enter a value to filter the list of integrations.

  4. Select one or several integrations. Only the values meeting the criteria will be shown.

  5. Click the top or outside of the dropdown menu to close it.

Resource Type

Follow these steps to filter by resource type:

  1. Click the Resource Type dropdown menu.

  2. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

  3. (Optional) In the Search field, enter a value to filter the list of resource types.

  4. Select one or several resource types. Only the values meeting the criteria will be shown.

  5. Click the top or outside of the dropdown menu to close it.

Resource Status

Follow these steps to filter by resource status:

  1. Click the Resource Status dropdown menu.

  2. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

  3. (Optional) In the Search field, enter a value to filter the list of resource statuses.

  4. Select one or several resource statuses. Only the values meeting the criteria will be shown.

  5. Click the top or outside of the dropdown menu to close it.

Resource Name

Follow these steps to filter by resource name:

  1. Click the More Filters dropdown menu.

  2. Select Resource Name.

  3. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

    • Contains (a*b)

    • Does not contain (!a*b)

    • Starts with (*b)

    • Ends with (a*)

  4. (Optional) In the Search field, enter a value to filter the list of resource names.

  5. (Equals, Not Equals only) Select one or several resource names. Only the values meeting the criteria will be shown.

  6. Click the top or outside of the dropdown menu to close it.

Resource Path

Follow these steps to filter by resource path:

  1. Click the More Filters dropdown menu.

  2. Select Resource Path.

  3. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

    • Contains (a*b)

    • Does not contain (!a*b)

    • Starts with (*b)

    • Ends with (a*)

  4. (Optional) In the Search field, enter a value to filter the list of resource paths.

  5. Select one or several resource paths. Only the values meeting the criteria will be shown.

  6. Click the top or outside of the dropdown menu to close it.

Resource Tag

Follow these steps to filter by resource tag:

  1. Click the More Filters dropdown menu.

  2. Select Resource Tag.

  3. (Optional) In the Search field, enter a value to filter the list of resource names.

  4. Click the resource name.

  5. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

    • Contains (a*b)

    • Does not contain (!a*b)

    • Starts with (*b)

    • Ends with (a*)

  6. (Optional) In the Search field, enter a value to filter the list of resource tags.

  7. (Equals, Not Equals only) Select one or several resource tags. Only the values meeting the criteria will be shown.

  8. Click the top or outside of the dropdown menu to close it.

Permission Name

Follow these steps to filter by permission name:

  1. Click the More Filters dropdown menu.

  2. Select Permission Name.

  3. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

    • Contains (a*b)

    • Does not contain (!a*b)

    • Starts with (*b)

    • Ends with (a*)

  4. (Optional) In the Search field, enter a value to filter the list of resource names

  5. (Equals, Not Equals only) Select one or several permission names. Only the values meeting the criteria will be shown.

  6. Click the top or outside of the dropdown menu to close it.

Resource Risk Level

Follow these steps to filter by resource risk level:

  1. Click the More Filters dropdown menu.

  2. Select Resource Risk Level.

  3. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

  4. Select one or several resource risk level. Only the values meeting the criteria will be shown.

  5. Click the top or outside of the dropdown menu to close it.

Permission Risk Level

Follow these steps to filter by permission risk level:

  1. Click the More Filters dropdown menu.

  2. Select Permission Risk Level.

  3. From the dropdown menu, select the comparative logic:

    • Equals (=)

    • Not Equals (!=)

  4. Select one or several pemission risk level. Only the values meeting the criteria will be shown.

  5. Click the top or outside of the dropdown menu to close it.

Comparative Logic
Logic
Description

Equals (=)

Checks if values are the same

Examples:

  • Resource Type equals DynamoDB Table

  • Resource Status equals ACTIVE

After filtering by this value, you can select the exact resources to include in your filtered query.

Not Equals (!=)

Checks if values are different

Examples:

  • Integration does not equal AWS Playground

  • Resource Type does not equal S3 Bucket

After filtering by this value, you can select the exact resources to include in your filtered query.

Contains (a*b)

Checks if a value contains another value as a substring or pattern

Examples:

  • Resource Name contains playground

  • Resource Tag contains true

Does not contain (!a*b)

Checks if a value does NOT contain another value as a substring or pattern

Examples:

  • Resource Name does not contain production

  • Permission Name does not contain admin

Starts with (*b)

Checks if a value begins with a specific value or pattern

Examples:

  • Resource Name starts with aws

  • Resource Tag for a region starts with eu

Ends with (a*)

Checks if a value ends with a specific value or pattern

Examples:

  • Resource Name ends with terraform-state

  • Resource Tag for an env ends with dev

  1. Click +. The Create Space Access Scope pop-up window appears.

  2. Enter a Space Access Scope Name.

  3. Click Create Space Access Scope.

  4. (Optional) Repeat steps 1-4 to create an additional space access scope.

  5. Select one or more space access scopes.

When multiple space access scopes are selected, they are combined with OR logic. The space will include all resources matching any selected scope.

Global account access scopes cannot be used to define a space’s inventory.

  1. Click Create Space with X scopes.

To view or manage a space, select it from the space selector in the top navigation. Space-scoped pages will update automatically based on your selection.

PreviousSpace ManagementNextManage a space

Last updated

Was this helpful?