Install an Azure connector on ACI using PowerShell Learn how to deploy a connector in an Azure environment
Azure Container Instances (ACI) is a managed, serverless compute platform for running containerized applications. This guide explains how to install and configure an Apono connector on ACI in your Azure environment using PowerShell.
Prerequisites
Account-specific Apono authentication value
Use the following steps to obtain your token:
Click Cloud installation > Azure > Install and Connect Azure Account > CLI (Container Instance) .
Copy the token listed on the page in step 1 .
Information for your Azure Cloud instance:
Grants full access to manage all resources
Assigns roles in Azure RBAC
Manages all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities
Install a new connector
You can install a connector for an Azure Management Group or Subscription.
Management Group
Follow these steps to install a new connector:
At the shell prompt, set the environment variables.
Copy APONO_CONNECTOR_ID =< A_UNIQUE_CONNECTOR_NAME >
APONO_TOKEN =< APONO_TOKEN >
SUBSCRIPTION_ID =< AZURE_SUBSCRIPTION_ID >
RESOURCE_GROUP_NAME =< AZURE_RESOURCE_GROUP_NAME >
MANAGEMENT_GROUP_NAME =< AZURE_MANAGEMENT_GROUP_NAME > Log in to your Azure account.
Set the REGION environment variable.
Copy $REGION =$ ( Get-AzResourceGroup - Name $RESOURCE_GROUP_NAME).Location Run the following command to deploy the connector on your ACI.
Copy $port = New-AzContainerInstancePortObject - Port 80 - Protocol TCP
$env_var1 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_CONNECTOR_ID" - Value $APONO_CONNECTOR_ID
$env_var2 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_TOKEN" - Value $APONO_TOKEN
$env_var3 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_URL" - Value "api.apono.io"
$jsonValue = @ {
cloud_provider = "AZURE"
subscription_id = $SUBSCRIPTION_ID
resource_group = $RESOURCE_GROUP_NAME
region = $REGION
is_azure_admin = $true
} | ConvertTo-Json - Compress
$env_var4 = New-AzContainerInstanceEnvironmentVariableObject - Name "CONNECTOR_METADATA" - Value $jsonValue
$container = New-AzContainerInstanceObject - Image registry.apono.io / apono - connector:v1. 6.7 - Name $APONO_CONNECTOR_ID - Port @ ($port) - EnvironmentVariable @ ($env_var1 , $env_var2 , $env_var3 , $env_var4) - RequestCpu 1 - RequestMemoryInGb 1.5
$imageRegistryCredential = New-AzContainerGroupImageRegistryCredentialObject - Server "registry.apono.io" - Username "apono" - Password ( ConvertTo-SecureString $APONO_TOKEN - AsPlainText - Force)
$PRINCIPAL_ID =$ ( New-AzContainerGroup - SubscriptionId $SUBSCRIPTION_ID - ResourceGroupName $RESOURCE_GROUP_NAME - Name $APONO_CONNECTOR_ID - Container $container - OsType Linux - ImageRegistryCredential $imageRegistryCredential - Location $REGION - IdentityType "SystemAssigned" ).IdentityPrincipalId Add the User Access Administrator role to the connector in the management group scope.
Copy New-AzRoleAssignment - ObjectId $PRINCIPAL_ID - ObjectType "ServicePrincipal" - RoleDefinitionName "User Access Administrator" - Scope / providers / Microsoft.Management / managementGroups / $MANAGEMENT_GROUP_NAME For Azure AD, add the Director Readers role to the connector. For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.
Azure AD
Copy $payload = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload Azure AD Groups
Copy # First role assignment
$payload1 = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload1
# Second role assignment
$payload2 = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "e8611ab8-c189-46e8-94e1-60213ab1f814"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload2 On the Connectors
You can now integrate with an Azure Management Group or Azure Subscription .
Subscription
Follow these steps to install a new connector:
Export the following environment variables.
Copy APONO_CONNECTOR_ID =< A_UNIQUE_CONNECTOR_NAME >
APONO_TOKEN =< APONO_TOKEN >
SUBSCRIPTION_ID =< AZURE_SUBSCRIPTION_ID >
RESOURCE_GROUP_NAME =< AZURE_RESOURCE_GROUP_NAME > Log in to your Azure account.
Set the REGION environment variable.
Copy $REGION =$ ( Get-AzResourceGroup - Name $RESOURCE_GROUP_NAME).Location Run the following command to deploy the connector on your ACI.
Copy $port = New-AzContainerInstancePortObject - Port 80 - Protocol TCP
$env_var1 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_CONNECTOR_ID" - Value $APONO_CONNECTOR_ID
$env_var2 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_TOKEN" - Value $APONO_TOKEN
$env_var3 = New-AzContainerInstanceEnvironmentVariableObject - Name "APONO_URL" - Value "api.apono.io"
$jsonValue = @ {
cloud_provider = "AZURE"
subscription_id = $SUBSCRIPTION_ID
resource_group = $RESOURCE_GROUP_NAME
region = $REGION
is_azure_admin = $true
} | ConvertTo-Json - Compress
$env_var4 = New-AzContainerInstanceEnvironmentVariableObject - Name "CONNECTOR_METADATA" - Value $jsonValue
$container = New-AzContainerInstanceObject - Image registry.apono.io / apono - connector:v1. 6.7 - Name $APONO_CONNECTOR_ID - Port @ ($port) - EnvironmentVariable @ ($env_var1 , $env_var2 , $env_var3 , $env_var4) - RequestCpu 1 - RequestMemoryInGb 1.5
$imageRegistryCredential = New-AzContainerGroupImageRegistryCredentialObject - Server "registry.apono.io" - Username "apono" - Password ( ConvertTo-SecureString $APONO_TOKEN - AsPlainText - Force)
$PRINCIPAL_ID =$ ( New-AzContainerGroup - SubscriptionId $SUBSCRIPTION_ID - ResourceGroupName $RESOURCE_GROUP_NAME - Name $APONO_CONNECTOR_ID - Container $container - OsType Linux - ImageRegistryCredential $imageRegistryCredential - Location $REGION - IdentityType "SystemAssigned" ).IdentityPrincipalId Add the User Access Administrator role to the connector in the subscription scope.
Copy New-AzRoleAssignment - ObjectId $PRINCIPAL_ID - ObjectType "ServicePrincipal" - RoleDefinitionName "User Access Administrator" - Scope / subscriptions / $SUBSCRIPTION_ID For Azure AD, add the Director Readers role to the connector. For Azure AD Groups, add the Groups Administrator and Privileged Role Administrator roles.
Azure AD
Copy $payload = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload Azure AD Groups
Copy # First role assignment
$payload1 = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload1
# Second role assignment
$payload2 = @ {
principalId = $PRINCIPAL_ID
roleDefinitionId = "e8611ab8-c189-46e8-94e1-60213ab1f814"
directoryScopeId = "/"
} | ConvertTo-Json - Depth 3
Invoke-AzRestMethod - Method POST - Uri https: // graph.microsoft.com / beta / roleManagement / directory / roleAssignments - Payload $payload2 On the Connectors
You can now create integrate with an Azure Management Group or Azure Subscription .