Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Create an integration to manage access to PostgreSQL instances on Google Cloud SQL
Google Cloud SQL PostgreSQL is a fully managed relational database service built for the cloud. It provides a high-performance, scalable, and highly available PostgreSQL database instance without the overhead of managing infrastructure. With Google Cloud SQL, users benefit from Google Cloud's robust infrastructure, which ensures high availability, security, and scalability for their databases.
Through this integration, Apono helps you securely manage access to your Google Cloud SQL PostgreSQL database instances.
To enable Apono to manage Google Cloud SQL PostgreSQL user access, you must create a user and then configure the integration within the Apono UI.
| Item | Description |
|---|---|
You must create a user in your PostgreSQL instance for the Apono connector and grant that user permissions to your databases.
You must use the admin account and password to connect to your database.
Following these steps to create a user and grant it permissions:
In the Google Cloud console, create a new user with either Built-in authentication or Cloud IAM authentication.
Use apono_connector for the username.
This authentication method grants the user the cloudsqlsuperuser role. Be sure to set a strong password for the user.
As an alternative, you can run the following command from your Postgre client:
CREATE USER 'apono_connector'@'%' IDENTIFIED BY 'password'
Use apono-connector-iam-sa@[PROJECT_ID].iam.gserviceaccount.com for the Principal.
This authentication method does not grant the user account database privileges.
Be sure that the Apono connector GCP service account (apono-connector-iam-sa@[PROJECT_ID].iam.gserviceaccount.com) has the Cloud SQL Admin role.
(Cloud IAM only) In your preferred client tool, grant cloudsqlsuperuser access to the user account.
In your preferred client tool, grant the cloudsqlsuperuser role privileges on all databases except template0 and cloudsqladmin.
This allows Apono to perform tasks that are not restricted to a single schema or object within the database, such as creating, altering, and dropping database objects.
For each database to be managed through Apono, connect to the database and grant cloudsqlsuperuser privileges on all objects in the schemas.
This allows Apono to perform tasks that are restricted to schemas within the database, such as modifying table structures, creating new sequences, or altering functions.
Connect to the template1 database and grant cloudsqlsuperuser privileges on all objects in the schemas.
For any new databases created in the future, this allows Apono to perform tasks that are restricted to schemas within the database, such as modifying table structures, creating new sequences, or altering functions.
(Built-in authentication only) Create a secret with the credentials from step 1.
When using Cloud IAM authentication, the service account and its permissions are managed through Google Cloud IAM roles and policies. The service account is used to authenticate to the Cloud SQL instance.
A secret does not need to be created.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the Catalog tab, click Google Cloud SQL - PostgreSQL. The Connect Integration page appears.
Under Discovery, click one or more resource types and cloud services to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a GCP connector.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
(User/Password only) Associate the secret or credentials.
A secret is not needed or Cloud IAM authentication.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Now that you have completed this integration, you can create access flows that grant permission to your Google Cloud SQL PostgreSQL instance.
Create an integration to manage access to Kubernetes clusters on Google Cloud
With a Kubernetes cluster in GKE on Google Cloud, GKE handles the complexities of Kubernetes management. Google Cloud provides a reliable, scalable database service.
Through this integration, Apono helps you securely manage access to your Google Cloud Kubernetes cluster.
| Item | Description |
|---|---|
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the Catalog tab, click Google Kubernetes Engine (GKE). The Connect Integration page appears.
Under Discovery, click one or more resource types and cloud services to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a GCP connector.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
(User/Password only) Associate the secret or credentials.
When the Apono connector is installed on the GKE cluster, you do not need to enter values for the optional fields or to provide a secret.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Now that you have completed this integration, you can create access flows that grant permission to your Google Cloud Kubernetes cluster.
Create an integration to manage access to an AlloyDB instance
AlloyDB is a fully managed PostgreSQL-compatible database service on Google Cloud. It offers high performance, scalability, and reliability for demanding enterprise workloads.
Through this integration, Apono helps you securely manage access to your AlloyDB instance.
| Item | Description |
|---|
Use the following tabs to assign roles to the Apono connector for either your or .
Follow these steps to assign roles to the Apono connector:
In your shell environment, log in to Google Cloud and enable the API.
Set the environment variables.
Assign roles to the connector.
Follow these steps to assign roles to the Apono connector:
In your shell environment, log in to Google Cloud and enable the API.
Set the environment variables.
Assign roles to the connector.
You must create a user in your AlloyDB instance for the Apono connector and grant that user permissions.
Use the following steps to create a user for the Apono connector and grant it permissions:
Run the following commands from your PostgreSQL client.
Run the following command to grant superuser privileges to the Apono connector user.
When using IAM authentication, the service account and its permissions are managed through Google Cloud IAM roles and policies.
A secret does not need to be created.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, select one or multiple resource types for Apono to discover in the instance.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config page appears.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Create an integration to manage access to Cloud SQL MySQL databases
MySQL is a reliable and secure open-source relational database system. It serves as the main data store for various applications, websites, and products. This includes mission-critical applications and dynamic websites. With Cloud SQL, users benefit from Google Cloud's robust infrastructure, which ensures high availability, security, and scalability for their databases.
Through this integration, Apono helps you securely manage access to your Cloud SQL MySQL databases.
| Item | Description |
|---|
You must create a user in your MySQL instance for the Apono connector and grant that user permissions to your databases.
Follow these steps to create a user and grant it permissions:
In the Google Cloud console, with either Built-in authentication or Cloud IAM authentication.
Use apono_connector for the username.
Be sure to set a strong password for the user.
As an alternative, you can run the following common from your MySQL client:
CREATE USER 'apono_connector'@'%' IDENTIFIED BY 'password';
Use apono-connector-iam-sa@[PROJECT_ID].iam.gserviceaccount.com for the Principal.
Be sure that the Apono connector GCP service account (apono-connector-iam-sa@[PROJECT_ID].iam.gserviceaccount.com) has the Cloud SQL Admin role.
In your preferred client tool, expose databases to the user. This allows Apono to view database names without accessing the contents of each database.
Grant the user database permissions. The following commands grant Apono the following permissions:
Creating users
Updating user information and privileges
Monitoring and troubleshooting processes running on the database
Grant the user only one of the following sets of permissions. The chosen set defines the highest level of permissions to provision with Apono. Click on each tab to reveal the SQL commands.
Allows Apono to read data from databases
Allows Apono to read and modify data
Allows Apono administrative-level access, including the ability to execute and drop tables
(MySQL 8.0+) Grant the user the authority to manage other roles. This enables Apono to create, alter, and drop roles. However, this role does not inherently grant specific database access permissions.
You can also use the steps below to integrate with Apono using Terraform.
In step 10, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click one or more resource types and cloud services to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
A secret is not needed or Cloud IAM authentication.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Google Cloud Functions enables you to build and connect cloud services by writing single-purpose functions that are attached to events emitted from your cloud infrastructure and services.
Its serverless architecture frees you to write, test, and deploy functions quickly without having to manage infrastructure setup.
With this integration, you can connect your internal applications to Cloud Functions and manage access to those applications with Apono.
Apono currently supports the original version of Google Cloud Functions, 1st Gen.
| Item | Description |
|---|
You can also use the steps below to integrate with Apono using Terraform.
In step 8, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the tab, click Cloud Function Custom Integration. The Connect Integration page appears.
Under Discovery, click Next. The Apono connector section expands.
From the dropdown menu, select a connector.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a .
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Learn how to integrate and manage access to your GCP cloud
If your organization uses Google Cloud Platform (GCP), Apono's GCP integrations can help you securely manage access to your GCP cloud-based services and databases.
By identifying and transforming existing privileges, Apono can shift your cloud management from broad permissions to on-demand access flows.
Through our GCP integrations, Apono enables you to perform the following access tasks:
Limit Access: Discover existing privileges in GCP and convert them to just-in-time Access Flows.
Enable Self-Service Access: Allow developers to request access to GCP services, buckets, and instances via Slack.
Automate Approval Workflows: Create automatic approval processes for sensitive GCP resources.
Restrict Third-Party Access: Grant third-parties (customers or vendors) time-based access to specific services with MFA verification.
Review Access: Audit user cloud access, permissions granted, and reasons for access across GCP.
\
Create an integration to manage access to a GCP organization or project resources
Apono offers GCP users a simple way to centralize cloud management through our platform. Through a single integration, you can manage multiple GCP services across various organizations and projects.
| Item | Description |
|---|
Google BigQuery is a fast, scalable, secure, fully managed data warehouse service in the cloud, serving as a primary data store for vast datasets and analytic workloads.
To add this resource to your Google Project or Organization, you must create a custom role with BigQuery dataset permissions and assign the role to the service account for the Apono connector.
The following instructions in this section use the Google Cloud CLI.
However, you can also through the Google Console, and IAM client library, or the REST API. Additionally, you can to the Apono connector through the Google Console.
Follow these steps to associate the permissions through the Google Cloud CLI:
In your shell environment, log in to Google Cloud and enable the API.Shell
Set the environment variables.
Create the custom role. Be sure to replace the placeholders (<ROLE_ID>, <TITLE>, and <DESCRIPTION>) with actual values of your choosing for the role ID, title, and description of the role.
Using the role ID defined in the previous step, assign the custom role to the Apono connector service account.
To manage and monitor your cloud assets, you must enable the Cloud Asset API.
Follow these steps to enable this API:
In your shell environment, log in to Google Cloud and enable the API.
You can also use the steps below to integrate with Apono using Terraform.
In step 10, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to integrate Apono with your GCP organization:
Under Discovery, click Google Organization.
Click one or more resource types to sync with Apono.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to the roles available in the organization where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
After connecting your GCP organization to Apono, you will be redirected to the Connected tab to view your integrations. The new GCP integration will initialize once it completes its first data fetch. Upon completion, the integration will be marked Active.
You can also use the steps below to integrate with Apono using Terraform.
In step 10, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to integrate Apono with your GCP project:
Under Discovery, click Google Project.
Click one or more resource types to sync with Apono.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to the roles available in the organization where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
After connecting your GCP project to Apono, you will be redirected to the Connected tab to view your integrations. The new GCP integration will initialize once it completes its first data fetch. Upon completion, the integration will be marked Active.
| Setting | Description |
|---|---|
| Setting | Description |
|---|---|
| Setting | Description |
|---|---|
| Setting | Description |
|---|---|
Create a new user and grant permissions with either or .
In the Google Cloud console, enable IAM authentication for your AlloyDB instance by setting the alloydb.iam_authentication flag to on.
(Built-in Authentication only) with the credentials from step 1.
On the tab, click AlloyDB. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a .
| Setting | Description |
|---|
.
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can create that grant permission to your AlloyDB instance.
with the credentials from step 1 above.
You can now .
On the tab, click Google Cloud SQL - MySQL. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector.
| Setting | Description |
|---|
(User/Password only) .
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Google Cloud SQL MySQL database.
| Setting | Description |
|---|
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your internal application.
On the tab, click GCP. The Connect Integrations Group page appears.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage to these resources.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating an .
| Setting | Description |
|---|
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to GCP organizational roles.
On the tab, click GCP. The Connect Integrations Group page appears.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage to these resources.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating an .
| Setting | Description |
|---|
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to GCP organizational roles.
Apono Connector
On-prem connection serving as a bridge between your Google Cloud PostgreSQL databases and Apono Minimum Required Version: 1.4.1 Use the following steps to update an existing connector.
Cloud SQL Admin API
API for managing database instances with resources, such as BackupRuns, Databases, and Instances
Cloud SQL Admin Role
(Cloud IAM authentication only) Google Cloud role that the Apono connector's service user must have at the instance's project or organization level
PostgreSQL Info
Information for the database instance to be integrated:
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Server URL
(Optional) URL of the server where the cluster is deployed Leave this field blank to connect the cluster where the Apono connector is deployed.
Certificate Authority
(Optional) Ensures that the Kubernetes API server you are communicating with is trusted and authentic Leave this field blank to connect the cluster where the Apono connector is deployed.
Project ID
(Optional) ID of the GCP project where the cluster is deployed
Region
(Optional) Location where the cluster is deployed
Cluster Name
(Optional) Name of the cluster to connect The cluster name should be the same as it appears in GKE.
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Access Details | Instructions for accessing this integrations's resources |
Custom Parameters | Key-value pairs to send to the Google Cloud Function For example, you can provide a Google Function with a redirect URL that is used for internal provisioning access and passed as part of the action requests. |
Project ID | ID of the project associated with the Cloud Function |
Region | Location of the Google Cloud Function instance |
Function Name | Name of the Google Cloud Function |
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Auth Type
Authorization type for the MySQL service account user
Option
Description
IAM Auth
Cloud IAM authentication
User / Password
Built-in authentication
Project ID
ID of the project where the PostgreSQL instance is deployed
Region
Location where the PostgreSQL instance is deployed
Instance ID
ID of the PostgreSQL instance
Instance ID User Override
(Optional) Allows overriding the instance ID for the user
Database Name
Name of the database to integrate By default, Apono sets this value to postgre.
SSL Mode
(Optionl) Mode of Secure Sockets Layer (SSL) encryption used to secure the connection with the SQL database server
Option
Description
require
An SSL-encrypted connection must be used.
allow
An SSL-encrypted or unencrypted connection is used. If an SSL encrypted connection is unavailable, the unencrypted connection is used.
disable
An unencrypted connection is used.
prefer
An SSL encrypted connection is attempted. If the encrypted connection is unavailable, the unencrypted connection is used.
verify-ca
An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass.
verify-full
An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. Additionally, the server hostname is checked against the certificate's names.
Apono Connector | Minimum Required Version: 1.6.4 |
Allow Connector IP Access | Allows the Apono connector to communicate with the AlloyDB instance You must allow the connector IP range in the AlloyDB primary instance's IP allow list. |
API Services | API services that must enabled:
|
AlloyDB Information | Identifiers for AlloyDB resources:
|
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Auth Type |
Option | Description |
User / Password | Apono-created local user credentials |
IAM Authentication | Cloud IAM authentication |
Project ID | ID of the project associated with the AlloyDB instance |
Location | Location of the AlloyDB instance |
Primary Instance ID | ID for the primary instance within the AlloyDB cluster |
Cluster ID | ID for the AlloyDB cluster |
Port | Port value for the database By default, Apono sets this value to 5432. |
Instance ID User Override (optional) | Overrides the instance ID for the user |
Database Name | Name of the database to integrate By default, Apono sets this value to postgre. |
SSL Mode | (Optional) Mode of Secure Sockets Layer (SSL) encryption used to secure the connection with the SQL database server
|
Option | Description |
require | An SSL-encrypted connection must be used. |
allow | An SSL-encrypted or unencrypted connection is used. If an SSL encrypted connection is unavailable, the unencrypted connection is used. |
disable | An unencrypted connection is used. |
prefer | An SSL encrypted connection is attempted. If the encrypted connection is unavailable, the unencrypted connection is used. |
verify-ca | An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. |
verify-full | An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. Additionally, the server hostname is checked against the certificate's names. |
Credential Rotation |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner | Follow these steps to define one or several integration owners:
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner | (Optional) Group or role responsible for managing access approvals or rejections for the resource
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Apono Connector |
Cloud SQL Admin API |
Cloud SQL Admin Role | (Cloud IAM authentication only) Google Cloud role that the Apono connector's service user must have at the instance's project or organization level |
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Auth Type | Authorization type for the MySQL service account user |
Option | Description |
IAM Auth | Cloud IAM authentication |
User / Password | Built-in authentication |
Project ID | ID of the project where the MySQL instance is deployed |
Region | Location where the MySQL instance is deployed |
Instance ID | ID of the MySQL instance |
Instance ID User Override | (Optional) Allows overriding the instance ID for the user |
Credential Rotation | (Optional) Number of days after which the database credentials must be rotated |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Apono Connector |
Cloud Function (1st gen) |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Apono Connector |
Apono Premium |
Google User Account |
Google Cloud Command Line Interface (Google Cloud CLI) |
Google Cloud Information | Information for your Google Cloud instance associated with the Apono connector Google-defined: User-defined
|
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Organization ID |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Project ID |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Apono Connector
On-prem connection installed on the GKE cluster that serves as a bridge between a Kubernetes cluster and Apono
Kubernetes Engine Cluster Role
Google Cloud role that grants the Apono connector's service account access to retrieve and list GKE clusters Apono does not require admin permissions to the Kubernetes environment.
| Option | Description |
|---|---|
| Option | Description |
|---|---|
On-prem serving as a bridge between your Google Cloud SQL MySQL databases and Apono
Use the following steps to.
See for more information.
See to learn how to obtain these identifiers.
for the AlloyDB user
Be sure to choose the SSL mode based on your AlloyDB primary instance .
(Optional) When Auth Type is set to User / Password, number of days after which the database credentials must be rotated Learn more about the .
(Optional) Fallback approver if no is found
Follow these steps to define one or several :
On-prem serving as a bridge between your Google Cloud SQL MySQL databases and Apono Minimum Required Version: 1.4.1 Use the following steps to .
for managing database instances with resources, such as BackupRuns, Databases, and Instances
| Option | Description |
|---|
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
On-prem serving as a bridge between your Google Function and Apono, deployed with a GCP service account Minimum Required Version: 1.5.3 Use the following steps if you need to .
Named function set up within
To allow the Apono connector to call the Cloud Function, add the Cloud Functions Invoke and Cloud Functions Viewer roles to the apono-connector service account apono-connector-iam-sa for that Cloud Function.
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
On-prem serving as a bridge between a Google Cloud instance and Apono
providing the most features and dedicated account support
User account with
used to manage Google Cloud resources
(Organization)
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
IAM Auth
Cloud IAM authentication
User / Password
Built-in authentication
require
An SSL-encrypted connection must be used.
allow
An SSL-encrypted or unencrypted connection is used. If an SSL encrypted connection is unavailable, the unencrypted connection is used.
disable
An unencrypted connection is used.
prefer
An SSL encrypted connection is attempted. If the encrypted connection is unavailable, the unencrypted connection is used.
verify-ca
An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass.
verify-full
An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. Additionally, the server hostname is checked against the certificate's names.
Option | Description |
User / Password | Apono-created local user credentials |
IAM Authentication | Cloud IAM authentication |
Option | Description |
require | An SSL-encrypted connection must be used. |
allow | An SSL-encrypted or unencrypted connection is used. If an SSL encrypted connection is unavailable, the unencrypted connection is used. |
disable | An unencrypted connection is used. |
prefer | An SSL encrypted connection is attempted. If the encrypted connection is unavailable, the unencrypted connection is used. |
verify-ca | An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. |
verify-full | An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. Additionally, the server hostname is checked against the certificate's names. |
IAM Auth | Cloud IAM authentication |
User / Password | Built-in authentication |
