Google Cloud SQL PostgreSQL is a fully managed relational database service built for the cloud. It provides a high-performance, scalable, and highly available PostgreSQL database instance without the overhead of managing infrastructure. With Google Cloud SQL, users benefit from Google Cloud's robust infrastructure, which ensures high availability, security, and scalability for their databases.

Through this integration, Apono helps you securely manage access to your Google Cloud SQL PostgreSQL database instances.

To enable Apono to manage Google Cloud SQL PostgreSQL user access, you must create a user and then configure the integration within the Apono UI.

Prerequisites

Create a PostgreSQL user

You must create a user in your PostgreSQL instance for the Apono connector and grant that user permissions to your databases.

Following these steps to create a user and grant it permissions:

1. In the Google Cloud console, with either Built-in authentication or Cloud IAM authentication.

1. (Cloud IAM only) In your preferred client tool, grant cloudsqlsuperuser access to the user account.

1. In your preferred client tool, grant the cloudsqlsuperuser role privileges on all databases except template0 and cloudsqladmin. This allows Apono to perform tasks that are not restricted to a single schema or object within the database, such as creating, altering, and dropping database objects.

1. For each database to be managed through Apono, connect to the database and grant cloudsqlsuperuser privileges on all objects in the schemas. This allows Apono to perform tasks that are restricted to schemas within the database, such as modifying table structures, creating new sequences, or altering functions.

1. Connect to the template1 database and grant cloudsqlsuperuser privileges on all objects in the schemas. For any new databases created in the future, this allows Apono to perform tasks that are restricted to schemas within the database, such as modifying table structures, creating new sequences, or altering functions.

1. (Built-in authentication only) with the credentials from step 1.

Integrate Google Cloud SQL - PostgreSQL

Follow these steps to complete the integration:

1. On the tab, click Google Cloud SQL - PostgreSQL. The Connect Integration page appears.

2. Under Discovery, click one or more resource types and cloud services to sync with Apono.

1. Click Next. The Apono connector section expands.

2. From the dropdown menu, select a connector.

1. Click Next. The Integration Config section expands.

2. Define the Integration Config settings.

   Setting

   Description

1. Click Next. The Get more with Apono section expands.

2. Define the Get more with Apono settings.

   Setting

   Description

Now that you have completed this integration, you can that grant permission to your Google Cloud SQL PostgreSQL instance.

If your organization uses Google Cloud Platform (GCP), Apono's GCP integrations can help you securely manage access to your GCP cloud-based services and databases.

By identifying and transforming existing privileges, Apono can shift your cloud management from broad permissions to on-demand access flows.

Through our GCP integrations, Apono enables you to perform the following access tasks:

• Limit Access: Discover existing privileges in GCP and convert them to just-in-time Access Flows.

MySQL is a reliable and secure open-source relational database system. It serves as the main data store for various applications, websites, and products. This includes mission-critical applications and dynamic websites. With Cloud SQL, users benefit from Google Cloud's robust infrastructure, which ensures high availability, security, and scalability for their databases.

Through this integration, Apono helps you securely manage access to your Cloud SQL MySQL databases.

Prerequisites

Create a MySQL user

You must create a user in your MySQL instance for the Apono connector and grant that user permissions to your databases.

Follow these steps to create a user and grant it permissions:

1. In the Google Cloud console, with either Built-in authentication or Cloud IAM authentication.

1. In your preferred client tool, expose databases to the user. This allows Apono to view database names without accessing the contents of each database.

1. Grant the user database permissions. The following commands grant Apono the following permissions:

   • Creating users

   • Updating user information and privileges

1. (MySQL 8.0+) Grant the user the authority to manage other roles. This enables Apono to create, alter, and drop roles. However, this role does not inherently grant specific database access permissions.

1. with the credentials from step 1 above.

You can now .

Integrate Google Cloud SQL - MySQL

Follow these steps to complete the integration:

1. On the tab, click Google Cloud SQL - MySQL. The Connect Integration page appears.

2. Under Discovery, click one or more resource types and cloud services to sync with Apono.

1. Click Next. The Apono connector section expands.

2. From the dropdown menu, select a connector.

1. Click Next. The Integration Config section expands.

2. Define the Integration Config settings.

   Setting

   Description

1. Click Next. The Get more with Apono section expands.

2. Define the Get more with Apono settings.

   Setting

   Description

Now that you have completed this integration, you can that grant permission to your Google Cloud SQL MySQL database.

Apono offers GCP users a simple way to centralize cloud management through our platform. Through a single integration, you can manage multiple GCP services across various organizations and projects.

Prerequisites

Associate BigQuery dataset permissions

Google BigQuery is a fast, scalable, secure, fully managed data warehouse service in the cloud, serving as a primary data store for vast datasets and analytic workloads.

To add this resource to your Google Project or Organization, you must create a custom role with BigQuery dataset permissions and assign the role to the service account for the Apono connector.

Follow these steps to associate the permissions through the Google Cloud CLI:

1. In your shell environment, log in to Google Cloud and enable the API.

2. Set the environment variables.

1. Create the custom role. Be sure to replace the placeholders (<ROLE_ID>, <TITLE>, and <DESCRIPTION>) with actual values of your choosing for the role ID, title, and description of the role.

1. Using the role ID defined in the previous step, assign the custom role to the Apono connector service account.

Enable the Cloud Asset API

To manage and monitor your cloud assets, you must enable the Cloud Asset API.

Follow these steps to enable this API:

1. In your shell environment, log in to Google Cloud and enable the API.

Integrate with GCP

Organization

Follow these steps to integrate Apono with your GCP organization:

1. On the tab, click GCP. The Connect Integrations Group page appears.

2. Under Discovery, click Google Organization.

3. Click one or more resource types to sync with Apono.

1. Click Next. The Apono connector section expands.

2. From the dropdown menu, select a connector. Choosing a connector links Apono to the roles available in the organization where the connector is located.

1. Click Next. The Integration Config section expands.

2. Define the Integration Config settings.

   Setting

   Description

After connecting your GCP organization to Apono, you will be redirected to the Connected tab to view your integrations. The new GCP integration will initialize once it completes its first data fetch. Upon completion, the integration will be marked Active.

Now that you have completed this integration, you can that grant permission to GCP organizational roles.

Project

Follow these steps to integrate Apono with your GCP project:

1. On the tab, click GCP. The Connect Integrations Group page appears.

2. Under Discovery, click Google Project.

3. Click one or more resource types to sync with Apono.

1. Click Next. The Apono connector section expands.

2. From the dropdown menu, select a connector. Choosing a connector links Apono to the roles available in the organization where the connector is located.

1. Click Next. The Integration Config section expands.

2. Define the Integration Config settings.

   Setting

   Description

After connecting your GCP project to Apono, you will be redirected to the Connected tab to view your integrations. The new GCP integration will initialize once it completes its first data fetch. Upon completion, the integration will be marked Active.

Now that you have completed this integration, you can that grant permission to GCP organizational roles.

AlloyDB is a fully managed PostgreSQL-compatible database service on Google Cloud. It offers high performance, scalability, and reliability for demanding enterprise workloads.

Through this integration, Apono helps you securely manage access to your AlloyDB instance.

Prerequisites

Assign roles to the Apono connector

Use the following tabs to assign roles to the Apono connector for either your or .

Create an AlloyDB user

You must create a user in your AlloyDB instance for the Apono connector and grant that user permissions.

Use the following steps to create a user for the Apono connector and grant it permissions:

1. Create a new user and grant permissions with either or .

1. (Built-in Authentication only) with the credentials from step 1.

Integrate AlloyDB

Follow these steps to complete the integration:

1. On the tab, click AlloyDB. The Connect Integration page appears.

2. Under Discovery, select one or multiple resource types for Apono to discover in the instance.

3. Click Next. The Apono connector section expands.

1. Click Next. The Integration Config page appears.

2. Define the Integration Config settings.

1. Click Next. The Secret Store section expands.

2. .

3. Click Next. The Get more with Apono section expands.

1. Click Confirm.

Now that you have completed this integration, you can create that grant permission to your AlloyDB instance.

With a Kubernetes cluster in GKE on Google Cloud, GKE handles the complexities of Kubernetes management. Google Cloud provides a reliable, scalable database service.

Through this integration, Apono helps you securely manage access to your Google Cloud Kubernetes cluster.

Prerequisites

Integrate with Google Kubernetes Engine (GKE)

Follow these steps to complete the integration:

1. On the tab, click Google Kubernetes Engine (GKE). The Connect Integration page appears.

2. Under Discovery, click one or more resource types and cloud services to sync with Apono.

1. Click Next. The Apono connector section expands.

2. From the dropdown menu, select a connector.

1. Click Next. The Integration Config section expands.

2. Define the Integration Config settings.

   Setting

   Description

1. Click Next. The Get more with Apono section expands.

2. Define the Get more with Apono settings.

   Setting

   Description

Now that you have completed this integration, you can that grant permission to your Google Cloud Kubernetes cluster.

Google Cloud Functions enables you to build and connect cloud services by writing single-purpose functions that are attached to events emitted from your cloud infrastructure and services.

Its serverless architecture frees you to write, test, and deploy functions quickly without having to manage infrastructure setup.

With this integration, you can connect your internal applications to Cloud Functions and manage access to those applications with Apono.