Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
How to integrate any MongoDB DB with Apono, this integration will allow you to manage MongoDB access using Apono
Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
Automated Approval Workflows - Create approval workflows to specific sensitive databases.
Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.
Apono requires a user in the DB instance so it can provision.
In MongoDB, switch to admin database
Create a user for Connector in the instance, and type the password to the apono-connector user.(password)
Storing the secret in your environment secret store.
Open Integrations Catalog
Click on MongoDB integration card
Select the Connector, this is the Connector which is installed in the same AWS account as the MongoDB instance
Type in a friendly name for the integration
Fill in the hostname and port
AWS
Use the respective secret which was stored in AWS Secret Manager previously in this guide.
Select the secret from the Secret Manager according to the appropriate AWS account and region
Click Create
Connector requires to have a user in the DB instance so it can provision access. Provisioning is done by creating an admin user in the database.
In MongoDB, switch to admin database
Create user for Connector in the instance, type in some secure password
Using aws-cli, store in AWS Secret Manager, make sure to replace #SECRET_NAME,#REGION, #PASSWORD
Hurray! You've successfully integrated Apono with your MongoDB. You should now see the new integration in your Connected Integrations . You can now use this integration in your existing or new Access Flow. Check this guide out for more information on creating access flows.
Create an integration to manage access your PostgreSQL databases
PostgreSQL databases are open-source relational database management systems emphasizing extensibility and SQL compliance.
Through this integration, Apono helps you securely manage access to your PostgreSQL instance.
To enable Apono to manage PostgreSQL user access, you must create a user and then configure the integration within the Apono UI.
If your PostgreSQL instance runs on a cloud service, follow one of these guides:
| Item | Description |
|---|---|
You must create a user in your PostgreSQL instance for the Apono connector.
You must use the admin account and password to connect to your database.
Follow these steps to create a user and grant it permissions:
In your preferred client tool, create a new user. Use apono_connector for the username. Be sure to set a strong password for the user.
You must also grant the SUPERUSER role to the user in the database instance.
Using the credentials from step 1, create a secret for the database instance.
You can also input the user credentials directly into the Apono UI during the integration process.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the Catalog tab, click PostgreSQL. The Connect Integration page appears.
Under Discovery, select one or multiple resource types for Apono to discover in all instances of the environment.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (AWS, Azure, GCP, Kubernetes).
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Now that you have completed this integration, you can create access flows that grant permission to your PostgreSQL instance.
Create an integration to manage access to a Microsoft SQL Server database
Microsoft SQL Server is a reliable and secure relational database management system. It can be used as the main data store for various applications, websites, and products.
Microsoft enables developers to create cloud-hosted SQL Server databases.
Through this integration, Apono helps you securely manage access to your Microsoft SQL Server database.
| Item | Description |
|---|---|
You must create a user in your Microsoft SQL Server instance for the Apono connector.
Use the following steps to create a user and grant it permissions to your databases:
In your preferred client tool, create a new user. Be sure to set a strong password for the user.
The password must be a minimum of 8 characters and include characters from at least three of these four categories:
Uppercase letters
Lowercase letters
Digits (0-9)
Symbols
Expose databases to the user. This allows Apono to view database names without accessing the contents of each database.
Grant the ALTER ANY LOGIN database permissions to the user in all the databases.
Grant the user ADMIN permissions: Allows Apono to grant users administrative-level access, including the ability to execute and drop tables\
Grant and revoke server-level roles with Apono
To use Apono for MS SQL server-level roles, you must assign the Apono connector user the securityadmin role.
Members of the securityadmin fixed server role can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions if they have access to a database. Additionally, they can reset passwords for SQL Server logins.
Using the credentials from step 1, create a secret for the database instance.
You can now integrate Microsoft SQL Server.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the Catalog tab, click Microsoft SQL Server. The Connect Integration page appears.
Under Discovery, click one or more resource types to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flow to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (AWS, Azure, GCP, Kubernetes).
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Associate the secret or credentials.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Now that you have completed this integration, you can create access flows that grant permission to your Microsoft SQL Server database.
How to integrate MongoDB with Apono to manage JIT access to Clusters, Databases and Collections
A document database used to build highly available and scalable internet applications
Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
Automated Approval Workflows - Create approval workflows for specific sensitive databases/collections.
Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.
- Apono requires a project owner in the cluster's project so it can provision.
Creating an API Key with Project Owner role
Run the following Atlas CLI command:
Make sure to replace #PROJECT_ID with the project-id that contains the cluster you want to integrate
Copy the Public and Private API Keys in the response
Storing the secret in your environment secret store.
Click on MongoDB integration card
Select the Connector, this is the Connector which is installed in the same AWS account as the MongoDB Atlas instance
Type in a friendly name for the integration
Fill in the Project Id and Cluster Name
AWS Use the respective secret which was stored in AWS Secret Manager previously in this guide.
Select the secret from the Secret Manager according to the appropriate AWS account and region
Click Create
Create an integration to manage access to an Elasticsearch instance
Elasticsearch is a distributed, RESTful search and analytics engine designed for horizontal scalability, reliability, and real-time search. It enables users to store, search, and analyze big volumes of data quickly and in near real-time. Elasticsearch is widely used for log and event data analysis, full-text search, and complex searches across large datasets.
Through this integration, Apono helps you securely manage access to your Elasticsearch instance.
| Item | Description |
|---|
You can also use the steps below to integrate with Apono using Terraform.
In step 8, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click Next. The Apono connector section expands.
From the dropdown menu, select a connector.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Create an integration to manage access to Oracle Database tables and custom roles
Oracle Database is a relational database management system (RDBMS) developed by Oracle Corporation. It enables organizations to store, manage, and retrieve data using Structured Query Language (SQL). The database includes features for ensuring data integrity, performing backup and recovery, controlling access, and tuning performance.
Oracle Database supports both on-premises and cloud-based deployments through Oracle Cloud Infrastructure.
Through this integration, Apono helps you securely manage just-in-time, just-enough access to your Oracle Database, tables and custom roles.
You must create a user in your Oracle Database instance for the Apono connector.
Use the following steps to create a user and grant it permissions to your databases:
In your preferred client tool, create a new user. Be sure to set a strong password for the user.
The password must be a minimum of 9 characters and satisfy the following minimum requirements:
2 lowercase letters
2 uppercase letter
2 numbers (0-9)
2 special characters
Cannot have 3 consecutive identical characters
Have 4 different characters than the previous password
Cannot contain, repeat, or reverse the user name
Grant the user permission to connect to the Oracle Database.
Expose databases to the user. This allows Apono to view database names without accessing the contents of each database.
Grant the user permissions to query data from any object, create new user accounts, modify existing user accounts, and remove user accounts from the database.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click one or more resource types to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Create an integration to manage access to a Vertica database
Vertica is a scalable and high-performance analytics database optimized for fast querying and analysis of large datasets. It delivers speed and flexibility for business intelligence and data warehousing applications.
Through this integration, Apono helps you securely manage access to your Vertica database and just-in-time (JIT) access to built-in and custom roles.
| Item | Description |
|---|
You must create a user in your Vertica database instance for the Apono connector and grant that user permissions to the database resources.
Follow these steps to create a user and grant it permissions:
In your preferred client tool, create a new user. Be sure to set a strong password for the user.
Grant the pseudosuperuser role to the user. This allows Apono to create or drop tables and manage user roles and permissions within the Vertica database.
Using the credentials from step 1, for the database instance.\
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal .
You can also use the steps below to integrate with Apono using Terraform.
In step 10, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Create an integration to manage access to a Redis Cloud instance
Redis Cloud is a fully managed, in-memory data store that functions as a database, cache, and message broker. With features such as data persistence, replication, and clustering, Redis Cloud provides high availability and fault tolerance, seamless scalability, and automated maintenance for optimal performance and reliability.
Through this integration, Apono helps you securely manage access to your Redis Cloud instance.
| Item | Description |
|---|
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the tab, click Redis Cloud (Redislabs). The Connect Integration page appears.
Under Discovery, select one or multiple resource types for Apono to discover in all instances of the environment.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Create an integration to manage access to a MongoDB Atlas Portal instance and its resources
MongoDB Atlas is a fully-managed cloud database service that automates database administration tasks for MongoDB. It supports multiple cloud providers and offers advanced features like real-time analytics and security controls. Atlas simplifies database management, allowing organizations to focus on application development with a scalable, flexible database solution that adapts to changing needs and workloads.
Through this integration, Apono helps you securely manage access to your MongoDB Atlas UI Organizations and Projects.
| Item | Description |
|---|
You must create an API key with the Organization User role for the Apono connector.
Follow these steps to create the API key:
In the Atlas CLI, create the API key. The following command will return the public and private API keys in the response.
Be sure to replace <ORGANIZATION_ID> with the organization ID of the MongoDB Atlas UI to integrate.
Using the keys from the previous step, for the MongoDB Atlas UI instance.
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
Under Discovery, click one or both resource types to sync with Apono.
Apono automatically discovers and syncs all the instances in the environment. After syncing, you can manage access flows to these resources.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
Create an integration to manage access to a Snowflake instance
Snowflake is a fully managed, cloud-based data platform that functions as a data warehouse, data lake, and data sharing solution. With features such as automatic scaling, secure data sharing, and robust data integration, Snowflake offers high performance and flexibility, ensuring seamless data management and analytics.
Through this integration, Apono helps you securely manage access to your Snowflake instance.
| Item | Description |
|---|
You can also use the steps below to integrate with Apono using Terraform.
In step 11, instead of clicking Confirm, follow the Are you integrating with Apono using Terraform? guidance.
Follow these steps to complete the integration:
On the tab, click Snowflake. The Connect Integration page appears.
Under Discovery, select one or multiple resource types for Apono to discover in all instances of the environment.
Click Next. The Apono connector section expands.
From the dropdown menu, select a connector. Choosing a connector links Apono to all the services available on the account where the connector is located.
Click Next. The Integration Config section expands.
Define the Integration Config settings.
Click Next. The Secret Store section expands.
Click Next. The Get more with Apono section expands.
Define the Get more with Apono settings.
Click Confirm.
| Setting | Description |
|---|---|
| Setting | Description |
|---|---|
| Setting | Description |
|---|---|
You can also store the secret in if you use Google Cloud.
Open
You've successfully integrated Apono with your MongoDB. You should now see the new integration in your .
You can now use this integration in your existing or new Access Flow. Check this guide out for more information on .
On the tab, click Elasticsearch. The Connect integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
| Setting | Description |
|---|
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Elasticsearch instance.
Using the credentials from step 1, for the database instance.
You can also input the user credentials directly into the Apono UI during the .
You can now .
On the tab, click Oracle Database. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
| Setting | Description |
|---|
.
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Oracle Database resources.
You can now .
On the tab, click Vertica Database. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
| Setting | Description |
|---|
.
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Vertica database.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
| Setting | Description |
|---|
.
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Redis Cloud instance.
You can now .
On the tab, click Mongo Atlas Portal. The Connect Integration page appears.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
| Setting | Description |
|---|
.
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your MongoDB Atlas UI Organizations and Projects.
If the desired connector is not listed, click + Add new connector and follow the instructions for creating a connector (, , , ).
| Setting | Description |
|---|
.
| Setting | Description |
|---|
Refer to for more details about the schema definition.
Now that you have completed this integration, you can that grant permission to your Snowflake instance.
Apono Connector
On-prem connection serving as a bridge between your PostgreSQL databases and Apono:
Minimum Required Version: 1.3.0 Use the following steps to update an existing connector:
PostgreSQL Info
Information for the database instance to be integrated:
Hostname
Port number
Database Name
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Apono Connector
On-prem connection serving as a bridge between a Microsoft SQL Server database instance and Apono:
Microsoft SQL Server Info
Information for the database instance to be integrated:
Hostname
Port number
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Hostname
Hostname of the Microsoft SQL Server instance to connect
Port
Port value for the instance By default, Apono sets this value to 1433.
Database Name
Name of the database By default, Apono sets this value to master.
Credential Rotation
(Optional) Number of days after which the database credentials must be rotated
Custom Access Details
(Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview.
Integration Owner
(Optional) Fallback approver if no resource owner is found Follow these steps to define one or several integration owners:
From the Attribute dropdown menu, select User or Group under the relevant identity provider (IdP) platform.
From the Value dropdown menu, select one or multiple users or groups.
NOTE: When Resource Owner is defined, an Integration Owner must be defined.
Resource Owner
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several resource owners:
Enter a Key name. This value is the name of the tag created in your cloud environment.
From the Attribute dropdown menu, select an attribute under the IdP platform to which the key name is associated. Apono will use the value associated with the key (tag) to identify the resource owner. When you update the membership of the group or role in your IdP platform, this change is also reflected in Apono.
NOTE: When this setting is defined, an Integration Owner must also be defined.
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Proxy Address | Elasticsearch proxy address |
Clusters | Array of Elasticsearch clusters
Example: |
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Hostname | Hostname of the Oracle Database instance to connect |
Port | Port value for the instance By default, Apono sets this value to 1521. |
Service Name | Name of the service By default, Apono sets this value to ORCL. |
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Hostname | Hostname of the Vertica database instance to connect |
Port | Port value for the instance By default, Apono sets this value to 5433. |
Database Name | Name of the database |
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Organization ID | ID of the organization of the MongoDB Atlas UI instance to connect |
Setting
Description
Integration Name
Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow
Hostname
Hostname of the PostgreSQL database instance to connect
Port
Port value for the instance By default, Apono sets this value to 5432.
Database Name
Name of the database to integrate By default, Apono sets this value to postgre
SSL Mode
(Optionl) Mode of Secure Sockets Layer (SSL) encryption used to secure the connection with the SQL database server
Option
Description
require
An SSL-encrypted connection must be used.
allow
An SSL-encrypted or unencrypted connection is used. If an SSL encrypted connection is unavailable, the unencrypted connection is used.
disable
An unencrypted connection is used.
prefer
An SSL encrypted connection is attempted. If the encrypted connection is unavailable, the unencrypted connection is used.
verify-ca
An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass.
verify-full
An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. Additionally, the server hostname is checked against the certificate's names.
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Apono Connector | On-prem connection serving as a bridge between an Oracle Database instance and Apono: |
Oracle Database Information | Information for the database instance to be integrated:
|
Credential Rotation | (Optional) Number of days after which the database credentials must be rotated |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Apono Connector | On-prem connection serving as a bridge between a Vertica database instance and Apono: |
Vertica Information | Information for the database instance to be integrated:
|
Credential Rotation | (Optional) Number of days after which the database credentials must be rotated |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Redis Cloud API |
Redis API credentials | Credentials used to authenticate a Redis REST API request: These credentials are required for creating the Apono Secret in the next row. |
Apono Secret |
|
Apono Connector | On-prem connection serving as a bridge between a Redis Cloud instance and Apono: |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Apono Connector | On-prem connection serving as a bridge between a MongoDB Atlas instance and Apono: |
Atlas Command Line Interface (Atlas CLI) |
MongoDB Atlas Info | Information for the MongoDB Atlas UI resources to be integrated:
|
Credential Rotation | (Optional) Number of days after which the database credentials must be rotated |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
Apono Connector | On-prem connection serving as a bridge between a Snowflake instance and Apono: |
Snowflake Hostname | Unique identifier of the Snowflake instance to connect You can use either format: |
Snowflake User |
Apono Secret |
Integration Name | Unique, alphanumeric, user-friendly name used to identify this integration when constructing an access flow |
Hostname | Hostname of the Snowflake instance to connect |
Auth Type | Authorization type for the Snowflake user |
Option | Description |
User / Password | Apono-created local user credentials |
SSO Auth | Synced user credentials from IdP integration with Snowflake |
Credential Rotation | (Optional) When Auth Type is set to User / Password, number of days after which the database credentials must be rotated |
Custom Access Details | (Optional) Instructions explaining how to access this integration's resources Upon accessing an integration, a message with these instructions will be displayed to end users in the User Portal. The message may include up to 400 characters. To view the message as it appears to end users, click Preview. |
Integration Owner |
NOTE: When Resource Owner is defined, an Integration Owner must be defined. |
Resource Owner |
NOTE: When this setting is defined, an Integration Owner must also be defined. |
How to integrate MySQL DB with Apono Cloud-Native access management platform
Reduce Over Privileges - Discover existing privileges to MySQL databases and convert them to on-demand access flows to reduce over-privileges.
Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
Automated Approval Workflows - Create approval workflows to specific sensitive databases.
Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.
An Apono connector installed with network access to the MySQL databases
Minimal Apono connector version: 1.3.0 (visit the Connectors Page and update the connector if needed)
A user for Apono to your MySQL with the following permissions
A secret created in Secret Store with the following params:
Key username, Value MySQL USERNAME
Keypassword, Value USERNAME PASSWORD
📘 Why does Apono need secrets?
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.
Create user for Connector in the instance, type in some secure password
Using aws-cli, store in AWS Secret Manager, make sure to replace #SECRET_NAME,#REGION,#USERNAME, #PASSWORD
Expose databases to apono_connector
Grant CREATE USER to apono_connector in all the databases
Select and grant apono_connector ONE of the following READ_ONLY, READ_WRITE, ADMIN permissions, this will function as the highest permission level you would like to provision with Apono
READ_ONLY
READ_WRITE
ADMIN
📘 Is your MySQL running on a cloud service?
If you are trying to connect to an RDS MySQL or a CloudSQL MySQL you should use the specific cloud service integration.
Click on Integrations Catalog.
Pick a connector with network access to the MySQL databases (see prerequisites)
Specify the integrations details:
Integration name – type the name of the integration When building an Access Flow you will reference this name
Hostname – specify the hostname of the MySQL you are connecting
Port – 3306
Provide the secret (see prerequisites)
Click "Connect"
Congratulations on connecting your MySQL. You can now create access flows that grant permissions to your MySQL databases.
Have multiple MySQLs? Use the API
You can check out the Apono API reference to easily integrate multiple integrations.
Apono Connector | On-prem connection serving as a bridge between an Elasticsearch instance and Apono: |
Apono HTTP Proxy |
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
REST API for managing Redis Cloud programmatically for your account.
Value generated with the credentials of the user you create based on your Redis Cloud API account key and user key:
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal .
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
that enables quickly provisioning and managing Atlas database deployments from the terminal.
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
<account_locator>.<cloud_region_id> ()
<organization_name>-<account_name> ()
with the ACCOUNTADMIN role for the Apono connector
Value generated with the credentials of the user you create based on the Snowflake user credentials and connector you are using.
You can also .
Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal .
| Option | Description |
|---|
(Optional) Fallback approver if no is found Follow these steps to define one or several integration owners:
(Optional) Group or role responsible for managing access approvals or rejections for the resource Follow these steps to define one or several :
Look for MySQL and click Connect
to manage Elasticsearch The default Elasticsearch capabilities do not include authorization controls and therefore neither does the API. When integrating with Apono using the HTTP Proxy, you will be able to manage access to Elasticsearch using Apono Access Flows.
Option
Description
require
An SSL-encrypted connection must be used.
allow
An SSL-encrypted or unencrypted connection is used. If an SSL encrypted connection is unavailable, the unencrypted connection is used.
disable
An unencrypted connection is used.
prefer
An SSL encrypted connection is attempted. If the encrypted connection is unavailable, the unencrypted connection is used.
verify-ca
An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass.
verify-full
An SSL-encrypted connection must be used and a server certification verification against the provided CA certificates must pass. Additionally, the server hostname is checked against the certificate's names.
User / Password | Apono-created local user credentials |
SSO Auth | Synced user credentials from IdP integration with Snowflake |
