LogoLogo
Metadata for Integration Config
Metadata for Integration Config
  • INTEGRATION METADATA
    • Amazon Account
    • AWS EC2 SSH
    • Elastic Kubernetes Service (EKS)
    • AWS Lambda Custom Integration
    • Amazon Organization
    • AWS RDS MySQL
    • AWS RDS PostgreSQL
    • Amazon RDS
    • Entra ID (Azure AD) Groups
    • Azure Kubernetes Service (AKS)
    • Azure Management Group
    • Azure MySQL
    • Azure PostgreSQL
    • Azure Subscription
    • Azure VM SSH
    • Cloud Function Custom Integration
    • F5 Network
    • Google AlloyDB
    • Google BigQuery
    • Google Cloud SQL - MySQL
    • Google Cloud SQL - PostgreSQL
    • Google Kubernetes Engine (GKE)
    • Google Organization
    • Google Project
    • Github
    • JumpCloud
    • Kubernetes Proxy
    • Kubernetes
    • LDAP Group
    • MariaDB
    • Mongo Atlas Portal
    • MongoDB Atlas
    • MongoDB
    • Microsoft SQL Server
    • MySQL
    • Okta Group
    • OneLogin Group
    • 1Password
    • OpenVPN
    • Oracle Database
    • PostgreSQL
    • RabbitMQ
    • Rancher
    • RDP
    • Redis Cloud (Redislabs)
    • Amazon Redshift
    • Snowflake
    • SSH
    • Vertica Database
    • Web App
    • Windows Domain Controller
Powered by GitBook
On this page
  • Example Usage
  • Schema
  • Integration Config

Was this helpful?

Export as PDF
  1. INTEGRATION METADATA

Amazon Organization

Integrate all accounts and resources, and manage access with IAM Identity Center (SSO)

Example Usage

aws-organization-integration.tf
resource "apono_integration" "aws-organization-integration" {
  name                     = "Amazon Organization"
  type                     = "aws-organization"
  connector_id             = "apono-connector-id"
  connected_resource_types = ["aws-organization-account"]
  metadata = {
    region = "<Region>"
    aws_sso_region = "<AWS SSO Region>"
    aws_sso_portal = "<SSO Portal>"
    management_account_role_arn = "<Management Account Role ARN>"
    filter_not_organizational_unit_ids = "<Exclude Organizational Unit IDs>"
    user_assuming_role_arns = "<Assumable Roles>"
    session_duration_hours = "<Session Duration (in Hours)>"
    enable_audit = "<Enable Audit>"
  }
}
aws-organization-integration.tf
resource "apono_resource_integration" "aws-organization-integration" {
  name                     = "Amazon Organization"
  type                     = "aws-organization"
  connector_id             = "apono-connector-id"
  connected_resource_types = ["aws-organization-account"]
  integration_config = {
    region = "<Region>"
    aws_sso_region = "<AWS SSO Region>"
    aws_sso_portal = "<SSO Portal>"
    management_account_role_arn = "<Management Account Role ARN>"
    filter_not_organizational_unit_ids = "<Exclude Organizational Unit IDs>"
    user_assuming_role_arns = "<Assumable Roles>"
    session_duration_hours = "<Session Duration (in Hours)>"
    enable_audit = "<Enable Audit>"
  }
}

Schema

  • type aws-organization

  • connected_resource_types List of resource types to sync.

Available resource types you can use

  • aws-organization-account

  • aws-organization-s3-bucket

  • aws-organization-s3-folder

  • aws-organization-iam-group

  • aws-organization-iam-role

  • aws-organization-customer-managed-iam-policy

  • aws-organization-account-iam-managed-policy

  • aws-organization-systems-manager-parameter-store

  • aws-organization-systems-manager-parameter-store-param

  • aws-organization-ec2-loadbalancer

  • aws-organization-ec2-instance

  • aws-organization-ec2-service

  • aws-organization-ecr

  • aws-organization-ecr-repository

  • aws-organization-ecs-cluster

  • aws-organization-sagemaker-notebook

  • aws-organization-lambda-function

  • aws-organization-secrets-manager-secret

  • aws-organization-sqs-queue

  • aws-organization-sns-topic

  • aws-organization-dynamodb-table

  • aws-organization-cloudformation-stack

  • aws-organization-cloudformation-stackset

  • aws-organization-kms-key

  • aws-organization-emr-cluster

  • aws-organization-acm-certificate

  • aws-organization-ses

  • aws-organization-cognito

  • aws-organization-elasticache

  • aws-organization-route53

  • aws-organization-route53-hostedzone

Integration Config

  • region (Required | String) Region

    • Possible values: us-east-1, us-east-2, us-west-1, us-west-2, eu-central-1, eu-central-2, eu-west-1, eu-west-2, eu-south-1, eu-south-2, eu-west-3, eu-north-1, af-south-1, ap-east-1, ap-southeast-3, ap-southeast-4, ap-southeast-5, ap-southeast-7, ap-south-1, ap-south-2, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, ca-west-1, me-south-1, me-central-1, sa-east-1, il-central-1, mx-central-1

  • aws_sso_region (Required | String) AWS SSO Region

    • Default value: us-east-1

    • Possible values: us-east-1, us-east-2, us-west-1, us-west-2, eu-central-1, eu-central-2, eu-west-1, eu-west-2, eu-south-1, eu-south-2, eu-west-3, eu-north-1, af-south-1, ap-east-1, ap-southeast-3, ap-southeast-4, ap-southeast-5, ap-southeast-7, ap-south-1, ap-south-2, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, ca-west-1, me-south-1, me-central-1, sa-east-1, il-central-1, mx-central-1

  • aws_sso_portal (Required | String) SSO Portal

  • management_account_role_arn (Optional | String) Management Account Role ARN

  • filter_not_organizational_unit_ids (Optional | String) Exclude Organizational Unit IDs

  • user_assuming_role_arns (Optional | String) Assumable Roles

  • session_duration_hours (Optional | String) Session Duration (in Hours)

    • Possible values: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12

  • enable_audit (Optional | String) Enable Audit

    • Default value: false

    • Possible values: true, false

PreviousAWS Lambda Custom IntegrationNextAWS RDS MySQL

Last updated 3 hours ago

Was this helpful?