What is a Connector
The Apono Connector is an on-prem connection that can be used to connect resources to Apono and separate the Apono web app from the environment for .
You can view the recommended ,, or.
Automatic Installation
Using AWS CloudFormation or GCP Deployment Manager, the Connector is seamlessly installed in the environment.
Advanced Installation
You can also choose to install the Connector on an or a cluster yourself.
Required Permissions
These are the required permissions for the Connector to function in AWS
S3
{
"Statement": [
{
"Action": [
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
}
],
"Version": "2012-10-17"
}
{
"Statement": [
{
"Action": [
"iam:ListPolicies",
"iam:CreateInstanceProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateInstanceProfile",
"iam:GetRole",
"iam:ListRoleTags",
"iam:TagRole",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:AddRoleToInstanceProfile",
"iam:ListInstanceProfilesForRole",
"iam:DetachRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:DeleteRolePolicy",
"iam:ListRolePolicies",
"iam:GetRolePolicy",
"iam:UpdateAssumeRolePolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*",
"arn:aws:iam::*:role/*",
"arn:aws:iam::*:instance-profile/*"
]
}
],
"Version": "2012-10-17"
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
}
]
}
SSM
{
"Statement": [
{
"Action": [
"ssm:GetParameters*"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/*"
},
{
"Action": [
"ssm:DescribeParameters"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
}
{
"Statement": [
{
"Action": [
"iam:ListPolicies",
"iam:CreateInstanceProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateInstanceProfile",
"iam:GetRole",
"iam:ListRoleTags",
"iam:TagRole",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:AddRoleToInstanceProfile",
"iam:ListInstanceProfilesForRole",
"iam:DetachRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:DeleteRolePolicy",
"iam:ListRolePolicies",
"iam:GetRolePolicy",
"iam:UpdateAssumeRolePolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*",
"arn:aws:iam::*:role/*",
"arn:aws:iam::*:instance-profile/*"
]
}
],
"Version": "2012-10-17"
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
}
]
}
IAM Policy
{
"Statement": [
{
"Action": [
"iam:ListPolicies",
"iam:CreateInstanceProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateInstanceProfile",
"iam:GetRole",
"iam:ListRoleTags",
"iam:TagRole",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:AddRoleToInstanceProfile",
"iam:ListInstanceProfilesForRole",
"iam:DetachRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:DeleteRolePolicy",
"iam:ListRolePolicies",
"iam:GetRolePolicy",
"iam:UpdateAssumeRolePolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*",
"arn:aws:iam::*:role/*",
"arn:aws:iam::*:instance-profile/*"
]
}
],
"Version": "2012-10-17"
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "tag:GetResources",
"Resource": "*"
}
]
}
