# Installing a custom resource integration

The **Custom Resource** integration allows you to **securely manage access to external or on-premise applications** using **AWS Lambda** or **Google Cloud Run**. Whenever a user is granted or revoked access through P0, your service provider is automatically invoked — giving you full control over how access is provisioned or removed within your systems.

## Before you begin

Before you configure your **custom resource**, you'll need to set up a few prerequisites. This guide walks you through everything, but before diving into the steps, make sure you have an installed function caller component for **AWS** or **Google Cloud**.\
\
[How to install the AWS function caller](https://github.com/p0-security/p0-docs/blob/main/integrations/resource-integrations/aws/function-caller.md)

[How to install the Google Cloud function caller](https://github.com/p0-security/p0-docs/blob/main/integrations/resource-integrations/google-cloud/function-caller.md)

## Installing your Custom Resource

1. Go to p0.app in your browser, navigate to Integrations, and select AWS.

<figure><img src="/files/S3e9a20AzIVJefKRiNCJ" alt="" width="563"><figcaption></figcaption></figure>

2\. Scroll to the **Resources** section and search for “Custom” to find the Custom Resource integration type.

<figure><img src="/files/lDjv8NoRwipew4KOWQ4C" alt="" width="563"><figcaption></figcaption></figure>

3. Click **“Add Resource”** to create a new Custom Resource.

<figure><img src="/files/uUniq0Q204r3NjjgauD0" alt="" width="563"><figcaption></figcaption></figure>

4. Provide a **globally unique ID** for this resource. This identifier is sent back in the payload to your Lambda and can be used to distinguish multiple resources.

{% hint style="warning" %}
This ID cannot be changed after installation — you’ll need to reinstall if you want to update it.
{% endhint %}

<figure><img src="/files/V8nV1tA7oRxJT9KUvXVg" alt="" width="563"><figcaption></figcaption></figure>

5. Give your resource a **descriptive name** that will be shown to end users when they request access. Select **AWS** or **GCP** as your service provider.

<figure><img src="/files/TccoLUVZfPztKBmFsSy3" alt="" width="563"><figcaption></figcaption></figure>

6. Click **Continue** to complete the integration setup. Your function caller is now linked to the P0 Custom Resource.

<figure><img src="/files/fRKsRrvI85gtW2HNfiEA" alt="" width="563"><figcaption></figcaption></figure>

7. [Make a test **access request**](/access-management/just-in-time-access/requesting-access.md) via any supported P0 interface — Web, Slack, or Microsoft Teams — to confirm your AWS Lambda is being triggered.

<figure><img src="/files/3XN6LOKO1uRpYEOGGXtu" alt="" width="563"><figcaption></figcaption></figure>

## Related Links

[Review the Custom Resource OpenAPI specification](/integrations/resource-integrations/custom-resource.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.p0.dev/integrations/resource-integrations/custom-resource/installing-a-custom-resource-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.