# Installing a Custom Resource Integration

The **Custom Resource** integration allows you to **securely manage access to external or on-premise applications** using **AWS Lambda** or **Google Cloud Run**. Whenever a user is granted or revoked access through P0, your service provider is automatically invoked — giving you full control over how access is provisioned or removed within your systems.

## Before you begin

Before you configure your **custom resource**, you'll need to set up a few prerequisites. This guide walks you through everything, but before diving into the steps, make sure you have an installed function caller component for **AWS** or **Google Cloud**.\
\
[How to install the AWS function caller](https://github.com/p0-security/p0-docs/blob/main/integrations/resource-integrations/aws/function-caller.md)

[How to install the Google Cloud function caller](https://github.com/p0-security/p0-docs/blob/main/integrations/resource-integrations/google-cloud/function-caller.md)

## Installing your Custom Resource

1. Go to p0.app in your browser, navigate to Integrations, and select AWS.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-3f5f32e468f5d894bbafec0526038d6793dac1f0%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

2\. Scroll to the **Resources** section and search for “Custom” to find the Custom Resource integration type.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-4c31fc5d953a18b9829e4f73b182b619047e80b0%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

3. Click **“Add Resource”** to create a new Custom Resource.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-e7192494e00e8f36ef9788c9dc8f3e1a0432af78%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

4. Provide a **globally unique ID** for this resource. This identifier is sent back in the payload to your Lambda and can be used to distinguish multiple resources.

{% hint style="warning" %}
This ID cannot be changed after installation — you’ll need to reinstall if you want to update it.
{% endhint %}

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-5627cd3ab712ed1899d568be4737976e61a4d082%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

5. Give your resource a **descriptive name** that will be shown to end users when they request access. Select **AWS** or **GCP** as your service provider.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-74cf99fe03f2ad3fb225b29ac955327a69eb5358%2Fimage%20(208).png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

6. Click **Continue** to complete the integration setup. Your function caller is now linked to the P0 Custom Resource.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-a570fda1cd724195156cff0b9abd1359ea04faef%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

7. [Make a test **access request**](https://docs.p0.dev/orchestration/just-in-time-access/requesting-access) via any supported P0 interface — Web, Slack, or Microsoft Teams — to confirm your AWS Lambda is being triggered.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-27b6326f2d7b37c70569b49bb69087b2205c5982%2Fimage.png?alt=media" alt="" width="563"><figcaption></figcaption></figure>

## Related Links

[Review the Custom Resource OpenAPI specification](https://docs.p0.dev/integrations/resource-integrations/custom-resource)