> ## Documentation Index
> Fetch the complete documentation index at: https://docs.formal.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

> The protocol-aware proxy that provides visibility and control over data access

## What is a Connector?

The Formal Connector is a protocol-aware reverse proxy that sits between your users and your protected resources. It provides real-time visibility, policy enforcement, and access control over all data flowing through your infrastructure.

The Connector is designed to be extremely easy to deploy and manage, thanks to two key features:

* **Smart Routing**: The Connector listens on a single port, automatically detects the wire protocol used by the client (PostgreSQL, MongoDB, HTTP, SSH, etc.), and parses this protocol in real-time
* **Zero Config**: The Connector automatically discovers resources in your cloud environment (Kubernetes clusters, RDS instances, EC2 instances, etc.) and connects to them without manual configuration

## How Connectors Work

All client connections flow through the Connector:

```mermaid theme={null}
sequenceDiagram
    participant Client
    participant Connector
    participant Resource

    Client->>Connector: Connect to database
    Connector->>Connector: Authenticate identity
    Connector->>Connector: Evaluate policies
    Connector->>Resource: Forward request
    Resource-->>Connector: Response
    Connector->>Connector: Apply data masking
    Connector-->>Client: Masked response
```

The Connector intercepts every request and response, allowing you to:

* ✅ Authenticate users and verify their identity
* ✅ Evaluate access policies in real-time
* ✅ Log all queries, commands, and API calls
* ✅ Mask and redact sensitive data automatically
* ✅ Terminate suspicious sessions immediately

## Monitoring and Health

The Connector exposes a health check endpoint on port 8080:

```bash theme={null}
curl http://connector-host:8080/health
```

For production monitoring, configure:

* **CloudWatch Logs** (AWS ECS)
* **kubectl logs** (Kubernetes)
* **Cloud Logging** (GCP)

## Configuration

<Tabs>
  <Tab title="Web Console">
    1. Navigate to [Connectors](https://app.formal.ai/connectors)
    2. Click **New Connector**
    3. Enter a name
    4. Add listeners with routing rules
    5. Save and copy the API token
    6. Deploy the container with the token
  </Tab>

  <Tab title="Terraform">
    ```hcl theme={null}
    resource "formal_connector" "production" {
      name = "production-connector"
      
      listener {
        port = 5432
        
        rule {
          type        = "resource"
          resource_id = formal_resource.postgres.id
        }
      }
      
      listener {
        port = 22
        
        rule {
          type = "any"
        }
      }
    }

    output "connector_token" {
      value     = formal_connector.production.api_key
      sensitive = true
    }
    ```
  </Tab>
</Tabs>

## Next Steps

<CardGroup cols={2}>
  <Card title="Add Resources" icon="database" href="/docs/guides/core-concepts/resources">
    Define the databases, APIs, and infrastructure the Connector protects
  </Card>

  <Card title="Configure Spaces" icon="layer-group" href="/docs/guides/core-concepts/spaces">
    Segment access with logical groupings
  </Card>

  <Card title="Write Policies" icon="shield-check" href="/docs/guides/policies/introduction">
    Control who can access what with policy-as-code
  </Card>

  <Card title="Monitor Sessions" icon="signal-stream" href="/docs/guides/observability/sessions">
    View active connections and session recordings
  </Card>
</CardGroup>
