Container Orchestration Connection Profiles

Defines the AWS ECS authentication endpoint.

Defines the Cloud Watch authentication endpoint.

Determines the region where the AWS ECS jobs are located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Defines the AWS ECS account access key.

Defines the AWS ECS account secret access key.

Defines the Identity and Access Management (IAM) role for the AWS ECS connection.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the AWS App Runner authentication endpoint.

Determines the region where the AWS App Runner jobs are located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Defines the AWS App Runner account access key.

Defines the AWS App Runner account secret access key.

Defines the Identity and Access Management (IAM) role for the AWS App Runner connection.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the Azure account subscription ID, which is located in the Azure portal.

Determines one of the following authentication methods to connect to Azure Container Instance:

• Service Principal: An Azure service principal, also known as an App Registration, is an identity created to use applications, hosted services, and automated tools that access Azure resources. This access is restricted by the roles assigned to the service principal, which gives the Azure Administrator control over which resources are accessed and at which level. Use this option if the Agent is installed on-premises or with any other cloud vendor.

• Managed Identity: Enables you to access other Azure Active-Directory-protected resources. The identity is managed by the Azure platform. You do not need to provide credentials within Control-M. Use this option if the Agent is installed on an Azure virtual machine that has an assigned a Managed Identity with the required permissions.

Determines whether the client ID for the managed identity is specified by the Managed Identity Client ID parameter.

Use this option if your Azure virtual machine has multiple managed identities.

Determines which client ID to use as the managed identity.

You only need to complete this field if your Azure virtual machine instance has multiple managed identities and you have selected the Specify Managed Identity Client ID checkbox. If you only have one ID, it is detected automatically.

Defines the Tenant ID where the Azure Container instance is created.

Defines the Azure application ID of a Service Principal that has access to interact with Azure Container instances.

The service principal must be an Azure Container Instance workspace user with a Contributor or Owner role.

Defines the password associated with the Azure user and the application.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the Azure AD authentication endpoint base URL.

Do not change the default value unless you are required to by your Azure Administrator.

Defines the Azure service endpoint that enables you to perform API calls and retrieve the token for authentication.

Default: https://management.azure.com

Do not change the default value unless you are required to by your Azure Administrator.

Determines one of the following authentication types using GCP Access Control:

• Service Account: Authenticates using an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Defines the Google Cloud Platform (GCP) authentication endpoint for Cloud Run.

(Service Account) Defines a service account that is associated with an RSA key pair.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the name of the Kubernetes namespace.

Defines an endpoint URL if you want the Kubernetes job spec to be retrieved from a remote location at the time of job execution (instead of uploading the job spec YAML file during job definition).

Determines the type of authentication to use for the connection to the endpoint URL for remote retrieval of the Kubernetes job spec:

• None

• Basic

• OAuth2

• AWS

• Google

(Basic authentication) Defines the basic authentication username.

(Basic authentication) Defines the basic authentication password.

(Basic authentication) Determines whether to use preemptive authentication.

(OAuth2) Determines whether to add basic authentication to the OAuth2 authentication.

(OAuth2) Defines the OAuth2 web service URL.

(OAuth2) Determines one of the following OAuth2 grant types, which determines the type of communication with the OAuth2 web service:

• Client credentials: Requests a client ID and secret.

• Password: Requests an additional access token username and password, which provides additional security.

(OAuth2) Defines the user ID associated with the Web Services REST user and application.

(OAuth2) Defines the secret (password) associated with the Web Services REST user and application.

(OAuth2) Defines an additional grant username.

(OAuth2) Defines an additional grant

(OAuth2) Defines the content type.

(OAuth2) Defines OAuth2 header parameters, as Key:Value pairs.

(OAuth2) Defines OAuth2 body parameters, as Key:Value pairs.

(AWS) Defines the AWS region.

(AWS) Defines the AWS service to access.

(AWS) Determines one of the following authentication methods:

• IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure.

• Access & Secret Keys: Authenticates with an AWS access key and secret.

(AWS) Defines the Identity and Access Management (IAM) role for the AWS connection.

(AWS) Defines the AWS account access key.

(AWS) Defines the AWS account secret access key.

(Google) Determines one of the following token types for GCP Access Control:

• Access token

• Identity token

(Google) Defines a service account that is associated with an RSA key pair.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the URL for the connection to the Kubernetes cluster.

Default: https://kubernetes.default.svc

Defines the path to the token file for the connection to Kubernetes.

Default: /var/run/secrets/kubernetes.io/serviceaccount/token