Data Processing and Analytics Connection Profiles
The following topics describe the connection profile parameters for data processing platforms and services:
AWS Athena Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the AWS Athena connection profile parameters.
Parameter |
Description |
---|---|
AWS API Base URL |
Defines the AWS Athena API authentication endpoint. https://athena.us-east-1.amazonaws.com |
AWS Region |
Determines the region where the AWS Athena jobs are located. us-east-1 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the AWS Athena account access key. |
AWS Secret Key |
Defines the AWS Athena account secret access key. |
IAM Role |
Defines the Identity and Access Management (IAM) role for the AWS Athena connection. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS Athena before a timeout occurs. Default: 20 |
AWS Data Pipeline Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the AWS Data Pipeline connection profile parameters.
Parameter |
Description |
---|---|
Data Pipeline URL |
Defines the AWS Data Pipeline API authentication endpoint. https://datapipeline.us-east-1.amazonaws.com For more information about regional endpoints available for the AWS Data Pipeline service, refer to the AWS documentation. |
AWS Region |
Determines the region where the AWS Data Pipeline jobs are located. us-east-1 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the AWS Data Pipeline account access key. |
AWS Secret |
Defines the AWS Data Pipeline account secret access key. |
IAM Role |
Defines the Identity and Access Management (IAM) role for the AWS Data Pipeline connection. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS Data Pipeline before a timeout occurs. Default: 30 |
AWS DynamoDB Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for AWS DynamoDB.
The following table describes the AWS DynamoDB Connection Profile Parameters.
Parameter |
Description |
---|---|
AWS DynamoDB Login URL |
Determines the AWS DynamoDB authentication endpoint base URL that includes the region that is defined for the AWS account. https://dynamodb.<us-east-1>.amazonaws.com |
AWS Region |
Determines the region where the AWS DynamoDB jobs are located. us-east-1 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the AWS Access Key account access key. |
AWS Secret |
Defines the AWS Secret account secret access key. |
IAM role |
Defines the Identity and Access Management (IAM) role for the AWS DynamoDB connection. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS Backup before a timeout occurs. Default: 20 |
AWS EMR Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the AWS EMR connection profile parameters.
Parameter |
Description |
---|---|
Region |
Determines the region where the AWS EMR jobs are located. us-east-1 |
EMR Access Key |
Defines the token for the connection to AWS. |
EMR Service Key |
Defines an additional security token for AWS. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Azure Databricks Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Azure Databricks connection profile parameters.
Parameter |
Description |
---|---|
Authentication Method |
Determines one of the following authentication methods to connect to an Azure Databricks Instance:
Managed Identity authentication is based on an Azure token that is valid for 24 hours, by default. You can extend the Token lifetimes in Azure. |
Specify Managed Identity Client ID |
Determines whether the client ID for the managed identity is specified by the Managed Identity Client ID parameter. Use this option if your Azure virtual machine has multiple managed identities. |
Managed Identity Client ID |
Determines which client ID to use as the managed identity. You only need to complete this field if your Azure virtual machine instance has multiple managed identities and you selected the Specify Managed Identity Client ID checkbox. If you only have one ID, it is detected automatically. |
Tenant ID |
Defines the Tenant ID in Azure AD. |
Application ID |
Defines the application (service principal) ID of the registered application. The service principal must meet the following requirements:
|
Client Secret |
Defines the secret (password) associated with the Azure user and the application. |
Azure Login URL |
Defines the URL for login to Azure: https://login.microsoftonline.com Do not change the default value unless you are required to by your Azure Administrator. |
Databricks URL |
Defines the URL of your Databricks workspace. |
Databricks Resource |
Defines the resource parameter for the Azure Databricks login application: Default: 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d Do not change the default value unless you are required to by your Azure Administrator. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Azure Databricks before a timeout occurs. Default: 50 seconds |
Azure HDInsight Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes Azure HDInsight connection profile parameters.
Parameter |
Description |
---|---|
Cluster Name |
Defines the name of the HDInsight cluster. |
Cluster Username |
Defines the name of the Administrator to use to connect to Azure HDInsight. |
Cluster Password |
Defines the Administrator password, which is configured in Azure HDInsight. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Azure Synapse Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes Azure Synapse connection profile parameters.
Parameter |
Description |
---|---|
Authentication Method |
Determines one of the following identity types to connect to Azure Synapse Analytics:
To prepare for authentication using each of these methods:
|
Specify Managed Identity Client ID |
(Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Select this checkbox if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. |
Managed Identity Client ID |
(Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you selected the Specify Managed Identity Client ID checkbox. If you have only one Managed Identity, it is detected automatically. |
Azure AD URL |
(Service Principal) Defines the Azure AD authentication endpoint base URL. https://login.microsoftonline.com |
Tenant ID |
(Service Principal) Defines the Tenant ID in Azure AD. |
App ID |
Defines the application (service principal) ID of the registered application for the Azure Synapse service. |
Client Secret |
(Service Principal) Defines the secret (password) associated with the Azure user and the application. |
Synapse URL |
Defines the workspace development endpoint. https://myworkspace.dev.azuresynapse.net |
Synapse Resource |
Defines the resource parameter that serves as the identifier for Azure Synapse login via Azure AD: https://dev.azursesynapse.net/ |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Azure Synapse Analytics before a timeout occurs. Default: 50 seconds. |
Databricks Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Databricks connection profile parameters.
Parameter |
Description |
---|---|
Databricks Workspace URL |
Defines the URL of your Databricks workspace. |
Databricks Personal Access Token |
Defines a Databricks token for authentication of connections to the Databricks workspace. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Databricks before a timeout occurs. Default: 50 seconds |
dbt Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for dbt.
The following table describes the dbt (Data Build Tool) connection profile parameters.
Parameter |
Description |
---|---|
DBT URL |
Defines the dbt API authentication endpoint. Default: https://cloud.getdbt.com |
DBT Token |
Defines the authentication code that is used to create a connection to the dbt platform. This is located in the API Access section in the dbt Cloud platform. |
Account ID |
Defines the unique ID that is assigned to your dbt Cloud account. This is located in the Account Info section in the dbt Cloud platform. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to dbt before a timeout occurs. Default: 60 |
GCP BigQuery Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the GCP BigQuery connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
GCP BigQuery URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for BigQuery. https://bigquery.googleapis.com |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
GCP Dataflow Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Google Cloud Platform (GCP) Dataflow connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
Dataflow URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Dataflow. https://dataflow.googleapis.com |
Service Account Key |
(Service Account) Defines a JSON body that contains the required service account credentials to access GCP, as shown in the following example: Copy
|
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
GCP Dataproc Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Google Cloud Platform (GCP) Dataproc connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
Dataproc URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Dataproc. https://dataproc.googleapis.com |
Service Account Key |
(Service Account) Defines a JSON body that contains the required service account credentials to access GCP, as shown in the following example: Copy
|
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Defines a timeout value, in seconds, for the trigger call to Google Cloud Platform. Default: 20 seconds |
OCI Data Flow Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for OCI Data Flow .
The following table describes OCI Data Flow connection profile parameters.
Parameter |
Authentication Method |
Description |
---|---|---|
OCI Data Flow URL |
All methods |
Defines the OCI Data Flow URL in the following format: https://dataflow.<region>.oci.oraclecloud.com/20200129 |
OCI Region |
All methods |
Determines the region where OCI Data Flow is located. ap-melbourne-1 eu-madrid-1 |
Authentication |
NA |
Determines one of the following authentication methods:
|
User OCID |
Defined Parameters |
Defines an individual user within the OCI environment. |
Tenancy OCID |
Defined Parameters |
Defines the OCI Tenancy ID in an OCI Data Flow, which is a global unique identifier for this account within the OCI environment. |
Fingerprint |
Defined Parameters |
Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key. |
Private Key |
Defined Parameters |
Defines the Private key (critical component) within a set of API signing keys that are used for authentication and secure access to OCI resources. |
Use External Vault |
Defined Parameters |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Config File Path |
Configuration File |
Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent. UNIX: home/user1/config/pem.pem Windows: C:\Users\user1\config\pem.pem |
Profile |
Configuration File |
Defines the name of a specific section in the configuration file, such as DEFAULT or PROFILE2 in the Configuration File code sample. |
Connection Timeout |
All methods |
Determines the number of seconds to wait after Control-M initiates a connection request to OCI Data Flow before a timeout occurs. Default: 30 |
Snowflake Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Snowflake connection profile parameters.
This connection profile uses token-based authentication. To authenticate using an Identity Provider (IdP), see Snowflake IdP Connection Profile Parameters.
Parameter |
Description |
---|---|
Account Identifier |
Defines the Snowflake account identifier. To obtain this string, execute the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties. OAUTH_AUTHORIZATION_ENDPOINT has the following value: https://abc123.us-east-1.snowflakecomputing.com/oauth/authorize abc123 is the account identifier. For more information about obtaining values for the parameters required by the connection profile, see Setting Up a Snowflake API Connection. |
Region |
Determines the region where the Snowflake jobs are located. us-east-1 |
Client ID |
Defines the client ID assigned to the account in the Snowflake integration setup. |
Client Secret |
Defines the client secret assigned to the account in the Snowflake integration setup. |
Refresh Token |
Defines the value for the refresh token. Rule: This string must be URL-encoded. |
Redirect URI |
Defines the redirect URI assigned to the account in the Snowflake integration setup. Rule: This string must be URL-encoded. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Snowflake IdP Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Snowflake Identity Provider (IdP) connection profile parameters.
This connection profile authenticates using an Identity Provider (IdP). To use token-based authentication, see Snowflake IdP Connection Profile Parameters.
Parameter |
Description |
---|---|
Account Identifier |
Determines the Snowflake IdP account identifier. To obtain this string, run the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties. EXTERNAL_OAUTH_AUDIENCE_LIST has the following value: https://abc123.us-east-1.snowflakecomputing.com abc123 is the account identifier. For information about the values for the parameters required by the connection profile, see the IdP-specific External OAuth configuration instructions in the Snowflake documentation. |
Region |
Determines the region where the Snowflake jobs are located. us-east-1 |
Client ID |
Defines the client ID assigned to the account in the Snowflake integration setup. |
Client Secret |
Defines the client secret assigned to the account in the Snowflake integration setup. |
IDP URL |
Defines the authentication endpoint for Snowflake IdP. |
Scope |
Defines the scope, which limits the operations you can do and the roles you can use in the Snowflake IdP plug-in. Define the scope as follows: session:role:<custom_role> session:role:sysadmin |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |