Data Processing and Analytics Connection Profiles

Defines the AWS Athena API authentication endpoint.

Determines the region where the AWS Athena jobs are located.

Determines one of the following authentication methods:

• AWS Key: Used for services outside the AWS infrastructure.

• AWS IAM Role: Used for services within the AWS infrastructure.

Defines the AWS Athena account access key.

Defines the AWS Athena account secret access key.

Defines the Identity and Access Management (IAM) role for the AWS Athena connection.

Defines the AWS Data Pipeline API authentication endpoint.

For more information about regional endpoints available for the AWS Data Pipeline service, refer to the AWS documentation.

Determines the region where the AWS Data Pipeline jobs are located.

Determines one of the following authentication methods:

• AWS Key & Secret: Used for services outside the AWS infrastructure.

• AWS IAM Role: Used for services within the AWS infrastructure.

Defines the AWS Data Pipeline account access key.

Defines the AWS Data Pipeline account secret access key.

Defines the Identity and Access Management (IAM) role for the AWS Data Pipeline connection.

Determines the region where the AWS EMR jobs are located.

Defines the token for the connection to AWS.

Defines the Tenant ID in Azure AD.

Defines the application (service principal) ID of the registered application.

The service principal must meet the following requirements:

• The service principal must be an Azure Databricks workspace user and an admin. In the Databricks Admin Console, it must appear under users and also under admins.

• The service principal must be associated with a Contributor or Owner role.

Defines the secret (password) associated with the Azure user and the application.

Defines the URL for login to Azure:

https://login.microsoftonline.com

Do not change the default value unless you are required to by your Azure Administrator.

Defines the URL of your Databricks workspace.

Defines the resource parameter for the Azure Databricks login application:

2ff814a6-3304-4ab8-85cb-cd0e6f879c1d

Do not change the default value unless you are required to by your Azure Administrator.

Defines the name of the HDInsight cluster.

Defines the name of the Administrator to use to connect to Azure HDInsight.

Determines one of the following identity types to connect to Azure Synapse Analytics:

• Managed Identity: Enables you to access other Azure AD-protected resources. The identity is managed by the Azure platform and does not require you to provide credentials within Control-M. Use this option if the Agent is installed on an Azure virtual machine that has an assigned Managed Identity with the required permissions.

  Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.

• Service Principal: An Azure service principal, also known as App Registration, is an identity created for use with applications, hosted services, and automated tools to access Azure resources. This access is restricted by the roles assigned to the service principal, which gives the Azure Administrator control over which resources can be accessed and at which level. Use this option if the Agent is installed on-premises or any other cloud vendor.

To prepare for authentication using each of these methods:

• Grant your Managed Identity or Service Principal access to your Synapse workspace through the Synapse Studio (Manage > Access Control).

• Assign a Contributor role to the Synapse workspace accessed by the Managed Identity or service principal.

(Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter.

Select this checkbox if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine.

(Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you selected the Specify Managed Identity Client ID checkbox.

If you have only one Managed Identity, it is detected automatically.

(Service Principal) Defines the Azure AD authentication endpoint base URL.

(Service Principal) Defines the Tenant ID in Azure AD.

Defines the application (service principal) ID of the registered application for the Azure Synapse service.

(Service Principal) Defines the secret (password) associated with the Azure user and the application.

Defines the workspace development endpoint.

Defines the resource parameter that serves as the identifier for Azure Synapse login via Azure AD:

Defines the URL of your Databricks workspace.

Defines the DBT API authentication endpoint.

Default: https://cloud.getdbt.com

Defines the authentication code that is used to create a connection to the DBT platform.

This is located in the API Access section in the DBT Cloud platform.

Defines the unique ID that is assigned to your DBT Cloud account.

This is located in the Account Info section in the DBT Cloud platform.

Determines one of the following authentication types using GCP Access Control:

• Service Account: Authenticates using an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Defines the Google Cloud Platform (GCP) authentication endpoint for BigQuery.

Determines one of the following authentication types using GCP Access Control:

• Service Account: Authenticates using an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials. This is only available on GCP virtual machines.

Defines the Google Cloud Platform (GCP) authentication endpoint for Dataflow.

Determines one of the following authentication types using GCP Access Control:

• Service Account: Authenticates using an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials. This is only available on GCP virtual machines.

Defines the Google Cloud Platform (GCP) authentication endpoint for Dataproc.

(Service Account) Defines a JSON body that contains the required service account credentials to access GCP.

{
   "type": "service_account",
   "project_id": "project-id",
   "private_key_id": "key-id",
   "private_key": "-----BEGIN PRIVATE KEY-----\nprivate-key\n-----END PRIVATE KEY-----\n",
   "client_email": "service-account-email",
   "client_id": "client-id",
   "auth_uri": "https://accounts.google.com/o/oauth2/auth",
   "token_uri": "https://accounts.google.com/o/oauth2/token",
   "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
   "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/service-account-email"
}

Defines the Snowflake account identifier.

To obtain this string, execute the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties.

For more information about obtaining values for the parameters required by the connection profile, see Setting Up a Snowflake API Connection.

Determines the region where the Snowflake jobs are located.

Defines the client ID assigned to the account in the Snowflake integration setup.

Defines the client secret assigned to the account in the Snowflake integration setup.

Defines the value for the refresh token.

Rule: This string must be URL-encoded.

Determines the Snowflake IdP account identifier.

To obtain this string, run the Describe Security Integration command in Snowflake and copy the initial string from one of the authorization properties.

For information about the values for the parameters required by the connection profile, see the IdP-specific External OAuth configuration instructions in the Snowflake documentation.

Determines the region where the Snowflake jobs are located.

Defines the client ID assigned to the account in the Snowflake integration setup.

Defines the client secret assigned to the account in the Snowflake integration setup.

Defines the authentication endpoint for Snowflake IdP.