Infrastructure as Code Jobs

The following topics describe job types for infrastructure as code platforms and services:

Job:AWS CloudFormation
Job:Azure Resource Manager
Job:GCP Deployment Manager
Job:Terraform

Job:AWS CloudFormation

AWS CloudFormation enables you to create, configure, test, and manage your AWS infrastructure, which is a collection of AWS services and resources.

To deploy and run an AWS CloudFormation job, ensure that you have done the following:

Configured the Control-M Application Integrator plug-in, as described in Application Integrator Configuration.
Installed the AWS CloudFormation plug-in with the provision image command (Control-M/EM 9.0.21 or higher) or the deploy jobtype command (Control-M/EM 9.0.20.200 or lower).

The following example shows how to define an AWS CloudFormation job:

Copy

"AWS CloudFormation_Job": 
{
   "Type": "Job:AWS CloudFormation",
   "ConnectionProfile": "CLOUDFORMATION",
   "Action": "Update Stack",
   "Stack Name": "Demo",
   "Stack Parameters": "Template URL",
   "Template URL": "https://ayatest.s3.amazonaws.com/dynamodbDemo.yml",
   "Template Body": "",
   "Role ARN": "arn:aws:iam::12343567890:role/AWS-QuickSetup-StackSet-Local-AdministrationRole",
   "Capabilities Type": "Capability Named IAM",
   "Enable Termination Protection": "unchecked",
   "On Failure": "Delete",
   "Status Polling Frequency": "15",
   "Failure Tolerance": "2"
}

The following table describes the AWS CloudFormation job parameters.

Parameter	Description
ConnectionProfile	Defines the ConnectionProfile:AWS CloudFormation name that connects Control-M to AWS CloudFormation.
Action	Determines one of the following CloudFormation actions to perform: Create Stack: Creates a stack, which is a collection of AWS resources, such as a web server or database. Update Stack: Updates a stack. Delete Stack: Deletes a stack.
Stack Name	Defines a unique stack name. A stack is a collection of AWS resources, such as a web server or database.
Stack Parameters	Determines one of the following templates to create or update: Template URL: Enables you to define the URL for a preexisting template. Template Body: Enables you to define the template in the job, in JSON or YAML format. A template defines the properties of your AWS infrastructure.
Template URL	Defines the URL for a preexisting template. Rules: File Type: JSON- or YAML-formatted text files. File Size: 450KB File Location: JSON or YAML Files: Amazon S3 bucket. AWS Systems Manager: You must use the AWS Systems Manager to create a URL that points to the file location. YAML-Formatted Text File: https://abc-datapipeline-exp.s3.amazonaws.com/dynamodbDemo.yml AWS System Manager File: https://us-east-2.console.aws.amazon.com/systems-manager/documents/AWSQuickSetup-UpdateExistingInstanceProfile-v02zp/details?region=us-east-2
Template Body	Defines the template in JSON or YAML format. YAML: Copy AWSTemplateFormatVersion: 2010-09-09 Resources: OrdersTable: Type: AWS::DynamoDB::Table Properties: TableName: AuthorsTable_prod_Tt AttributeDefinitions: - AttributeName: "AuthorName" AttributeType: "S" - AttributeName: "BookTitle" AttributeType: "S" KeySchema: - AttributeName: "AuthorName" KeyType: "HASH" - AttributeName: "BookTitle" KeyType: "RANGE" TimeToLiveSpecification: AttributeName: "ExpirationTime" Enabled: true ProvisionedThroughput: ReadCapacityUnits: "10" WriteCapacityUnits: "5" DependsOn: - DynamoDBQueryPolicy DynamoDBQueryPolicy: Type: "AWS::IAM::Policy" Properties: PolicyName: DynamoDBQueryPolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: "dynamodb:Query" Resource: "*" Roles: - Ref: "OrdersTableQueryRole" OrdersTableQueryRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "dynamodb.amazonaws.com" Action: - "sts:AssumeRole" Path: "/"
Role ARN	Defines the Amazon Resource Name (ARN) of the AWS IAM Role that CloudFormation runs as to create or update a stack. An ARN is a standardized AWS resource address. The AWS IAM role must be granted read and write privileges to create or update any of the AWS resources that are in the stack. arn:aws:iam::12345678910:role/AWS-QuickSetup-StackSet-Local-AdministrationRole
Capabilities Type	Defines the capabilities of your template and stack. Valid Values: Capability IAM Capability Named IAM Capability Auto-Expand Default: Capability IAM.
Enable Termination Protection	Determines whether to prevent deletion of this stack by other users. Valid Values: checked unchecked Default: unchecked
On Failure	Determines one of the following actions to take when the job ends Not OK: Do Nothing: Leaves the created or updated stack as is. Roll Back: Reverts to the previous stack. Delete: Deletes the created or updated stack. Default: Do Nothing.
Status Polling Frequency	Determines the number of seconds to wait before Control-M checks the status of the job. Default: 15
Failure Tolerance	Determines the number of times to check the job status before the job ends Not OK. Default: 2

Job:Azure Resource Manager

Azure Resource Manager enables you to create, configure, test, and manage your Azure resources infrastructure.

To deploy and run an Azure Resource Manager job, ensure that you have done the following:

Configured the Control-M Application Integrator plug-in, as described in Application Integrator Configuration.
Installed the Azure Resource Manager plug-in with the provision image command (Control-M/EM 9.0.21 or higher) or the deploy jobtype command (Control-M/EM 9.0.20.200 or lower).

The following example shows how to define an Azure Resource Manager job:

Copy

"Azure Resource Manager_Job_2": 
{
   "Type": "Job:Azure Resource Manager",
   "ConnectionProfile": "AZURE_RESOURCE_MANAGER",
   "Action": "Create Deployment",
   "Resource Group Name": "my_Resource_Group",
   "Deployment Name": "Demo",
   "Deployment Properties": "
   {
      "properties": 
      {
         "templateLink": 
         {
            "uri": "https://123.blob.core.windows.net/test123/123.json?sp=r&st=2023-05-23T08:39:09Z&se=2023-06-10T16:39:09Z&sv=2022-11-02&sr=b&sig=RqrATxi4Sic2UwQKFu%2FlwaQS7fg5uPZyJCQiWX2D%2FCc%3D",
              "queryString": "sp=r&st=2023-05-23T08:39:09Z&se=2023-06-10T16:39:09Z&sv=2022-11-02&sr=b&sig=RqrATxi4Sic2UwQKFu%2FlwaQS7fg5uPZyJCQiWX2D%1234"
         },
         "parameters": {},
         "mode": "Incremental"
      }
   }",
   "Failure Tolerance": "2",
   "Status Polling Frequency": "15"
}

The following table describes the Azure Resource Manager job parameters.

Parameter	Description
Connection Profile	Defines the ConnectionProfile:Azure Resource Manager name that connects Control-M to Azure Resource Manager.
Resource Group Name	Defines a unique resource group name. A resource group is a collection of Azure resources, such as a virtual machine or database, that share the same permissions.
Action	Determines one of the following actions to perform: Create Deployment: Adds resources to a resource group. Update Deployment: Updates resources in a resource group.
Deployment Name	Defines the deployment name.
Deployment Properties	Defines an API request, in JSON format, that enables you to add or update resources in a resource group. Copy { "properties": { "templateLink": { "uri": "https://test1.blob.core.windows.net/test123/Template_update.json?sp=r&st=2023-08-07T16:13:22Z&se =2023-12-03T01:13:22Z&sv=2022-11-02&sr=b&sig=mfFPtXBwmiW4MNH58ZTTJA%2FsAi1gjgKGuwxTlkTquGM%3D", "queryString": "sp=r&st=2023-08-07T16:13:22Z&se=2023-12-03T01:13:22Z&sv=2022-11-02&sr=b&sig= mfFPtXBwmiW4MNH58ZTTJA%2FsAi1gjgKGuwxTlkTquGM%3D" }, "parameters": {}, "mode": "Incremental" } }
Failure Tolerance	Determines the number of times to check the job status before the job ends Not OK. Default: 2
Status Polling Frequency	Determines the number of seconds to wait before Control-M checks the status of the job. Default: 15

Job:GCP Deployment Manager

GCP Deployment Manager enables you to create, configure, test, and manage your GCP resources infrastructure.

To deploy and run a GCP Deployment Manager job, ensure that you have done the following:

Configured the Control-M Application Integrator plug-in, as described in Application Integrator Configuration.
Installed the GCP Deployment Manager plug-in with the provision image command (Control-M/EM 9.0.21 or higher) or the deploy jobtype command (Control-M/EM 9.0.20.200 or lower).

The following example shows how to define a GCP Deployment Manager job:

Copy

"GCP Deployment Manager_job": 
{
   "Type": "Job:GCP Deployment Manager",
   "ConnectionProfile": "DEPLOY_MANAGEMENT",
   "Project ID": "applied-lattice-333111",
   "Action": "Create Deployment",
   "Deployment Name": "demo_deployment",
   "Yaml Config Content": "
   {
      resources: [{type: compute.v1.instance, name: quickstart-deployment-vm, properties: {zone: us-central1-f, machineType: 'https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/zones/us-central1-f/machineTypes/e2-micro', disks: [{deviceName: boot, type: PERSISTENT, boot: true, autoDelete: true, initializeParams: {sourceImage: 'https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-11'}}], networkInterfaces: [{network: 'https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/global/networks/default', accessConfigs: [{name: External NAT, type: ONE_TO_ONE_NAT}]}]}}]
   }",
   "Failure Tolerance": "2",
   "Status Polling Frequency": "10"
}

The following table describes the GCP Deployment Manager job parameters.

Parameter	Description
Connection Profile	Defines the ConnectionProfile:GCP Deployment Manager name that connects Control-M to GCP Deployment Manager.
Project ID	Defines a unique GCP project ID for this job.
Action	Determines one of the following actions to perform: Create Deployment: Creates a deployment. Update Deployment: Updates a deployment. Delete Deployment: Deletes a deployment. A deployment is a collection of API resources, such as a Google Compute Engine or GCP Cloud SQL instance.
Deployment Name	Defines a unique deployment name.
YAML Config Content	Defines a configuration, in YAML format, which enables you to add or update resources in a deployment. You must use the YAML Minifier Tool to remove all unnecessary characters from your configuration code. Copy resources: - type: compute.v1.instance name: quickstart-deployment-vm properties: zone: us-central1-f machineType: https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/zones/us-central1-f/ machineTypes/f1-micro disks: - deviceName: boot type: PERSISTENT boot: true autoDelete: true initializeParams: sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-11 networkInterfaces: - network: https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/global/networks/default accessConfigs: - name: External NAT type: ONE_TO_ONE_NAT - type: bigquery.v2.dataset name: big-query-dataset properties: datasetReference: datasetId:example_id
Status Polling Frequency	Determines the number of seconds to wait before Control-M checks the status of the job. Default: 10
Tolerance	Determines the number of times to check the job status before the job ends Not OK. Default: 3

Job:Terraform

Terraform is an open-source Infrastructure as Code (IaC) tool that enables you to create, configure, test, and manage your infrastructure on multiple platforms in a declarative way, using configuration files that describe the desired state of your infrastructure.

To deploy and run a Terraform job, ensure that you have done the following:

Configured the Control-M Application Integrator plug-in, as described in Application Integrator Configuration.
Installed the Terraform plug-in with the provision image command (Control-M/EM 9.0.21 or higher) or the deploy jobtype command (Control-M/EM 9.0.20.200 or lower).

The following examples show how to define a Terraform job:

This JSON defines a job that executes a workspace in Terraform:

Copy

"Terraform_run_workspace": {
   "Type": "Job:Terraform",
   "ConnectionProfile": "TERRAFORM",
   "Action": "Run Workspace",
   "Workspace Name": "AWS-terraform",
   "Run Name": "demorun%%ORDERID",
   "Variables": "{\"key\": \"ec2_status\",\"value\": \"\\\"stopped\\\"\"},{\"key\": \"ec2_type\",\"value\": \"\\\"small\\\"\"}",
   "Status Polling Frequency": "20",
   "Failure Tolerance": "2" 
}

This JSON defines a job that creates a workspace in Terraform:

Copy

"Terraform_create_workspace": {
   "Type": "Job:Terraform",
   "ConnectionProfile": "TERRAFORM",
   "Action": "Create Workspace",
   "Workspace Params": "{%4E  \"data\": {%4E    \"attributes\": {%4E      \"name\": \"WorkspaceFromCM%%ORDERID\",%4E      \"terraform_version\": \"1.3.9\",%4E      \"working-directory\": \"/simple\",%4E      \"vcs-repo\": {%4E        \"identifier\": \"Reponame/repopoject\",%4E        \"oauth-token-id\": \"ot-RGGGGGGG\",%4E        \"branch\": \"main\",%4E        \"default-branch\": true%4E      }%4E    },%4E    \"type\": \"workspaces\",%4E    \"relationships\": {%4E      \"project\": {%4E        \"data\": {%4E          \"type\": \"projects\",%4E          \"id\": \"prj-AcihyPq2ZQQQQQ\"%4E        }%4E      }%4E    }%4E  }%4E}",
   "Status Polling Frequency": "20",
   "Failure Tolerance": "2" 
}

This JSON defines a job that creates a variable in a workspace in Terraform:

Copy

"Terraform_create_variable": {
   "Type": "Job:Terraform",
   "ConnectionProfile": "TERRAFORM",
   "Action": "Create Variable",
   "Workspace Name": "AWS-terraform",
   "Variable": "{%4E  \"data\": {%4E    \"type\":\"vars\",%4E    \"attributes\": {%4E      \"key\":\"keydemo\",%4E      \"value\":\"valdemo\",%4E      \"description\":\"testvar\",%4E      \"category\":\"terraform\",%4E      \"hcl\":false,%4E      \"sensitive\":false%4E    }%4E  }%4E}",
   "Status Polling Frequency": "20",
   "Failure Tolerance": "2" 
}

The following table describes the Terraform job parameters.

Parameter	Action	Description
Connection Profile	N/A	Defines the ConnectionProfile:Terraform name that connects Control-M to Terraform.
Action	N/A	Determines one of the following Terraform actions to perform: Create Workspace: Creates a new Terraform workspace. Run Workspace: Executes the Terraform workspace. Create Variable: Creates a variable in Terraform.
Workspace Params	Create Workspace	Defines the details of the workspace to create, in JSON format. Valid Values: 1–4,000 characters.
Workspace Name	Run Workspace Create Variable	Defines a name for the workspace where you want to perform the action.
Run Name	Run Workspace	Defines the name of the workspace run in Terraform.
Variables	Run Workspace	Defines the variables for this workspace run, in JSON format. For no parameters, type {}.
Variable	Create Variable	Defines the details of the variable in the Terraform workspace, in JSON format.
Status Polling Frequency	All Actions	(Optional) Determines the number of seconds to wait before checking the status of the job between intervals. Default: 20
Failure Tolerance	All Actions	Determines the number of times to check the job status before ending Not OK. Default: 2