Infrastructure as Code Connection Profiles
The following topics describe connection profiles for infrastructure as code platforms and services:
ConnectionProfile:AWS CloudFormation
AWS CloudFormation enables you to create, configure, test, and manage your AWS infrastructure, which is a collection of AWS services and resources.
The following examples show how to define an AWS CloudFormation connection profile.
-
This JSON creates a connection profile that authenticates with an AWS access key and secret:
Copy"CLOUDFORMATION":
{
"Type": "ConnectionProfile:AWS CloudFormation",
"CloudFormation URL": "https://cloudformation.us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "Secret",
"AWS Access key": "AXHARY7B2LKRSSG124769",
"AWS Secret": "*****",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
} -
This JSON creates a connection profile that authenticates with an AWS IAM role from inside an EC2 instance:
Copy"AWS_CLOUDFORMATION_IAM":
{
"Type": "ConnectionProfile:AWS CloudFormation",
"CloudFormation URL": "https://cloudformation. us-east-1.amazonaws.com",
"AWS Region": "us-east-1",
"Authentication": "NoSecret",
"IAM Role": "<IAM Role Name>",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
The following table describes the AWS CloudFormation connection profile parameters.
Parameter |
Description |
---|---|
CloudFormation URL |
Defines the AWS CloudFormation API authentication endpoint, based on the following format: https://cloudformation.<AWSRegion>.amazonaws.com For more information about regional endpoints available for the AWS CloudFormation service, refer to the AWS documentation. |
AWS Region |
Determines the region where the AWS CloudFormation jobs are located. |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the AWS CloudFormation account access key. |
AWS Secret |
Defines the AWS CloudFormation account secret access key. You can use Secrets in Code to hide this value in the code. |
IAM Role |
Defines the Identity and Access Management (IAM) role for the AWS CloudFormation connection. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS CloudFormation before a timeout occurs. Default: 30 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true. |
ConnectionProfile:Azure Resource Manager
Azure Resource Manager enables you to create, configure, test, and manage your Azure resources infrastructure.
The following examples show how to define an Azure Resource Manager connection profile:
-
This JSON creates a connection profile that authenticates with an Azure service principal.
Copy"AZURE_RESOURCE_MANAGER":
{
"Type": "ConnectionProfile:Azure Resource Manager",
"Azure Base URL": "https://management.azure.com",
"Subscription ID": "e76056e0-89de-4da3-u02e-61293103154sdvs",
"Authentication Method": "service",
"Azure Login URL": "https://login.microsoftonline.com",
"Tenant ID": "52b396c5-5839-20a6-8pd9-c1fwd32314vb",
"App ID": "8f477ya3-1a1f-4877-ma80-f35bb127145123sd",
"Client Secret": "*****",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
} -
This JSON creates a connection profile that authenticates with a managed identity.
Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure.
Copy"AZURE_RESOURCE_MANAGER_MANAGED_IDENTITY":
{
"Type": "ConnectionProfile:Azure Resource Manager",
"Azure Base URL": "https://management.azure.com",
"Subscription ID": "e76056e0-89de-4da3-u02e-61293103154sdvs",
"Authentication Method": "identity",
"Specify Managed Identity Client ID": "&client_id=",
"Managed Identity Client ID": "8f477fb5-1a1f-4827-ba80-f39be561f3b8",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
The following table describes the Azure Resource Manager connection profile parameters.
Parameter |
Description |
---|---|
Azure Base URL |
Defines the Azure Resource Manager authentication endpoint base URL. Default: https://management.azure.com |
Subscription ID |
Defines the registered subscription ID for the Azure Resource Manager service. You can retrieve the subscription ID from the Subscription menu in the Azure portal. |
Authentication Method |
Determines one of the following authentication types:
|
Azure Login URL |
(Service Principal) Defines the Azure Active Directory authentication endpoint URL. Default: https://login.microsoftonline.com |
Tenant ID |
(Service Principal) Defines the Azure tenant ID, which represents your organization. |
App ID |
(Service Principal) Defines the Azure AD application ID for Resource Manager. The Service Principal must be an Azure Resource Manager workspace user with a Contributor or Owner role. |
Client Secret |
(Service Principal) Defines the password associated with the Azure user and the Azure AD application ID. You can use Secrets in Code to hide this value in the code. |
Specify Managed Identity Client ID |
(Managed Identity) Determines whether the client ID for your Managed Identity is specified by the Managed Identity Client ID parameter. Include this parameter only if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. Set its value to &client_id=. |
Managed Identity Client ID |
(Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you included the Specify Managed Identity Client ID parameter. If you have only one Managed Identity, it is detected automatically. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Azure Resource Manager before a timeout occurs. Default: 20 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true. |
ConnectionProfile:GCP Deployment Manager
GCP Deployment Manager enables you to create, configure, test, and manage your GCP resources infrastructure.
The following example shows how to define a GCP Deployment Manager connection profile.
This JSON creates a connection profile that authenticates with a service account:
"DEPLOY_MANAGEMENT":
{
"Type": "ConnectionProfile:GCP Deployment Manager",
"Identity Type": "service_account",
"Deployment Manager URL": "https://www.googleapis.com/deploymentmanager/v2/projects/",
"Service Account Key": "*****",
"Connection Timeout": "30",
"Description": "",
"Centralized": true
}
The following table describes the GCP Deployment Manager connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
Deployment Manager URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Deployment Manager. Default: https://www.googleapis.com/deploymentmanager/v2/projects/ |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. You can use Secrets in Code to hide this value in the code. |
Connection timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to GCP Cloud Deployment Manager before a timeout occurs. Default: 20 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true. |
ConnectionProfile:Terraform
Terraform is an open-source Infrastructure as Code (IaC) tool that enables you to create, configure, test, and manage your infrastructure on multiple platforms in a declarative way, using configuration files that describe the desired state of your infrastructure.
The following example shows how to define a Terraform connection profile:
"TERRAFORM":
{
"Type": "ConnectionProfile:Terraform",
"Terraform Org Name": "Organization Name",
"Token": "*****",
"Connection Timeout": "20",
"Description": "",
"Centralized": true
}
The following table describes the Terraform connection profile parameters.
Parameter |
Description |
---|---|
Terraform Org Name |
Defines the organization name where the Terraform workspace is located. |
Token |
Defines a Terraform token for authentication of connections to the Terraform workspace. You can use Secrets in Code to hide this value in the code. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Terraform before a timeout occurs. Default: 20 |
Centralized |
Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true. |