Infrastructure as Code Jobs

The following topics describe job types for infrastructure as code platforms and services:

Job:AWS CloudFormation

AWS CloudFormation enables you to create, configure, test, and manage your AWS infrastructure, which is a collection of AWS services and resources.

To deploy and run an AWS CloudFormation job, ensure that you have installed the AWS  CloudFormation plug-in with the provision image command or the provision agent::update command.

The following example shows how to define an AWS CloudFormation job:

Copy
"AWS CloudFormation_Job"
{
   "Type": "Job:AWS CloudFormation",
   "ConnectionProfile": "CLOUDFORMATION",
   "Action": "Update Stack",
   "Stack Name": "Demo",
   "Stack Parameters": "Template URL",
   "Template URL": "https://ayatest.s3.amazonaws.com/dynamodbDemo.yml",
   "Template Body": "",
   "Role ARN": "arn:aws:iam::12343567890:role/AWS-QuickSetup-StackSet-Local-AdministrationRole",
   "Capabilities Type": "Capability Named IAM",
   "Enable Termination Protection": "unchecked",
   "On Failure": "Delete",
   "Status Polling Frequency": "15",
   "Failure Tolerance": "2"
}

The following table describes the AWS CloudFormation job parameters.

Parameter

Description

ConnectionProfile

Defines the ConnectionProfile:AWS CloudFormation name that connects Control-M to AWS CloudFormation.

Action

Determines one of the following CloudFormation actions to perform:

  • Create Stack: Creates a stack, which is a collection of AWS resources, such as a web server or database.

  • Update Stack: Updates a stack.

  • Delete Stack: Deletes a stack.

Stack Name

Defines a unique stack name.

A stack is a collection of AWS resources, such as a web server or database.

Stack Parameters

Determines one of the following templates to create or update:

  • Template URL: Enables you to define the URL for a preexisting template.

  • Template Body: Enables you to define the template in the job, in JSON or YAML format.

A template defines the properties of your AWS infrastructure.

Template URL

Defines the URL for a preexisting template.

Rules:

  • File Type: JSON- or YAML-formatted text files.

  • File Size: 450KB

  • File Location:

    • JSON or YAML Files: Amazon S3 bucket.

    • AWS Systems Manager: You must use the AWS Systems Manager to create a URL that points to the file location.

  • YAML-Formatted Text File: https://abc-datapipeline-exp.s3.amazonaws.com/dynamodbDemo.yml

  • AWS System Manager File: https://us-east-2.console.aws.amazon.com/systems-manager/documents/AWSQuickSetup-UpdateExistingInstanceProfile-v02zp/details?region=us-east-2

Template Body

Defines the template in JSON or YAML format.

YAML:

Copy
AWSTemplateFormatVersion: 2010-09-09
Resources:
   OrdersTable:
      Type: AWS::DynamoDB::Table
      Properties:
         TableName: AuthorsTable_prod_Tt
         AttributeDefinitions:
          - AttributeName: "AuthorName"
            AttributeType: "S"
          - AttributeName: "BookTitle"
            AttributeType: "S"
         KeySchema:
          - AttributeName: "AuthorName"
            KeyType: "HASH"
          - AttributeName: "BookTitle"
            KeyType: "RANGE"
         TimeToLiveSpecification:
            AttributeName: "ExpirationTime"
            Enabled: true
         ProvisionedThroughput:
            ReadCapacityUnits: "10"
            WriteCapacityUnits: "5"
      DependsOn:
       - DynamoDBQueryPolicy
   DynamoDBQueryPolicy:
      Type: "AWS::IAM::Policy"
      Properties:
         PolicyName: DynamoDBQueryPolicy
         PolicyDocument:
            Version: "2012-10-17"
            Statement:
            - Effect: "Allow"
              Action: "dynamodb:Query"
              Resource: "*"
         Roles:
          - Ref: "OrdersTableQueryRole"
   OrdersTableQueryRole:
      Type: "AWS::IAM::Role"
      Properties:
         AssumeRolePolicyDocument:
            Version: "2012-10-17"
            Statement:
             - Effect: "Allow"
               Principal:
                  Service:
                   - "dynamodb.amazonaws.com"
                  Action:
                   - "sts:AssumeRole"
         Path: "/"
         

Role ARN

Defines the Amazon Resource Name (ARN) of the AWS IAM Role that CloudFormation runs as to create or update a stack.

An ARN is a standardized AWS resource address.

The AWS IAM role must be granted read and write privileges to create or update any of the AWS resources that are in the stack.

arn:aws:iam::12345678910:role/AWS-QuickSetup-StackSet-Local-AdministrationRole

Capabilities Type

Defines the capabilities of your template and stack.

Valid Values:

  • Capability IAM

  • Capability Named IAM

  • Capability Auto-Expand

Default: Capability IAM.

Enable Termination Protection

Determines whether to prevent deletion of this stack by other users.

Valid Values:

  • checked

  • unchecked

Default: unchecked

On Failure

Determines one of the following actions to take when the job ends Not OK:

  • Do Nothing: Leaves the created or updated stack as is.

  • Roll Back: Reverts to the previous stack.

  • Delete: Deletes the created or updated stack.

Default: Do Nothing.

Status Polling Frequency

Determines the number of seconds to wait before Control-M checks the status of the job.

Default: 15

Failure Tolerance

Determines the number of times to check the job status before the job ends Not OK.

Default: 2

Job:Azure Resource Manager

Azure Resource Manager enables you to create, configure, test, and manage your Azure resources infrastructure.

To deploy and run an Azure Resource Manager job, ensure that you have installed the Azure Resource plug-in with the provision image command or the provision agent::update command.

The following example shows how to define an Azure Resource Manager job:

Copy
"Azure Resource Manager_Job_2"
{
   "Type": "Job:Azure Resource Manager",
   "ConnectionProfile": "AZURE_RESOURCE_MANAGER",
   "Action": "Create Deployment",
   "Resource Group Name": "my_Resource_Group",
   "Deployment Name": "Demo",
   "Deployment Properties": "
   {
      "properties"
      {
         "templateLink"
         {
            "uri": "https://123.blob.core.windows.net/test123/123.json?sp=r&st=2023-05-23T08:39:09Z&se=2023-06-10T16:39:09Z&sv=2022-11-02&sr=b&sig=RqrATxi4Sic2UwQKFu%2FlwaQS7fg5uPZyJCQiWX2D%2FCc%3D",
              "queryString": "sp=r&st=2023-05-23T08:39:09Z&se=2023-06-10T16:39:09Z&sv=2022-11-02&sr=b&sig=RqrATxi4Sic2UwQKFu%2FlwaQS7fg5uPZyJCQiWX2D%1234"
         },
         "parameters": {},
         "mode": "Incremental"
      }
   }",
   "Failure Tolerance": "2",
   "Status Polling Frequency": "15"
}

The following table describes the Azure Resource Manager job parameters.

Parameter

Description

Connection Profile

Defines the ConnectionProfile:Azure Resource Manager name that connects Control-M to Azure Resource Manager.

Resource Group Name

Defines a unique resource group name.

A resource group is a collection of Azure resources, such as a virtual machine or database, that share the same permissions.

Action

Determines one of the following actions to perform:

  • Create Deployment: Adds resources to a resource group.

  • Update Deployment: Updates resources in a resource group.

Deployment Name

Defines the deployment name.

Deployment Properties

Defines an API request, in JSON format, that enables you to add or update resources in a resource group.

Copy
{
   "properties"
   {
      "templateLink"
      {
         "uri": "https://test1.blob.core.windows.net/test123/Template_update.json?sp=r&st=2023-08-07T16:13:22Z&se
              =2023-12-03T01:13:22Z&sv=2022-11-02&sr=b&sig=mfFPtXBwmiW4MNH58ZTTJA%2FsAi1gjgKGuwxTlkTquGM%3D",
         "queryString": "sp=r&st=2023-08-07T16:13:22Z&se=2023-12-03T01:13:22Z&sv=2022-11-02&sr=b&sig=
                      mfFPtXBwmiW4MNH58ZTTJA%2FsAi1gjgKGuwxTlkTquGM%3D"
      },
      "parameters": {},
      "mode": "Incremental"
   }
}

Failure Tolerance

Determines the number of times to check the job status before the job ends Not OK.

Default: 2

Status Polling Frequency

Determines the number of seconds to wait before Control-M checks the status of the job.

Default: 15

Job:GCP Deployment Manager

GCP Deployment Manager enables you to create, configure, test, and manage your GCP resources infrastructure.

To deploy and run a GCP Deployment Manager job, ensure that you have installed the GCP Deployment Manager plug-in with the provision image command or the provision agent::update command.

The following example shows how to define a GCP Deployment Manager job:

Copy
"GCP Deployment Manager_job"
{
   "Type": "Job:GCP Deployment Manager",
   "ConnectionProfile": "DEPLOY_MANAGEMENT",
   "Project ID": "applied-lattice-333111",
   "Action": "Create Deployment",
   "Deployment Name": "demo_deployment",
   "Yaml Config Content": "
   {
      resources: [{type: compute.v1.instance, name: quickstart-deployment-vm, properties: {zone: us-central1-f, machineType: 'https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/zones/us-central1-f/machineTypes/e2-micro', disks: [{deviceName: boot, type: PERSISTENT, boot: true, autoDelete: true, initializeParams: {sourceImage: 'https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-11'}}], networkInterfaces: [{network: 'https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/global/networks/default', accessConfigs: [{name: External NAT, type: ONE_TO_ONE_NAT}]}]}}]
   }",
   "Failure Tolerance": "2",
   "Status Polling Frequency": "10"
}

The following table describes the GCP Deployment Manager job parameters.

Parameter

Description

Connection Profile

Defines the ConnectionProfile:GCP Deployment Manager name that connects Control-M to GCP Deployment Manager.

Project ID

Defines a unique GCP project ID for this job.

Action

Determines one of the following actions to perform:

  • Create Deployment: Creates a deployment.

  • Update Deployment: Updates a deployment.

  • Delete Deployment: Deletes a deployment.

A deployment is a collection of API resources, such as a Google Compute Engine or GCP Cloud SQL instance.

Deployment Name

Defines a unique deployment name.

YAML Config Content

Defines a configuration, in YAML format, which enables you to add or update resources in a deployment.

You must use the YAML Minifier Tool to remove all unnecessary characters from your configuration code.

Copy
resources:
-  type: compute.v1.instance
   name: quickstart-deployment-vm
   properties:
      zone: us-central1-f
      machineType: https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/zones/us-central1-f/
                 machineTypes/f1-micro
   disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-11
   networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/global/networks/default
      accessConfigs:
      -  name: External NAT
         type: ONE_TO_ONE_NAT
- type: bigquery.v2.dataset
   name: big-query-dataset
   properties:
      datasetReference:
      datasetId:example_id

Status Polling Frequency

Determines the number of seconds to wait before Control-M checks the status of the job.

Default: 10

Tolerance

Determines the number of times to check the job status before the job ends Not OK.

Default: 3

Job:Terraform

Terraform is an open-source Infrastructure as Code (IaC) tool that enables you to create, configure, test, and manage your infrastructure on multiple platforms in a declarative way, using configuration files that describe the desired state of your infrastructure.

To deploy and run a Terraform job, ensure that you have installed the AWS Batch plug-in with the provision image command or the provision agent::update command.

The following examples show how to define a Terraform job:

  • This JSON defines a job that executes a workspace in Terraform:

    Copy
    "Terraform_run_workspace": {
       "Type": "Job:Terraform",
       "ConnectionProfile": "TERRAFORM",
       "Action": "Run Workspace",
       "Workspace Name": "AWS-terraform",
       "Run Name": "demorun%%ORDERID",
       "Variables": "{\"key\": \"ec2_status\",\"value\": \"\\\"stopped\\\"\"},{\"key\": \"ec2_type\",\"value\": \"\\\"small\\\"\"}",
       "Status Polling Frequency": "20",
       "Failure Tolerance": "2" 
    }
  • This JSON defines a job that creates a workspace in Terraform:

    Copy
    "Terraform_create_workspace": {
       "Type": "Job:Terraform",
       "ConnectionProfile": "TERRAFORM",
       "Action": "Create Workspace",
       "Workspace Params": "{%4E  \"data\": {%4E    \"attributes\": {%4E      \"name\": \"WorkspaceFromCM%%ORDERID\",%4E      \"terraform_version\": \"1.3.9\",%4E      \"working-directory\": \"/simple\",%4E      \"vcs-repo\": {%4E        \"identifier\": \"Reponame/repopoject\",%4E        \"oauth-token-id\": \"ot-RGGGGGGG\",%4E        \"branch\": \"main\",%4E        \"default-branch\": true%4E      }%4E    },%4E    \"type\": \"workspaces\",%4E    \"relationships\": {%4E      \"project\": {%4E        \"data\": {%4E          \"type\": \"projects\",%4E          \"id\": \"prj-AcihyPq2ZQQQQQ\"%4E        }%4E      }%4E    }%4E  }%4E}",
       "Status Polling Frequency": "20",
       "Failure Tolerance": "2" 
    }
  • This JSON defines a job that creates a variable in a workspace in Terraform:

    Copy
    "Terraform_create_variable": {
       "Type": "Job:Terraform",
       "ConnectionProfile": "TERRAFORM",
       "Action": "Create Variable",
       "Workspace Name": "AWS-terraform",
       "Variable": "{%4E  \"data\": {%4E    \"type\":\"vars\",%4E    \"attributes\": {%4E      \"key\":\"keydemo\",%4E      \"value\":\"valdemo\",%4E      \"description\":\"testvar\",%4E      \"category\":\"terraform\",%4E      \"hcl\":false,%4E      \"sensitive\":false%4E    }%4E  }%4E}",
       "Status Polling Frequency": "20",
       "Failure Tolerance": "2" 
    }

The following table describes the Terraform job parameters.

Parameter

Action

Description

Connection Profile

N/A

Defines the ConnectionProfile:Terraform name that connects Control-M to Terraform.

Action

N/A

Determines one of the following Terraform actions to perform:

  • Create Workspace: Creates a new Terraform workspace.

  • Run Workspace: Executes the Terraform workspace.

  • Create Variable: Creates a variable in Terraform.

Workspace Params

Create Workspace

Defines the details of the workspace to create, in JSON format.

Valid Values: 1–4,000 characters.

Workspace Name

  • Run Workspace

  • Create Variable

Defines a name for the workspace where you want to perform the action.

Run Name

Run Workspace

Defines the name of the workspace run in Terraform.

Parameters

Run Workspace

Defines the parameters for this workspace run, in JSON format.

For no parameters, type {}.

Variable

Create Variable

Defines the details of the variable in the Terraform workspace, in JSON format.

Status Polling Frequency

All Actions

(Optional) Determines the number of seconds to wait before checking the status of the job between intervals.

Default: 20

Failure Tolerance

All Actions

Determines the number of times to check the job status before ending Not OK.

Default: 2