Messaging and Queuing Connection Profiles

The following topics describe connection profiles for data processing and analytics platforms and services:

ConnectionProfile:AWS SNS

AWS SNS (Simple Notification Service) is a cloud-based SNS that follows a Pub/Sub model and enables you to send notifications across various platforms and devices.

For more information about this plug-in, see Control-M for AWS SNS.

  • The following example shows how to define an AWS SNS connection profile that authenticates with AWS Key & Secret:

    Copy
    "AWS SNS"
    {
       "Type": "ConnectionProfile:AWS SNS",
       "AWS SNS URL": "https://sns.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication Method": "Secret",
       "AWS Access Key": "<Access Key>",
       "AWS Secret": "*****",
       "Connection Timeout": "30",
       "Description": "",
       "Centralized": true
    }
  • The following example shows how to define an AWS SNS connection profile that authenticates with IAM Role:

    Copy
    "AWS SNS"
    {
       "Type": "ConnectionProfile:AWS SNS",
       "AWS SNS URL": "https://sns.us-east-1.amazonaws.com",
       "AWS Region": "us-east-1",
       "Authentication Method": "IAM",
       "AWS IAM Role": "<IAM Role>",
       "Connection Timeout": "30",
       "Description": "",
       "Centralized": true
    }

The following table describes AWS SNS connection profile parameters.

Parameter

Description

AWS SNS URL

Defines the AWS SNS authentication endpoint.

https://sns.us-east-1.amazonaws.com

AWS Region

Determines the region where the AWS SNS jobs are located.

us-east-1

Authentication

Determines one of the following authentication methods:

  • Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.

  • IAM: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

AWS Access Key

Defines the access key assigned to the account in the AWS SNS setup.

AWS Secret

Defines the secret access key assigned to the account in the AWS SNS setup.You can use Secrets in Code to hide this value in the code.

AWS IAM Role

Defines the IAM role username on an EC2 instance with the required policies, and is used to acquire a temporary security token.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS SNS before a timeout occurs.

Default: 30

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:AWS SQS

AWS Simple Queue Service (SQS) is a message queuing service that enables you to exchange messages between components without losing messages.

For more information, see Control-M for AWS SQS.

The following example shows how to define an AWS SQS connection profile that authenticates with AWS Key & Secret:

Copy
"AWS SQS":
{
   "Type": "ConnectionProfile:AWS SQS",
   "AWS SQS URL": "https://sqs.us-east-1.amazonaws.com",
   "AWS Region": "us-east-1",
   "Authentication Method": "Secret",
   "AWS Access Key": "<Access Key>",
   "AWS Secret": "*****",
   "Connection Timeout": "30",
   "Description": "",
   "Centralized": true
}

The following example shows how to define an AWS SQS connection profile that authenticates with IAM Role:

Copy
"AWS SQS":
{
   "Type": "ConnectionProfile:AWS SQS",
   "AWS SQS URL": "https://sqs.us-east-1.amazonaws.com",
   "AWS Region": "us-east-1",
   "Authentication Method": "IAM",
   "AWS IAM Role": "<IAM Role>",
   "Connection Timeout": "30",
   "Description": "",
   "Centralized": true
}

The following table describes AWS SQS connection profile parameters.

Parameter

Description

AWS SQS URL

Defines the AWS SQS authentication endpoint.

https://sqs.us-east-1.amazonaws.com

AWS Region

Determines the region where the AWS SQS jobs are located.

us-east-1

Authentication

Determines one of the following authentication methods:

  • Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.
  • IAM: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

AWS Access Key

Defines the access key assigned to the account in the AWS SQS setup.

AWS Secret

Defines the secret access key assigned to the account in the AWS SQS setup.You can use Secrets in Code to hide this value in the code.

AWS IAM Role

Defines the IAM role username on an EC2 instance with the required policies, and is used to acquire a temporary security token.

Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to AWS SQS before a timeout occurs.

Default: 30

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:Azure Service Bus

Azure Service Bus is an enterprise message broker that supports point-to-point message queues and one-to-many publish/subscribe messaging.

For more information about this plugin, see Control-M for Azure Service Bus.

The following example shows how to define an Azure Service Bus connection profile that uses the Service Principal authentication method:

"SB": {
   "Type": "ConnectionProfile:Azure Service Bus",   
   "Azure Login url": "https://login.microsoftonline.com"
   "Identity Type": "PRINCIPAL",
   "Tenant ID": "92dddc5-5839-40a6-8dd9-c1f6676769b",
   "Application ID": "cd044343-ac71-4ff7-8b73-0341112480aa2"
   "Resource Group": "ncu-if",
   "Subscription ID": "e7sdfdsf6e0-70de-4da8-b02e-6345435150b1f",
   "Client Secret": "*****",
   "Connection Timeout": "60",
   "Description": "",
   "Centralized": true
  }

The following example shows how to define an Azure Service Bus connection profile that uses the Managed Identity authentication method:

"ASB2": {
    "Type": "ConnectionProfile:Azure Service Bus",
    "Azure Login url": "https://login.microsoftonline.com",
    "Identity Type": "MANAGEDID",
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "id4356",
    "Connection Timeout": "60",
    "Description": "",
    "Centralized": true
  }

The following table describes the Azure Service Bus connection profile parameters.

Parameter

Authentication Method

Description

Azure Login URL

Service Principal

Managed Identity

Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint.

Default:https://login.microsoftonline.com

Subscription ID

Service Principal

Managed Identity

Defines the Azure account ID of your organization.

Identity Type

Service Principal

Managed Identity

Determines one of the following authentication methods:

  • Service Principal: Access protected Azure services and resources based on roles assigned to the Service Principal by the Azure administrator. The Service Principal is also known as an App Registration. Use this method if the Control-M/Agent is installed on-premises or with another (non-Azure) cloud vendor.

  • Managed Identity: Access protected Azure services and resources using a key created and managed by the Azure platform, without login credentials. Use this method if the Control-M/Agent is installed on an Azure virtual machine that has a Managed Identity with the required permissions.

Specify Managed Identity Client ID

Managed Identity

Determines whether the Managed Identity Client ID parameter contains the Managed Identity used for authentication.

Values

  • "&client_id=": The Managed Identity Client ID parameter contains the Managed Identity used for authentication. You must specify this value when your Azure virtual machine has multiple Managed Identities.

  • "": The Managed Identity Client ID parameter does not contain a Managed Identity value. The Managed Identity is automatically retrieved from the Azure virtual machine.

Managed Identity Client ID

Managed Identity

Defines the client ID of the Managed Identity that is used for access. If only one Managed Identity is defined on your Azure virtual machine, it is detected automatically, and you can leave this parameter empty.

Tenant ID

Service Principal

Defines the Azure tenant ID for your organization.

Resource Group

Service Principal

Managed Identity

Defines the Azure Resource Group container that holds related service resources.

Application ID

Service Principal

Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service.

Client Secret

Service Principal

Defines the password associated with the Service Principal/registered application.You can use Secrets in Code to hide this value in the code.

Connection Timeout

Service Principal

Managed Identity

Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs.

Default: 60

Centralized

 

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false

ConnectionProfile:RabbitMQ

RabbitMQ is a message broker for applications that require message delivery and routing capabilities.

For more information about this plug-in, see Control-M for RabbitMQ.

The following example shows how to define a RabbitMQ connection profile:

{
  "RMQ": {
    "Type": "ConnectionProfile: RabbitMQ",
    "Description": "",
    "RabbitMQ URL": "http://dba-server.bmc.com",
    "Port": "15672",
    "Username": "BMC",
    "Password": "*****",
    "Connection Timeout": "50",
    "Centralized": true
  }
}

The following table describes the RabbitMQ connection profile parameters.

Parameter

Description

RabbitMQ URL

Defines the URL of the RabbitMQ Server.

http://dba-server.bmc.com

Port

Defines the port to access the RabbitMQ Server.

Default: 15672

Username Defines the username used to access the RabbitMQ Server.
Password Defines the password used to access the RabbitMQ Server. You can use Secrets in Code to hide this value in the code.
Connection Timeout

Determines the number of seconds to wait after Control-M initiates a connection request to RabbitMQ Server before a timeout occurs.

Default: 50

Centralized

Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents.

You must set this parameter to true.

Values:

  • true: Creates a centralized connection profile.

  • false: Creates a local connection profile, which is associated with and stored on a specific Agent.

Default: false