Messaging and Queuing Connection Profiles

The following topics describe connection profiles for data processing and analytics platforms and services:

ConnectionProfile:AWS SNS
ConnectionProfile:AWS SQS
ConnectionProfile:Azure Service Bus
ConnectionProfile:RabbitMQ

ConnectionProfile:AWS SNS

AWS SNS (Simple Notification Service) is a cloud-based SNS that follows a Pub/Sub model and enables you to send notifications across various platforms and devices.

For more information about this plug-in, see Control-M for Amazon SNS.

The following example shows how to define an AWS SNS connection profile that authenticates with AWS Key & Secret:

Copy

"AWS SNS": 
{
   "Type": "ConnectionProfile:AWS SNS",
   "AWS SNS URL": "https://sns.us-east-1.amazonaws.com",
   "AWS Region": "us-east-1",
   "Authentication Method": "Secret",
   "AWS Access Key": "<Access Key>",
   "AWS Secret": "*****",
   "Connection Timeout": "30",
   "Description": "",
   "Centralized": true
}

The following example shows how to define an AWS SNS connection profile that authenticates with IAM Role:

Copy

"AWS SNS": 
{
   "Type": "ConnectionProfile:AWS SNS",
   "AWS SNS URL": "https://sns.us-east-1.amazonaws.com",
   "AWS Region": "us-east-1",
   "Authentication Method": "IAM",
   "AWS IAM Role": "<IAM Role>",
   "Connection Timeout": "30",
   "Description": "",
   "Centralized": true
}

The following table describes AWS SNS connection profile parameters.

Parameter	Description
AWS SNS URL	Defines the AWS SNS authentication endpoint. https://sns.us-east-1.amazonaws.com
AWS Region	Determines the AWS region where the job is located. us-east-2
Authentication	Determines one of the following authentication methods: Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure. IAM: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.
AWS Access Key	Defines the access key assigned to the account with the relevant permissions to the AWS service.
AWS Secret	Defines the secret access key assigned to the account with the relevant permissions to the AWS service. You can use Secrets in Code to hide this value in the code.
AWS IAM Role	Defines the Identity and Access Management (IAM) role name for the AWS service connection.
Connection Timeout	Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 30
Centralized	Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true.

ConnectionProfile:AWS SQS

AWS Simple Queue Service (SQS) is a message queuing service that enables you to exchange messages between components without losing messages.

For more information about this plug-in, see Control-M for Amazon SQS.

The following example shows how to define an AWS SQS connection profile that authenticates with AWS Key & Secret:

Copy

"AWS SQS":
{
   "Type": "ConnectionProfile:AWS SQS",
   "AWS SQS URL": "https://sqs.us-east-1.amazonaws.com",
   "AWS Region": "us-east-1",
   "Authentication Method": "Secret",
   "AWS Access Key": "<Access Key>",
   "AWS Secret": "*****",
   "Connection Timeout": "30",
   "Description": "",
   "Centralized": true
}

The following example shows how to define an AWS SQS connection profile that authenticates with IAM Role:

Copy

"AWS SQS":
{
   "Type": "ConnectionProfile:AWS SQS",
   "AWS SQS URL": "https://sqs.us-east-1.amazonaws.com",
   "AWS Region": "us-east-1",
   "Authentication Method": "IAM",
   "AWS IAM Role": "<IAM Role>",
   "Connection Timeout": "30",
   "Description": "",
   "Centralized": true
}

The following table describes AWS SQS connection profile parameters.

Parameter	Description
AWS SQS URL	Defines the AWS SQS authentication endpoint. https://sqs.us-east-1.amazonaws.com
AWS Region	Determines the AWS region where the job is located. us-east-2
Authentication	Determines one of the following authentication methods: Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure. IAM: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.
AWS Access Key	Defines the access key assigned to the account with the relevant permissions to the AWS service.
AWS Secret	Defines the secret access key assigned to the account with the relevant permissions to the AWS service. You can use Secrets in Code to hide this value in the code.
AWS IAM Role	Defines the Identity and Access Management (IAM) role name for the AWS service connection.
Connection Timeout	Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 30
Centralized	Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true.

ConnectionProfile:Azure Service Bus

Azure Service Bus is an enterprise message broker that supports point-to-point message queues and one-to-many publish/subscribe messaging.

For more information, see Control-M for Azure Service Bus.

The following example shows how to define an Azure Service Bus connection profile that uses the Service Principal authentication method:

"SB": {
   "Type": "ConnectionProfile:Azure Service Bus",   
   "Azure Login url": "https://login.microsoftonline.com", 
   "Identity Type": "PRINCIPAL",
   "Tenant ID": "92dddc5-5839-40a6-8dd9-c1f6676769b",
   "Application ID": "cd044343-ac71-4ff7-8b73-0341112480aa2", 
   "Resource Group": "ncu-if",
   "Subscription ID": "e7sdfdsf6e0-70de-4da8-b02e-6345435150b1f",
   "Client Secret": "*****",
   "Connection Timeout": "60",
   "Description": "",
   "Centralized": true
  }

                                                    

The following example shows how to define an Azure Service Bus connection profile that uses the Managed Identity authentication method:

"ASB2": {
    "Type": "ConnectionProfile:Azure Service Bus",
    "Azure Login url": "https://login.microsoftonline.com",
    "Identity Type": "MANAGEDID",
    "Specify Managed Identity Client ID": "&client_id=",
    "Managed Identity Client ID": "id4356",
    "Connection Timeout": "60",
    "Description": "",
    "Centralized": true
  }
                                                    

The following table describes the Azure Service Bus connection profile parameters.

Parameter	Authentication Method	Description
Azure Login URL	Service Principal Managed Identity	Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint.
Subscription ID	Service Principal Managed Identity	Defines the Azure account ID of your organization.
Identity Type	Service Principal Managed Identity	Determines one of the following authentication methods: Service Principal: Access protected Azure services and resources based on roles assigned to the Service Principal by the Azure administrator. The Service Principal is also known as an App Registration. Use this method if the Control-M/Agent is installed on-premises or with another (non-Azure) cloud vendor. Managed Identity: Access protected Azure services and resources using a key created and managed by the Azure platform, without login credentials. Use this method if the Control-M/Agent is installed on an Azure virtual machine that has a Managed Identity with the required permissions.
Specify Managed Identity Client ID	Managed Identity	(Managed identity authentication) Determines whether the managed identity is specified by the Managed Identity Client ID parameter. This parameter must be included when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM. Valid Values: "&client_id=": The Managed Identity Client ID parameter contains the managed identity used for authentication. You must specify this value when your Azure VM has multiple managed identities. "": The Managed Identity Client ID parameter does not contain a managed identity value. The managed identity is automatically retrieved from the Azure VM.
Managed Identity Client ID	Managed Identity	(Managed identity authentication) Defines the client ID of the managed identity used for access. This parameter requires a value only if there are multiple managed identities defined on your Azure VM and you included the Specify Managed Identity Client ID parameter. If there is only one managed identity, it is detected automatically.
Tenant ID	Service Principal	Defines the Azure tenant ID for your organization.
Resource Group	Service Principal Managed Identity	Defines the Azure Resource Group container that holds related service resources.
Application ID	Service Principal	Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service.
Client Secret	Service Principal	Defines the password associated with the Service Principal/registered application.You can use Secrets in Code to hide this value in the code.
Connection Timeout	Service Principal Managed Identity	Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 60
Centralized		Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true.

ConnectionProfile:RabbitMQ

RabbitMQ is a message broker for applications that require message delivery and routing capabilities.

For more information, see Control-M for RabbitMQ.

The following example shows how to define a RabbitMQ connection profile:

{
  "RMQ": {
    "Type": "ConnectionProfile: RabbitMQ",
    "Description": "",
    "RabbitMQ URL": "http://dba-server.bmc.com",
    "Port": "15672",
    "Username": "BMC",
    "Password": "*****",
    "Connection Timeout": "50",
    "Centralized": true
  }
}

                                                    

The following table describes the RabbitMQ connection profile parameters.

Parameter	Description
RabbitMQ URL	Defines the URL of the RabbitMQ Server. http://dba-server.bmc.com
Port	Defines the port to access the RabbitMQ Server. Default: 15672
Username	Defines the username used to access the RabbitMQ Server.
Password	Defines the password used to access the RabbitMQ Server. You can use Secrets in Code to hide this value in the code.
Connection Timeout	Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 50
Centralized	Determines whether to create a centralized connection profile, which is stored in the Control-M/EM database and is available to all Agents. You must set this parameter to true.