Cloud Computing Connection Profiles

Determines the region where the AWS jobs are located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Defines the AWS account access key.

Defines the AWS account secret access key.

Defines the Identity and Access Management (IAM) role for the AWS Batch connection.

Determines whether a proxy server is installed for access to AWS.

Defines a proxy Hostname.

Determines a proxy host port number between 1024 and 65535.

Defines a username, which connects to the proxy server.

Defines the AWS Batch service endpoint.

Determines the region where the AWS Batch resources are located.

For more information about regional endpoints available for the AWS Batch service, refer to the AWS documentation.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Defines the AWS Batch account access key.

Defines the AWS Batch account secret access key.

Defines the Identity and Access Management (IAM) role for the AWS Batch connection.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Determines the location of the AWS user.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

(AWS Key) Defines the Access key ID for connection to AWS.

(AWS Key) Defines the secret access key for connection to AWS.

(AWS Role) Defines the IAM Role for connection to AWS.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the authentication endpoint for AWS Lambda, based on the following format:

https://lambda.<AWS_Region>.amazonaws.com

Determines the region where the AWS Lambda resources are located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used for services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

(AWS Key) Defines the Access key ID to connect to AWS.

(AWS Key) Defines the secret access key to connect to AWS.

(AWS IAM Role) Defines the IAM Role to connect to AWS.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

(Service Principal) Defines the Azure AD authentication endpoint base URL.

Determines one of the following authentication methods to connect to Azure Logic Apps:

• Service Principal: An Azure service principal, also known as an App Registration, is an identity created to use applications, hosted services, and automated tools that access Azure resources. This access is restricted by the roles assigned to the service principal, which gives the Azure Administrator control over which resources are accessed and at which level. Use this option if the Agent is installed on-premises or with any other cloud vendor.

• Managed Identity: Enables you to access other Azure Active-Directory-protected resources. The identity is managed by the Azure platform. You do not need to provide credentials within Control-M. Use this option if the Agent is installed on an Azure virtual machine that has an assigned a Managed Identity with the required permissions.

  Managed Identity authentication is based on an Azure token that is valid for 24 hours, by default. You can extend the Token lifetimes in Azure.

(Managed Identity) Determines whether the client ID for the managed identity is specified by the Managed Identity Client ID parameter.

(Managed Identity) Determines which client ID to use as the managed identity.

You must complete this field only if your Azure virtual machine has multiple Managed Identities and you have selected the Specify Managed Identity Client ID checkbox. If you only have one client ID, it is detected automatically.

(Service Principal) Defines the tenant ID.

(Service Principal) Defines the application ID of the registered application.

The service principal must be an Azure Batch Accounts workspace user with a Contributor or Owner role.

(Service Principal) Defines the password associated with the Azure user and the application.

Defines the identifier for the Azure Batch account for login via Azure AD.

This identifier is a constant value set to https://batch.core.windows.net/

Determines the region ID associated with the Batch account in Azure Portal.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the Azure account subscription ID, which is located in the Azure portal.

Determines one of the following authentication methods to connect to Azure Functions:

• Service Principal: An Azure service principal, also known as an App Registration, is an identity created to use applications, hosted services, and automated tools that access Azure resources. This access is restricted by the roles assigned to the service principal, which gives the Azure Administrator control over which resources are accessed and at which level. Use this option if the Agent is installed on-premises or with any other cloud vendor.

• Managed Identity: Enables you to access other Azure Active-Directory-protected resources. The identity is managed by the Azure platform. You do not need to provide credentials within Control-M. Use this option if the Agent is installed on an Azure virtual machine that has an assigned a Managed Identity with the required permissions.

  Managed Identity authentication is based on an Azure token that is valid for 24 hours, by default. You can extend the Token lifetimes in Azure.

• Function App ID: Authenticates using the Azure built-in authentication service, which is based on the Function Application Web Site and the Custom Application Key.

Determines whether the client ID for the managed identity is specified by the Managed Identity Client ID parameter.

Determines which client ID to use as the managed identity.

You only need to complete this field if your Azure virtual machine has multiple managed identities and you have selected the Specify Managed Identity Client ID checkbox. If you only have one ID, it is detected automatically.

Defines the Tenant ID.

Defines the name of the resource group that holds the application.

Defines the application ID of the registered application.

The service principal must be an Azure Functions workspace user with a Contributor or Owner role.

Defines the password associated with the Azure user and the application.

Defines the Azure AD authentication endpoint base URL.

Defines the Azure Function Application website name.

Default: azurewebsites.net

Defines the Custom Application Key, which identifies the Azure Function Application that you want to execute.

Determines which REST API version to use.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the Azure account subscription ID.

You can retrieve the subscription ID from the Subscription menu in the Azure portal.

Determines one of the following authentication types:

• Managed Identity: Authenticates using an Azure Active Directory token, which removes the need to provide additional credentials.

• Service Principal: Authenticates using an application ID (service account) and client secret.

(Managed Identity) Determines whether the client ID for your Managed Identity is defined by the Managed Identity Client ID parameter.

Select this check box if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine.

(Managed Identity) Determines which client ID to use as the Managed Identity.

This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you selected the Specify Managed Identity Client ID check box.

If you have only one Managed Identity, it is detected automatically.

(Service Principal) Defines the Azure Tenant ID in the Azure Virtual Machine.

Defines the name of the resource group where the function app is located.

(Service Principal) Defines the application (service principal) ID of the registered application for the Azure Virtual Machine.

The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated.

(Service Principal) Defines the client secret (password) associated with the Azure user and the application.

(Service Principal) Defines the Azure VM authentication endpoint base URL.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Determines one of the following authentication types using GCP Access Control:

• Service Account: Authenticates using an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Defines the Google Cloud Platform (GCP) authentication endpoint for GCP Batch.

Default: https://batch.googleapis.com

(Service Account) Defines a service account that is associated with an RSA key pair.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Determines one of the following authentication types using GCP Access Control:

• Service Account: Authenticates using an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Defines the Google Cloud Platform (GCP) authentication endpoint for Cloud Functions.

(Service Account) Defines a service account that is associated with an RSA key pair.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Determines one of the following authentication types using GCP Access Control:

• Service Account: Authenticates using an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Defines the Google Cloud Platform (GCP) authentication endpoint.

(Service Account) Defines a service account that is associated with an RSA key pair.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the OCI Functions URL, in the following format:

https://functions.<region>.oci.oraclecloud.com

Determines the region where OCI Functions is located.

Determines one of the following authentication methods to connect to OCI Functions:

• Defined Parameters: Defines authentication parameters in the connection profile.

• Configuration File: Uses a configuration file that contains authentication information and is stored on the Control-M/Agent.

The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows.

[DEFAULT] 
user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika
fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e
region=us-phoenix-1
key_file=/home/dbauser/key.pem 

[PROFILE2] 
user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika
fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e
region=us-phoenix-1
key_file=C:\\Users\\dbauser\\key.pem

(Defined Parameters) Defines an individual user within the OCI environment.

(Defined Parameters) Defines the OCI Tenancy ID in OCI Functions, which is a global unique identifier for this account within the OCI environment.

(Defined Parameters) Defines a fingerprint that is used to uniquely identify and verify the integrity of the associated certificate or key.

(Defined Parameters) Defines the Private key within a set of API signing keys that are used for authentication and secure access to OCI resources.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

(Configuration File) Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent.

(Configuration File) Defines the name of a specific section in the configuration file, such as, DEFAULT or PROFILE2 in the code sample above.

Defines the OCI Instances URL, in the following format:

https://iaas.<Region>.oraclecloud.com/20160918

Determines the region where the OCI Virtual Machine is located.

Determines one of the following authentication methods:

• Defined Parameters: Defines authentication parameters in the connection profile.

• Configuration File: Uses a configuration file that contains authentication information and is stored on the Control-M/Agent.

The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows.

[DEFAULT] 
user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika
fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e
region=us-phoenix-1
key_file=/home/dbauser/key.pem 

[PROFILE2] 
user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika
fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e
region=us-phoenix-1
key_file=C:\\Users\\dbauser\\key.pem

(Defined Parameters) Defines an individual user within the OCI environment.

(Defined Parameters) Defines the OCI Tenacy ID in the OCI VM, which is a global unique identifier for this account within the OCI environment.

(Defined Parameters) Defines a fingerprint to uniquely identify and verify the integrity of the associated certificate or key.

(Defined Parameters) Defines the Private key within a set of API signing keys that are used for authentication and secure access to OCI resources.

(Configuration File) Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent.

(Configuration File) Defines the name of a specific section in the configuration file, for example, DEFAULT and PROFILE2 in the code sample above.

Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the URL of the vCenter server.

Defines the name of the user to log in to VMware.

Defines the password of the user to log in to VMware.