Cloud Computing Connection Profiles
The following topics describe the connection profile parameters for cloud computing platforms and services:
AWS Connection Profile Parameters (Deprecated)
This connection profile is for the Control-M for AWS job type. This job type is deprecated. For migration information, see Control-M for AWS Plug-in Migration Tool.
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
The following table describes the AWS connection profile parameters.
Parameter | Description |
---|---|
Region |
Determines the region where the AWS jobs are located. |
Authentication Method |
Determines one of the following authentication methods:
|
Access Key |
Defines the AWS account access key. |
Secret Access Key |
Defines the AWS account secret access key. |
IAM Role |
Defines the Identity and Access Management (IAM) role name for the AWS Batch connection. |
Use Proxy |
Determines whether a proxy server is installed for access to AWS. |
Host |
Defines a proxy Hostname. |
Port |
Determines a proxy host port number between 1024 and 65535. |
Username |
Defines a username, which connects to the proxy server. |
Password |
Defines a password, which connects to the proxy server. |
AWS Batch Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the AWS Batch connection profile parameters.
Parameter |
Description |
---|---|
Batch URL |
Defines the AWS Batch service endpoint. https://batch.eu-west-2.amazonaws.com |
AWS Region |
Determines the region where the AWS Batch resources are located. For more information about regional endpoints available for the AWS Batch service, refer to the AWS documentation. eu-west-2 |
Authentication |
Determines one of the following authentication methods:
AWS IAM Role is currently not supported for this plug-in on ECS container instances and for EKS services. |
AWS Access Key |
Defines the AWS Batch account access key. |
AWS Secret |
Defines the AWS Batch account secret access key. |
IAM Role |
Defines the Identity and Access Management (IAM) role name for the AWS Batch connection. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS Batch before a timeout occurs. Default: 20 |
AWS EC2 Virtual Machine Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the AWS EC2 Virtual Machine connection profile parameters.
Parameter |
Description |
---|---|
EC2 Region |
Determines the location of the AWS user. us-east-1 |
Authentication |
Determines one of the following authentication methods:
|
EC2 Access Key |
(AWS Key) Defines the Access key ID for connection to AWS. |
EC2 Secret Key |
(AWS Key) Defines the secret access key for connection to AWS. |
IAM Role |
(AWS Role) Defines the IAM Role for connection to AWS. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS EC2 before a timeout occurs. Default: 20 |
AWS Lambda Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the AWS Lambda connection profile parameters.
Parameter |
Description |
---|---|
Lambda URL |
Defines the authentication endpoint for AWS Lambda, based on the following format: https://lambda.<AWS_Region>.amazonaws.com https://lambda.eu-west-2.amazonaws.com |
AWS Region |
Determines the region where the AWS Lambda resources are located. eu-west-2 |
Authentication |
Determines one of the following authentication methods:
AWS IAM Role is currently not supported for this plug-in on ECS container instances and for EKS services. |
AWS Access Key ID |
(AWS Key) Defines the Access key ID to connect to AWS. |
AWS Secret |
(AWS Key) Defines the secret access key to connect to AWS. |
IAM Role |
(AWS IAM Role) Defines the IAM Role to name connect to AWS. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS Lambda before a timeout occurs. The connection timeout in Control-M must be longer than the connection timeout that is set in AWS Lambda. Default: 1,800 |
Azure Batch Accounts Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Azure Batch Accounts connection profile parameters.
Parameter |
Description |
---|---|
Azure AD URL |
(Service Principal) Defines the Azure AD authentication endpoint base URL. https://login.microsoftonline.com |
Authentication Method |
Determines one of the following authentication methods to connect to Azure Logic Apps:
|
Specify Managed Identity Client ID |
(Managed Identity) Determines whether the client ID for the managed identity is specified by the Managed Identity Client ID parameter. |
Managed Identity Client ID |
(Managed Identity) Determines which client ID to use as the managed identity. You must complete this field only if your Azure virtual machine has multiple Managed Identities and you have selected the Specify Managed Identity Client ID checkbox. If you only have one client ID, it is detected automatically. |
Tenant ID |
(Service Principal) Defines the tenant ID. |
App ID |
(Service Principal) Defines the application ID of the registered application. The service principal must be an Azure Batch Accounts workspace user with a Contributor or Owner role. |
Client Secret |
(Service Principal) Defines the password associated with the Azure user and the application. |
Batch Resource URL |
Defines the identifier for the Azure Batch account for login via Azure AD. This identifier is a constant value set to https://batch.core.windows.net/ |
Batch Account Name |
Defines the name of the batch account created in Azure Portal. |
Batch Region ID |
Determines the region ID associated with the Batch account in Azure Portal. uksouth |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Azure Batch Accounts before a timeout occurs. Default: 50 |
Azure Functions Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Azure Functions connection profile parameters.
Parameter |
Identity Type |
Description |
---|---|---|
Subscription ID |
|
Defines the Azure account subscription ID, which is located in the Azure portal. |
Identity Type |
NA |
Determines one of the following authentication methods to connect to Azure Functions:
|
Specify Managed Identity Client ID |
Managed Identity |
Determines whether the client ID for the managed identity is specified by the Managed Identity Client ID parameter. |
Managed Identity Client ID |
Managed Identity |
Determines which client ID to use as the managed identity. You only need to complete this field if your Azure virtual machine has multiple managed identities and you have selected the Specify Managed Identity Client ID checkbox. If you only have one ID, it is detected automatically. |
Tenant ID |
|
Defines the Tenant ID. |
Resource Group |
|
Defines the name of the resource group that holds the application. |
Application ID |
|
Defines the application ID of the registered application. The service principal must be an Azure Functions workspace user with a Contributor or Owner role. |
Client Secret |
|
Defines the password associated with the Azure user and the application. |
Azure Login URL |
|
Defines the Azure AD authentication endpoint base URL. https://login.microsoftonline.com |
Function App Web Site |
Function App ID |
Defines the Azure Function Application website name. Default: azurewebsites.net |
Custom App Key |
Function App ID |
Defines the Custom Application Key, which identifies the Azure Function Application that you want to execute. |
API Version |
All Types |
Determines which REST API version to use. |
Use External Vault |
|
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout | All Types |
Determines the number of seconds to wait after Control-M initiates a connection request to Azure Batch Accounts before a timeout occurs. Default: 60 |
Azure Virtual Machine Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Azure Virtual Machine connection profile parameters.
Parameter |
Description |
---|---|
Subscription ID |
Defines the Azure account subscription ID. You can retrieve the subscription ID from the Subscription menu in the Azure portal. |
Authentication Method |
Determines one of the following authentication types:
|
Specify Managed Identity Client ID |
(Managed Identity) Determines whether the client ID for your Managed Identity is defined by the Managed Identity Client ID parameter. Select this check box if you are using the Managed Identity authentication method and you have multiple Managed Identities defined on your Azure virtual machine. |
Managed Identity Client ID |
(Managed Identity) Determines which client ID to use as the Managed Identity. This parameter requires a value only if you have multiple Managed Identities defined on your Azure virtual machine and you selected the Specify Managed Identity Client ID check box. If you have only one Managed Identity, it is detected automatically. Managed Identity authentication is based on an Azure token that is valid, by default, for 24 hours. Token lifetime can be extended by Azure. |
Tenant ID |
(Service Principal) Defines the Azure Tenant ID in the Azure Virtual Machine. |
Resource Group |
Defines the name of the resource group where the function app is located. |
Application ID |
(Service Principal) Defines the application (service principal) ID of the registered application for the Azure Virtual Machine. The service principal must be an Azure Functions workspace user with a Contributor or Owner role associated. |
Client Secret |
(Service Principal) Defines the client secret (password) associated with the Azure user and the application. |
Azure Login URL |
(Service Principal) Defines the Azure VM authentication endpoint base URL. https://login.microsoftonline.com |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Azure VM before a timeout occurs. Default: 20 |
GCP Batch Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the GCP Batch connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
Batch URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for GCP Batch. Default: https://batch.googleapis.com |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to GCP Batch before a timeout occurs. Default: 20 |
GCP Functions Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the GCP Cloud Functions connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
GCP API URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Cloud Functions. https://cloudfunctions.googleapis.com |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to GCP Cloud Functions before a timeout occurs. Default: 20 |
GCP Virtual Machine Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the GCP Virtual Machine connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
GCP URL |
Defines the Google Cloud Platform (GCP) authentication endpoint. https://compute.googleapis.com/compute |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to GCP Virtual Machine before a timeout occurs. Default: 20 |
OCI Functions Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for OCI Functions.
The following table describes the OCI Functions connection profile parameters.
Parameter |
Description |
---|---|
OCI Functions URL |
Defines the OCI Functions URL, in the following format: https://functions.<region>.oci.oraclecloud.com |
OCI Region |
Determines the region where OCI Functions is located. ux-phoenix-1 |
Authentication |
Determines one of the following authentication methods to connect to OCI Functions:
The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows. Copy
|
User OCID |
(Defined Parameters) Defines an individual user within the OCI environment. |
Tenancy OCID |
(Defined Parameters) Defines the OCI Tenancy ID in OCI Functions, which is a global unique identifier for this account within the OCI environment. |
Fingerprint |
(Defined Parameters) Defines a fingerprint that is used to uniquely identify and verify the integrity of the associated certificate or key. |
Private Key |
(Defined Parameters) Defines the Private key within a set of API signing keys that are used for authentication and secure access to OCI resources. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Config File Path |
(Configuration File) Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent. |
Profile |
(Configuration File) Defines the name of a specific section in the configuration file, such as, DEFAULT or PROFILE2 in the code sample above. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to OCI Functions before a timeout occurs. Default: 30 |
OCI VM Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for OCI VM.
The following table describes the OCI Virtual Machine connection profile parameters.
Parameter |
Description |
---|---|
OCI Instances URL |
Defines the OCI Instances URL, in the following format: https://iaas.<Region>.oraclecloud.com/20160918 |
OCI Region |
Determines the region where the OCI Virtual Machine is located. ux-phoenix-1 |
Authentication |
Determines one of the following authentication methods:
The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows. Copy
|
User OCID |
(Defined Parameters) Defines an individual user within the OCI environment. |
Tenancy OCID |
(Defined Parameters) Defines the OCI Tenacy ID in the OCI VM, which is a global unique identifier for this account within the OCI environment. |
Fingerprint |
(Defined Parameters) Defines a fingerprint to uniquely identify and verify the integrity of the associated certificate or key. |
Private Key |
(Defined Parameters) Defines the Private key within a set of API signing keys that are used for authentication and secure access to OCI resources. |
Config File Path |
(Configuration File) Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent. |
Profile |
(Configuration File) Defines the name of a specific section in the configuration file, for example, DEFAULT and PROFILE2 in the code sample above. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to OCI VM before a timeout occurs. Default: 20 |
VMware By Broadcom Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for VMware By Broadcom.
Parameter |
Description |
---|---|
vCenter URL |
Defines the URL of the vCenter server. https://isr-vcenter.Domain.bmc.com |
Username |
Defines the name of the user to log in to VMware. |
Password |
Defines the password of the user to log in to VMware. |
Connection Timeout |
Determines the number of seconds to wait before a timeout occurs after Control-M initiates a connection request to VMware. Default: 1000 |