Cloud Computing Connection Profiles
The following topics describe the connection profile parameters for cloud computing platforms and services:
AWS Connection Profile Parameters (Deprecated) Link copied to clipboard
This connection profile is for the Control-M for AWS job type. This job type is deprecated. For migration information, see Control-M for AWS Plug-in Migration Tool.
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
The following table describes the AWS connection profile parameters.
Parameter | Description |
---|---|
Region |
Determines the region where the AWS jobs are located. |
Authentication Method |
Determines one of the following authentication methods:
|
Access Key |
Defines the access key assigned to the account with the relevant permissions to the AWS service. |
Secret Access Key |
Defines the secret access key assigned to the account with the relevant permissions to the AWS service. |
IAM Role |
Defines the Identity and Access Management (IAM) role name for the AWS service connection. |
Use Proxy |
Determines whether a proxy server is installed for access to AWS. |
Host |
Defines a proxy Hostname. |
Port |
Determines a proxy host port number between 1024 and 65535. |
Username |
Defines a username, which connects to the proxy server. |
Password |
Defines a password, which connects to the proxy server. |
AWS Batch Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for AWS Batch.
The following table describes the AWS Batch connection profile parameters.
Parameter |
Description |
---|---|
Batch URL |
Defines the AWS Batch service endpoint. https://batch.eu-west-2.amazonaws.com |
AWS Region |
Determines the AWS region where the job is located. us-east-2 |
Authentication |
Determines one of the following authentication methods:
Default: AWS Key & Secret AWS IAM Role is currently not supported for this plug-in on ECS container instances and for EKS services. |
AWS Access Key |
Defines the access key assigned to the account with the relevant permissions to the AWS service. |
AWS Secret |
Defines the secret access key assigned to the account with the relevant permissions to the AWS service. |
IAM Role |
Defines the Identity and Access Management (IAM) role name for the AWS service connection. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
Amazon EC2 Virtual Machine Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Amazon EC2.
The following table describes the Amazon EC2 Virtual Machine connection profile parameters.
Parameter |
Description |
---|---|
EC2 Region |
Determines the AWS region where the job is located. us-east-2 |
Authentication |
Determines one of the following authentication methods:
|
EC2 Access Key |
(AWS Key) Defines the access key assigned to the account with the relevant permissions to the AWS service. |
EC2 Secret Key |
(AWS Key) Defines the secret access key assigned to the account with the relevant permissions to the AWS service. |
IAM Role |
(AWS Role) Defines the Identity and Access Management (IAM) role name for the AWS service connection. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
AWS Lambda Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for AWS Lambda.
The following table describes the AWS Lambda connection profile parameters.
Parameter |
Description |
---|---|
Lambda URL |
Defines the authentication endpoint for AWS Lambda, based on the following format: https://lambda.<AWS_Region>.amazonaws.com https://lambda.eu-west-2.amazonaws.com |
AWS Region |
Determines the AWS region where the job is located. us-east-2 |
Authentication |
Determines one of the following authentication methods:
Default: AWS Key & Secret AWS IAM Role is currently not supported for this plug-in on ECS container instances and for EKS services. |
AWS Access Key ID |
(AWS Key) Defines the access key assigned to the account with the relevant permissions to the AWS service. |
AWS Secret |
(AWS Key) Defines the secret access key assigned to the account with the relevant permissions to the AWS service. |
IAM Role |
(AWS IAM Role) Defines the Identity and Access Management (IAM) role name for the AWS service connection. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. The connection timeout in Control-M must be longer than the connection timeout that is set in AWS Lambda. Default: 1800 |
Azure Batch Accounts Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Azure Batch Accounts.
The following table describes the Azure Batch Accounts connection profile parameters.
Parameter |
Authentication Method |
Description |
---|---|---|
Azure AD URL |
|
Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint. Default:https://login.microsoftonline.com |
Authentication Method |
|
Determines one of the following authentication methods:
|
Specify Managed Identity Client ID |
Managed Identity |
Determines whether the managed identity is specified by the Managed Identity Client ID attribute. Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM. |
Managed Identity Client ID |
Managed Identity |
Defines the client ID of the managed identity used for access. This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID. |
Tenant ID |
Service Principal |
Defines the Azure tenant ID for your organization. |
App ID |
Service Principal |
Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service. |
Batch Resource URL |
|
Defines the identifier for the Azure Batch account for login with Azure AD, as follows: https://batch.core.windows.net/ |
Batch Account Name |
|
Defines the name of the batch account created in Azure Portal. |
Batch Region ID |
|
Determines the region ID associated with the Batch account in Azure Portal. uksouth |
Client Secret |
Service Principal |
Defines the password associated with the Service Principal/registered application. |
Use External Vault |
Service Principal |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
|
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 50 |
Azure Functions Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Azure Functions.
The following table describes the Azure Functions connection profile parameters.
Parameter |
Identity Type |
Description |
---|---|---|
Subscription ID |
|
Defines the Azure account ID of your organization. |
Identity Type |
|
Determines one of the following authentication methods:
|
Specify Managed Identity Client ID |
Managed Identity |
Determines whether the managed identity is specified by the Managed Identity Client ID attribute. Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM. |
Managed Identity Client ID |
Managed Identity |
Defines the client ID of the managed identity used for access. This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID. |
Tenant ID |
|
Defines the Azure tenant ID for your organization. |
Resource Group |
|
Defines the Azure Resource Group container that holds related service resources. |
Application ID |
|
Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service. |
Client Secret |
|
Defines the password associated with the Service Principal/registered application. |
Use External Vault |
|
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Azure Login URL |
|
Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint. |
Function App Web Site |
Function App ID |
Defines the Azure Function Application website name. Default: azurewebsites.net |
Custom App Key |
Function App ID |
Defines the Custom Application Key, which identifies the Azure Function Application that you want to execute. |
API Version |
All Types |
Determines which REST API version to use. |
Connection Timeout | All Types |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 60 |
Azure Virtual Machine Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for Azure Virtual Machine.
The following table describes the Azure Virtual Machine connection profile parameters.
Parameter |
Authentication Method |
Description |
---|---|---|
Subscription ID |
Service Principal Managed Identity |
Defines the Azure account ID of your organization. |
Authentication Method |
Service Principal Managed Identity |
Determines one of the following authentication methods:
|
Specify Managed Identity Client ID |
Managed Identity |
Determines whether the managed identity is specified by the Managed Identity Client ID attribute. Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM. |
Managed Identity Client ID |
Managed Identity |
Defines the client ID of the managed identity used for access. This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID. |
Tenant ID |
Service Principal |
Defines the Azure tenant ID for your organization. |
Resource Group |
Service Principal Managed Identity |
Defines the Azure Resource Group container that holds related service resources. |
Application ID |
Service Principal |
Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service. |
Client Secret |
Service Principal |
Defines the password associated with the Service Principal/registered application. |
Use External Vault |
Service Principal |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Azure Login URL |
Service Principal Managed Identity |
Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint. |
Connection Timeout |
Service Principal Managed Identity |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
GCP Batch Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for GCP Batch.
The following table describes the GCP Batch connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types that utilize GCP Access Control:
|
Batch URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for GCP Batch. Default: https://batch.googleapis.com |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
GCP Functions Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for GCP Functions.
The following table describes the GCP Cloud Functions connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types that utilize GCP Access Control:
|
GCP API URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Cloud Functions. https://cloudfunctions.googleapis.com |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
GCP VM Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for GCP Virtual Machine.
The following table describes the GCP VM connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types that utilize GCP Access Control:
|
GCP URL |
Defines the Google Cloud Platform (GCP) authentication endpoint. https://compute.googleapis.com/compute |
Service Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
OCI Functions Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for OCI Functions.
The following table describes the OCI Functions connection profile parameters.
Parameter |
Description |
---|---|
OCI Functions URL |
Defines the OCI Functions URL, in the following format: https://functions.<region>.oci.oraclecloud.com |
OCI Region |
Determines the region where OCI Functions is located. ux-phoenix-1 |
Authentication |
Determines one of the following authentication methods:
The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows. CopyCopied to clipboard
|
User OCID |
(Defined Parameters) Defines an individual user within the OCI environment. |
Tenancy OCID |
(Defined Parameters) Defines the OCI Tenancy ID, which is a global unique identifier for this account within the OCI environment. |
Fingerprint |
(Defined Parameters) Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key. |
Private Key |
(Defined Parameters) Defines the private key within a set of API signing keys that are used for authentication and secure access to OCI resources. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Config File Path |
(Configuration File) Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent. |
Profile |
(Configuration File) Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 30 |
OCI VM Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for OCI VM.
The following table describes the OCI Virtual Machine connection profile parameters.
Parameter |
Description |
---|---|
OCI Instances URL |
Defines the OCI Instances URL in the following format: https://iaas.<Region>.oraclecloud.com/20160918 |
OCI Region |
Determines the region where the OCI Virtual Machine is located. ux-phoenix-1 |
Authentication |
Determines one of the following authentication methods:
The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows. CopyCopied to clipboard
|
User OCID |
(Defined Parameters) Defines an individual user within the OCI environment. |
Tenancy OCID |
(Defined Parameters) Defines the OCI Tenancy ID, which is a global unique identifier for this account within the OCI environment. |
Fingerprint |
(Defined Parameters) Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key. |
Private Key |
(Defined Parameters) Defines the private key within a set of API signing keys that are used for authentication and secure access to OCI resources. |
Config File Path |
(Configuration File) Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent. |
Profile |
(Configuration File) Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample. |
Use External Vault |
Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 20 |
VMware By Broadcom Connection Profile ParametersLink copied to clipboard
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see Control-M for VMware By Broadcom.
Parameter |
Description |
---|---|
vCenter URL |
Defines the URL of the vCenter server. https://isr-vcenter.Domain.bmc.com |
Username |
Defines the name of the user that runs the VMware By Broadcom job. |
Password |
Defines the password of the user that runs the VMware By Broadcom job. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request before a timeout occurs. Default: 1000 |