Cloud Computing Connection Profiles

Determines the region where the AWS jobs are located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used by services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Defines the access key assigned to the account with the relevant permissions to the AWS service.

Defines the secret access key assigned to the account with the relevant permissions to the AWS service.

Defines the Identity and Access Management (IAM) role name for the AWS service connection.

Determines whether a proxy server is installed for access to AWS.

Defines a proxy Hostname.

Determines a proxy host port number between 1024 and 65535.

Defines a username, which connects to the proxy server.

Defines the AWS Batch service endpoint.

Determines the AWS region where the job is located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used by services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Default: AWS Key & Secret

Defines the access key assigned to the account with the relevant permissions to the AWS service.

Defines the secret access key assigned to the account with the relevant permissions to the AWS service.

Defines the Identity and Access Management (IAM) role name for the AWS service connection.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Determines the AWS region where the job is located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used by services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

(AWS Key) Defines the access key assigned to the account with the relevant permissions to the AWS service.

(AWS Key) Defines the secret access key assigned to the account with the relevant permissions to the AWS service.

(AWS Role) Defines the Identity and Access Management (IAM) role name for the AWS service connection.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the authentication endpoint for AWS Lambda, based on the following format:

https://lambda.<AWS_Region>.amazonaws.com

Determines the AWS region where the job is located.

Determines one of the following authentication methods:

• AWS Key & Secret: Authenticates with an AWS access key and secret, which are used by services outside the AWS infrastructure.

• AWS IAM Role: Authenticates with an AWS IAM role from within the AWS infrastructure, which removes the need to provide additional credentials.

Default: AWS Key & Secret

(AWS Key) Defines the access key assigned to the account with the relevant permissions to the AWS service.

(AWS Key) Defines the secret access key assigned to the account with the relevant permissions to the AWS service.

(AWS IAM Role) Defines the Identity and Access Management (IAM) role name for the AWS service connection.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint.

Default:https://login.microsoftonline.com

Determines one of the following authentication methods:

• Service Principal: Access protected Azure services and resources based on roles assigned to the Service Principal by the Azure administrator. The Service Principal is also known as an App Registration. Use this method if the Control-M/Agent is installed on-premises or with another (non-Azure) cloud vendor.

• Managed Identity: Access protected Azure services and resources using a key created and managed by the Azure platform, without login credentials. Use this method if the Control-M/Agent is installed on an Azure virtual machine that has a Managed Identity with the required permissions.

Determines whether the managed identity is specified by the Managed Identity Client ID attribute.

Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM.

Defines the client ID of the managed identity used for access.

This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID.

Defines the Azure tenant ID for your organization.

Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service.

Defines the identifier for the Azure Batch account for login with Azure AD, as follows:

https://batch.core.windows.net/

Defines the name of the batch account created in Azure Portal.

Determines the region ID associated with the Batch account in Azure Portal.

Defines the password associated with the Service Principal/registered application.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the Azure account ID of your organization.

Determines one of the following authentication methods:

• Service Principal: Access protected Azure services and resources based on roles assigned to the Service Principal by the Azure administrator. The Service Principal is also known as an App Registration. Use this method if the Control-M/Agent is installed on-premises or with another (non-Azure) cloud vendor.

• Managed Identity: Access protected Azure services and resources using a key created and managed by the Azure platform, without login credentials. Use this method if the Control-M/Agent is installed on an Azure virtual machine that has a Managed Identity with the required permissions.

• Function App ID: Authenticates using the Azure built-in authentication service, which is based on the Function Application Web Site and the Custom Application Key.

• Unauthenticated: Authenticates with a specific function key for controlled public access without the need for OAuth2 authentication. This method does not require a client ID or client secret but still enables secure access with the key.

Determines whether the managed identity is specified by the Managed Identity Client ID attribute.

Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM.

Defines the client ID of the managed identity used for access.

This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID.

Defines the Azure tenant ID for your organization.

Defines the Azure Resource Group container that holds related service resources.

Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service.

Defines the password associated with the Service Principal/registered application.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint.

Defines the Azure Function Application website name.

Default: azurewebsites.net

Defines the Custom Application Key, which identifies the Azure Function Application that you want to execute.

Determines which REST API version to use.

Defines the Azure account ID of your organization.

Determines one of the following authentication methods:

• Service Principal: Access protected Azure services and resources based on roles assigned to the Service Principal by the Azure administrator. The Service Principal is also known as an App Registration. Use this method if the Control-M/Agent is installed on-premises or with another (non-Azure) cloud vendor.

• Managed Identity: Access protected Azure services and resources using a key created and managed by the Azure platform, without login credentials. Use this method if the Control-M/Agent is installed on an Azure virtual machine that has a Managed Identity with the required permissions.

Determines whether the managed identity is specified by the Managed Identity Client ID attribute.

Toggle on this option when you use the Managed Identity authentication method and there are multiple managed identities defined on your Azure VM.

Defines the client ID of the managed identity used for access.

This attribute requires a value only if there are multiple managed identities defined on your Azure VM and you toggle on Specify Managed Identity Client ID.

Defines the Azure tenant ID for your organization.

Defines the Azure Resource Group container that holds related service resources.

Defines the Registered App for the Azure service in your Microsoft Entra/Azure AD tenant. The corresponding Service Principal must be assigned the Owner or Contributor role for the Azure service.

Defines the password associated with the Service Principal/registered application.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the base URL of the Microsoft Entra/Azure AD authentication endpoint.

Determines one of the following authentication types that utilize GCP Access Control:

• Service Account: Authenticates with an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Defines the Google Cloud Platform (GCP) authentication endpoint for GCP Batch.

Default: https://batch.googleapis.com

(Service Account) Defines a service account that is associated with an RSA key pair.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Determines one of the following authentication types that utilize GCP Access Control:

• Service Account: Authenticates with an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Defines the Google Cloud Platform (GCP) authentication endpoint for Cloud Functions.

(Service Account) Defines a service account that is associated with an RSA key pair.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Determines one of the following authentication types that utilize GCP Access Control:

• Service Account: Authenticates with an application ID (service account) and client secret.

• IAM: Authenticates based on a detected IAM role, which removes the need to provide additional credentials.

Defines the Google Cloud Platform (GCP) authentication endpoint.

(Service Account) Defines a service account that is associated with an RSA key pair.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the OCI Functions URL, in the following format:

https://functions.<region>.oci.oraclecloud.com

Determines the region where OCI Functions is located.

Determines one of the following authentication methods:

• Defined Parameters: Defines authentication parameters in the connection profile.

• Configuration File: Uses a configuration file that contains authentication information and is stored on the Control-M/Agent.

The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows.

[DEFAULT] 
user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika
fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e
region=us-phoenix-1
key_file=/home/dbauser/key.pem 

[PROFILE2] 
user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika
fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e
region=us-phoenix-1
key_file=C:\\Users\\dbauser\\key.pem

(Defined Parameters) Defines an individual user within the OCI environment.

(Defined Parameters) Defines the OCI Tenancy ID, which is a global unique identifier for this account within the OCI environment.

(Defined Parameters) Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key.

(Defined Parameters) Defines the private key within a set of API signing keys that are used for authentication and secure access to OCI resources.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

(Configuration File) Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent.

(Configuration File) Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample.

Defines the OCI Instances URL in the following format:

https://iaas.<Region>.oraclecloud.com/20160918

Determines the region where the OCI Virtual Machine is located.

Determines one of the following authentication methods:

• Defined Parameters: Defines authentication parameters in the connection profile.

• Configuration File: Uses a configuration file that contains authentication information and is stored on the Control-M/Agent.

The following example of a configuration file defines two profiles: DEFAULT for Linux and PROFILE2 for Windows.

[DEFAULT] 
user=ocid1.user.oc1..aaaaaaaa4vcihdfhrdtyry457245636cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue9f8djfihhwp2cu4e6t2b7lttna7rcgnhrdi4qzika
fingerprint=9f:af:df:f5:5g:95:92:7c:34:ab:46:d3:b4:30:e6:9e
region=us-phoenix-1
key_file=/home/dbauser/key.pem 

[PROFILE2] 
user=ocid1.user.oc1..aaaaaaaa4v768679dfhrd8989JHGJG36cqqcljd6yrcukszg7gzoymoyvkyupivpjfnq
tenancy=ocid1.tenancy.oc1..aaa456y4e3yrtyue987erum,gfwp2cu4e6t2b7lttna7rcgnhrdi4qzika
fingerprint=9f:af:c0:f5:7b:95:92:7c:03:a5:46:g3:b4:38:e6:9e
region=us-phoenix-1
key_file=C:\\Users\\dbauser\\key.pem

(Defined Parameters) Defines an individual user within the OCI environment.

(Defined Parameters) Defines the OCI Tenancy ID, which is a global unique identifier for this account within the OCI environment.

(Defined Parameters) Defines a fingerprint which uniquely identifies and verifies the integrity of the associated certificate or key.

(Defined Parameters) Defines the private key within a set of API signing keys that are used for authentication and secure access to OCI resources.

(Configuration File) Defines the path to the configuration file that contains authentication information. This file is stored on the Control-M/Agent.

(Configuration File) Defines the name of a specific section in the configuration file, such as DEFAULT and PROFILE2 in the Configuration File code sample.

Determines whether to retrieve secret parameter values from an external vault, as described in CyberArk Secret Parameters in Connection Profiles.

Defines the URL of the vCenter server.

Defines the name of the user that runs the VMware By Broadcom job.

Defines the password of the user that runs the VMware By Broadcom job.