Infrastructure as Code Connection Profiles
The following topics describe the connection profile parameters for Infrastructure as Code Connection platforms and services:
AWS CloudFormation Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the AWS CloudFormation connection profile parameters.
Parameter |
Description |
---|---|
CloudFormation URL |
Defines the AWS CloudFormation API authentication endpoint. https://cloudformation.us-east-1.amazonaws.com |
AWS Region |
Determines the region where the AWS CloudFormation jobs are located. us-east-1 |
Authentication |
Determines one of the following authentication methods:
|
AWS Access Key |
Defines the AWS CloudFormation account access key. |
AWS Secret |
Defines the AWS CloudFormation account secret access key. |
IAM Role |
Defines the Identity and Access Management (IAM) role name for the AWS CloudFormation connection. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to AWS CloudFormation before a timeout occurs. Default: 30 |
Azure Resource Manager Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes Azure Resource Manager connection profile parameters.
Parameter |
Description |
---|---|
Azure Login URL |
(Service Principal) Defines the Azure Active Directory authentication endpoint URL. Default: https://login.microsoftonline.com |
Azure Base URL |
Defines the Azure Resource Manager authentication endpoint base URL. Default: https://management.azure.com |
Subscription ID |
Defines the registered subscription ID for the Azure Resource Manager service. |
Authentication Method |
Determines one of the following identity types that connects to Azure Resource Manager:
Each authentication type uses an Azure token that is valid for 24 hours, by default. You can extend token lifetimes through Azure. To prepare for authentication with a Service Principal authentication, you must assign the Service Principal an Owner or Contributor role through the Azure platform. |
Tenant ID |
(Service Principal) Defines the Azure tenant ID, which represents your organization. |
App ID |
(Service Principal) Defines the Azure AD application ID for Resource Manager. The Service Principal must be an Azure Resource Manager workspace user with a Contributor or Owner role. |
Client Secret |
(Service Principal) Defines the password associated with the Azure user and the Azure AD application ID. |
Specify Managed Identity Client ID |
(Managed Identity) Determines whether to define a specific Managed Identity. |
Managed Identity Client ID |
(Managed Identity) Defines the specific Managed Identity that connects to Azure Resource Manager. You must complete this field only if your Azure virtual machine has multiple Managed Identities and you have selected the Specify Managed Identity Client ID checkbox. If you only have one Managed Identity, it is detected automatically. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Azure Resource Manager before a timeout occurs. Default: 20 |
GCP Deployment Manager Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the GCP Deployment Manager connection profile parameters.
Parameter |
Description |
---|---|
Identity Type |
Determines one of the following authentication types using GCP Access Control:
|
Deployment Manager URL |
Defines the Google Cloud Platform (GCP) authentication endpoint for Deployment Manager. https://www.googleapis.com/deploymentmanager/v2/projects/ |
Security Account Key |
(Service Account) Defines a service account that is associated with an RSA key pair. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to GCP Cloud Deployment Manager before a timeout occurs. Default: 20 |
Terraform Connection Profile Parameters
Before you can define a job, you must create a connection profile in the Configuration domain. A connection profile contains authorization credentials—such as the username, password, and other plug-in-specific parameters—and enables you to connect to the application server with only the connection profile name. To create a connection profile, see Creating a Centralized Connection Profile.
For more information about this plug-in, see
The following table describes the Terraform connection profile parameters.
Parameter |
Description |
---|---|
Terraform Org Name |
Defines the organization name where the Terraform workspace is located. |
Token |
Defines a Terraform token for authentication of connections to the Terraform workspace. |
Use External Vault |
Determines whether to locate and retrieve a secret from an external vault, as described in CyberArk Secret Parameters in Connection Profiles. |
Connection Timeout |
Determines the number of seconds to wait after Control-M initiates a connection request to Terraform before a timeout occurs. Default: 20 |