Infrastructure as Code Jobs

The following topics describe job attributes that work with cloud computing platforms and services:

AWS CloudFormation Job

AWS CloudFormation enables you to create, configure, test, and manage your AWS infrastructure, which is a collection of AWS services and resources.

To create an AWS CloudFormation job, see Creating a Job. For more information about this plug-in, see Control-M for AWS CloudFormation.

The following table describes the AWS CloudFormation job attributes.

Attribute

Description

Connection Profile

Determines the authorization credentials that are used to connect Control-M to AWS CloudFormation, as described in AWS CloudFormation Connection Profile Parameters.

Rules:

  • Characters: 1−30

  • Case Sensitive: Yes

  • Invalid Characters: Blank spaces.

Action

Determines one of the following CloudFormation actions to perform:

  • Create Stack: Creates a stack, which is a collection of AWS resources, such as a web server or database.

  • Update Stack: Updates a stack.

  • Delete Stack: Deletes a stack.

Stack Name

Defines a unique stack name.

A stack is a collection of AWS resources, such as a web server or database.

Stack Parameters

Determines one of the following templates to create or update:

  • Template URL: Enables you to define the URL for a preexisting template.

  • Template Body: Enables you to define the template in the job, in JSON or YAML format.

A template defines the properties of your AWS infrastructure.

Template URL

Defines the URL for a preexisting template.

Rules:

  • File Type: JSON- or YAML-formatted text files.

  • File Size: 450 KB.

  • File Location:

    • JSON or YAML Files: Amazon S3 bucket.

    • AWS Systems Manager: You must use the AWS Systems Manager to create a URL that points to the file location.

  • YAML-Formatted Text File: https://abc-datapipeline-exp.s3.amazonaws.com/dynamodbDemo.yml

  • AWS System Manager File: https://us-east-2.console.aws.amazon.com/systems-manager/documents/AWSQuickSetup-UpdateExistingInstanceProfile-v02zp/details?region=us-east-2

Template Body

Defines the template in JSON or YAML format.

YAML:

Copy
AWSTemplateFormatVersion: 2010-09-09
Resources:
  OrdersTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: AuthorsTable_prod_Tt
      AttributeDefinitions:
        - AttributeName: "AuthorName"
          AttributeType: "S"
        - AttributeName: "BookTitle"
          AttributeType: "S"
      KeySchema:
        - AttributeName: "AuthorName"
          KeyType: "HASH"
        - AttributeName: "BookTitle"
          KeyType: "RANGE"
      TimeToLiveSpecification:
        AttributeName: "ExpirationTime"
        Enabled: true
      ProvisionedThroughput:
        ReadCapacityUnits: "10"
        WriteCapacityUnits: "5"
    DependsOn:
      - DynamoDBQueryPolicy
  DynamoDBQueryPolicy:
    Type: "AWS::IAM::Policy"
    Properties:
      PolicyName: DynamoDBQueryPolicy
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Action: "dynamodb:Query"
            Resource: "*"
      Roles:
        - Ref: "OrdersTableQueryRole"
  OrdersTableQueryRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              Service:
                - "dynamodb.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Path: "/"

Role ARN

Defines the Amazon Resource Name (ARN) of the AWS IAM Role that CloudFormation runs as to create or update a stack.

An ARN is a standardized AWS resource address.

The AWS IAM role must be granted read and write privileges to create or update any of the AWS resources that are in the stack.

arn:aws:iam::12345678910:role/AWS-QuickSetup-StackSet-Local-AdministrationRole

Capabilities Type

Defines the capabilities of your template and stack.

  • Capability IAM

  • Capability Named IAM

  • Capability Auto-Expand

Default: Capability IAM

Enable Termination Protection

Determines whether to prevent deletion of this stack by other users.

On Failure

Determines one of the following actions to take when the job ends Not OK:

  • Do Nothing: Leaves the created or updated stack as is.

  • Roll Back: Reverts to the previous stack.

  • Delete: Deletes the created or updated stack.

Default: Do Nothing

Status Polling Frequency

Determines the number of seconds to wait before Control-M checks the status of the job.

Default: 15

Failure Tolerance

Determines the number of times to check the job status before the job ends Not OK.

Default: 2

Azure Resource Manager Job

Azure Resource Manager enables you to create, configure, test, and manage your Azure resources infrastructure.

To create an Azure Resource Manager job, see Creating a Job. For more information about this plug-in, see Control-M for Azure Resource Manager.

The following table describes the Azure Resource Manager job attributes.

Attribute

Description

Connection Profile

Determines the authorization credentials that are used to connect Control-M to Azure Resource Manager, as described in Azure Resource Manager Connection Profile Parameters.

Rules:

  • Characters: 1−30

  • Case Sensitive: Yes

  • Invalid Characters: Blank spaces.

Resource Group Name

Defines a unique resource group name.

A resource group is a collection of Azure resources, such as a virtual machine or database, that share the same permissions.

Action

Determines one of the following actions to perform:

  • Create Deployment: Adds resources to a resource group.

  • Update Deployment: Updates resources in a resource group.

Deployment Name

Defines the deployment name.

Deployment Properties

Defines an API request, in JSON format, that enables you to add or update resources in a resource group.

Update Deployment:

Copy
{
  "properties": {
    "templateLink": {
      "uri": "https://test1.blob.core.windows.net/test123/Template_update.json?sp=r&st=2023-08-07T16:13:22Z&se
              =2023-12-03T01:13:22Z&sv=2022-11-02&sr=b&sig=mfFPtXBwmiW4MNH58ZTTJA%2FsAi1gjgKGuwxTlkTquGM%3D",
      "queryString": "sp=r&st=2023-08-07T16:13:22Z&se=2023-12-03T01:13:22Z&sv=2022-11-02&sr=b&sig=
                      mfFPtXBwmiW4MNH58ZTTJA%2FsAi1gjgKGuwxTlkTquGM%3D"
    },
    "parameters": {},
    "mode": "Incremental"
  }
}

Failure Tolerance

Determines the number of times to check the job status before the job ends Not OK.

Default: 2

Status Polling Frequency

Determines the number of seconds to wait before Control-M checks the status of the job.

Default: 15

GCP Deployment Manager Job

GCP Deployment Manager enables you to create, configure, test, and manage your GCP resources infrastructure.

To create a GCP Deployment Manager job, see Creating a Job. For more information about this plug-in, see Control-M for GCP Deployment Manager.

The following table describes the GCP Deployment Manager job attributes.

Attribute

Description

Connection Profile

Determines the authorization credentials that are used to connect Control-M to GCP Deployment Manager, as described in GCP Deployment Manager Connection Profile Parameters.

Rules:

  • Characters: 1−30

  • Case Sensitive: Yes

  • Invalid Characters: Blank spaces.

Project ID

Defines a unique GCP project ID for this job.

Action

Determines one of the following actions to perform:

  • Create Deployment: Creates a deployment, which is a collection of API resources, such as a Google Compute Engine or GCP Cloud SQL instance.

  • Update Deployment: Updates a deployment.

  • Delete Deployment: Deletes a deployment.

A deployment is a collection of API resources, such as a Google Compute Engine or GCP Cloud SQL instance.

Deployment Name

Defines a unique deployment name.

YAML Config Content

Defines a configuration, in YAML format, which enables you to add or update resources in a deployment.

You must use the YAML Minifier Tool to remove all unnecessary characters from your configuration code.

Copy
resources:
- type: compute.v1.instance
  name: quickstart-deployment-vm
  properties:
    zone: us-central1-f
    machineType: https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/zones/us-central1-f/
                 machineTypes/f1-micro
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-11
    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/applied-lattice-333108/global/networks/default
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
- type: bigquery.v2.dataset
  name: big-query-dataset
  properties:
    datasetReference:
    datasetId:example_id

Status Polling Frequency

Determines the number of seconds to wait before Control-M checks the status of the job.

Default: 10

Tolerance

Determines the number of times to check the job status before the job ends Not OK.

Default: 3

Terraform Job

Terraform is an open-source Infrastructure as Code (IaC) tool that enables you to create, configure, test, and manage your infrastructure on multiple platforms in a declarative way, using configuration files that describe the desired state of your infrastructure.

To create a Terraform job, see Creating a Job. For more information about this plug-in, see Control-M for Terraform.

The following table describes the Terraform job attributes:

Attribute

Action

Description

Connection Profile

 

Defines the name of a Connection Profile to use to connect Control-M to Terraform, as described in Terraform Connection Profile Parameters.

Rules:

Case Sensitive

Action

 

Determines one of the following Terraform actions to perform:

  • Create Workspace: Creates a new Terraform workspace.

  • Run Workspace: Executes the Terraform workspace.

  • Create Variable: Creates a variable in Terraform.

Workspace Params

 Create Workspace

Defines the details of the workspace to create, in JSON format.

Copy
{
   "data"
   {
      "attributes"
      {
         "name": "WorkspaceFromCM%%ORDERID",
         "terraform_version": "1.3.9",
         "working-directory": "/simple",
         "vcs-repo":
         {
            "identifier": "Reponame/repopoject",
            "oauth-token-id": "ot-RGGGGGGG",
            "branch": "main",
            "default-branch": true
         }
      },
      "type": "workspaces",
      "relationships"
      {
         "project":
         {
            "data"
            {
               "type": "projects",
               "id": "prj-AcihyPq2ZQQQQQ"
            }
         }
      }
   }
}

Characters: maximum of 4,000

Workspace Name

  • Run Workspace

  • Create Variable

Defines a name for the workspace where you want to perform the action.

Run Name

Run Workspace

Defines the name of the workspace run in Terraform.

Parameters

Run Workspace

Defines the parameters for this workspace run, in JSON format.

Copy
{"key": "ec2_status","value": "\"stopped\""},{"key": "ec2_type","value": "\"small\""}

For no parameters, type {}.

Variable

Create Variable

Defines the details of the variable in the Terraform workspace, in JSON format.

Copy
{
   "data"
   {
      "type":"vars",
      "attributes":
      {
         "key":"keydemo",
         "value":"valdemo",
         "description":"testvar",
         "category":"terraform",
         "hcl":false,
         "sensitive":false
      }
   }
}

Status Polling Frequency

All Actions

(Optional) Determines the number of seconds to wait before checking the status of the job between intervals.

Default: 20

Failure Tolerance

All Actions

Determines the number of times to check the job status before ending Not OK.

Default: 2