Skip to content

Resource: awsAppflowConnectorProfile

Provides an AppFlow connector profile resource.

For information about AppFlow flows, see the Amazon AppFlow API Reference. For specific information about creating an AppFlow connector profile, see the CreateConnectorProfile page in the Amazon AppFlow API Reference.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleExample = new aws.iamRole.IamRole(this, "example", {
  assumeRolePolicy:
    '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [\n      {\n        Action = "sts:AssumeRole"\n        Effect = "Allow"\n        Sid    = ""\n        Principal = {\n          Service = "ec2.amazonaws.com"\n        }\n      },\n    ]\n  })}',
  managedPolicyArns: ["${data.aws_iam_policy.test.arn}"],
  name: "example_role",
});
const awsRedshiftClusterExample = new aws.redshiftCluster.RedshiftCluster(
  this,
  "example_1",
  {
    clusterIdentifier: "example_cluster",
    clusterType: "single-node",
    databaseName: "example_db",
    masterPassword: "examplePassword123!",
    masterUsername: "exampleuser",
    nodeType: "dc1.large",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRedshiftClusterExample.overrideLogicalId("example");
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example_2", {
  bucket: "example_bucket",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketExample.overrideLogicalId("example");
const dataAwsIamPolicyExample = new aws.dataAwsIamPolicy.DataAwsIamPolicy(
  this,
  "example_3",
  {
    name: "AmazonRedshiftAllCommandsFullAccess",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyExample.overrideLogicalId("example");
const awsAppflowConnectorProfileExample =
  new aws.appflowConnectorProfile.AppflowConnectorProfile(this, "example_4", {
    connectionMode: "Public",
    connectorProfileConfig: {
      connectorProfileCredentials: {
        redshift: {
          password: awsRedshiftClusterExample.masterPassword,
          username: awsRedshiftClusterExample.masterUsername,
        },
      },
      connectorProfileProperties: {
        redshift: {
          bucketName: awsS3BucketExample.name,
          databaseUrl: `jdbc:redshift://\${${awsRedshiftClusterExample.endpoint}}/\${${awsRedshiftClusterExample.databaseName}}`,
          roleArn: awsIamRoleExample.arn,
        },
      },
    },
    connectorType: "Redshift",
    name: "example_profile",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsAppflowConnectorProfileExample.overrideLogicalId("example");

Argument Reference

The AppFlow connector profile argument layout is a complex structure. The following top-level arguments are supports:

  • name (Required) - Name of the connector profile. The name is unique for each connectorProfile in your AWS account.
  • connectionMode (Required) - Indicates the connection mode and specifies whether it is public or private. Private flows use AWS PrivateLink to route data over AWS infrastructure without exposing it to the public internet. One of: public, private.
  • connectorLabel (Optional) - The label of the connector. The label is unique for each ConnectorRegistration in your AWS account. Only needed if calling for customConnector connector type.
  • connectorProfileConfig (Required) - Defines the connector-specific configuration and credentials. See Connector Profile Config for more details.
  • connectorType (Required) - The type of connector. One of: amplitude, customConnector, customerProfiles, datadog, dynatrace, eventBridge, googleanalytics, honeycode, infornexus, lookoutMetrics, marketo, redshift, s3, salesforce, sapoData, servicenow, singular, slack, snowflake, trendmicro, upsolver, veeva, zendesk.
  • kmsArn (Optional) - ARN (Amazon Resource Name) of the Key Management Service (KMS) key you provide for encryption. This is required if you do not want to use the Amazon AppFlow-managed KMS key. If you don't provide anything here, Amazon AppFlow uses the Amazon AppFlow-managed KMS key.

Connector Profile Config

  • connectorProfileCredentials (Required) - The connector-specific credentials required by each connector. See Connector Profile Credentials for more details.
  • connectorProfileProperties (Required) - The connector-specific properties of the profile configuration. See Connector Profile Properties for more details.

Connector Profile Credentials

Amplitude Connector Profile Credentials

  • apiKey (Required) - Unique alphanumeric identifier used to authenticate a user, developer, or calling program to your API.
  • secretKey (Required) - The Secret Access Key portion of the credentials.

Custom Connector Profile Credentials

  • apiKey (Optional) - API keys required for the authentication of the user.
  • apiKey (Required) - The API key required for API key authentication.
  • apiSecretKey (Optional) - The API secret key required for API key authentication.
  • authenticationType (Required) - The authentication type that the custom connector uses for authenticating while creating a connector profile. One of: apikey, basic, custom, oauth2.
  • basic (Optional) - Basic credentials that are required for the authentication of the user.
  • password (Required) - The password to use to connect to a resource.
  • username (Required) - The username to use to connect to a resource.
  • custom (Optional) - If the connector uses the custom authentication mechanism, this holds the required credentials.
  • credentialsMap (Optional) - A map that holds custom authentication credentials.
  • customAuthenticationType (Required) - The custom authentication type that the connector uses.
  • oauth2 (Optional) - OAuth 2.0 credentials required for the authentication of the user.
  • accessToken (Optional) - The access token used to access the connector on your behalf.
  • clientId (Optional) - The identifier for the desired client.
  • clientSecret (Optional) - The client secret used by the OAuth client to authenticate to the authorization server.
  • oauthRequest (Optional) - Used by select connectors for which the OAuth workflow is supported. See OAuth Request for more details.
  • refreshToken (Optional) - The refresh token used to refresh an expired access token.

Datadog Connector Profile Credentials

  • apiKey (Required) - Unique alphanumeric identifier used to authenticate a user, developer, or calling program to your API.
  • applicationKey (Required) - Application keys, in conjunction with your API key, give you full access to Datadog’s programmatic API. Application keys are associated with the user account that created them. The application key is used to log all requests made to the API.

Dynatrace Connector Profile Credentials

  • apiToken (Required) - The API tokens used by Dynatrace API to authenticate various API calls.

Google Analytics Connector Profile Credentials

  • accessToken (Optional) - The credentials used to access protected Google Analytics resources.
  • clientId (Required) - The identifier for the desired client.
  • clientSecret (Required) - The client secret used by the OAuth client to authenticate to the authorization server.
  • oauthRequest (Optional) - The OAuth requirement needed to request security tokens from the connector endpoint. See OAuth Request for more details.
  • refreshToken (Optional) - The credentials used to acquire new access tokens. This is required only for OAuth2 access tokens, and is not required for OAuth1 access tokens.

Honeycode Connector Profile Credentials

  • accessToken (Optional) - The credentials used to access protected Amazon Honeycode resources.
  • oauthRequest (Optional) - Used by select connectors for which the OAuth workflow is supported, such as Salesforce, Google Analytics, Marketo, Zendesk, and Slack. See OAuth Request for more details.
  • refreshToken (Optional) - The credentials used to acquire new access tokens.

Infor Nexus Connector Profile Credentials

  • accessKeyId (Required) - The Access Key portion of the credentials.
  • datakey (Required) - Encryption keys used to encrypt data.
  • secretAccessKey (Required) - The secret key used to sign requests.
  • userId (Required) - Identifier for the user.

Marketo Connector Profile Credentials

  • accessToken (Optional) - The credentials used to access protected Marketo resources.
  • clientId (Required) - The identifier for the desired client.
  • clientSecret (Required) - The client secret used by the OAuth client to authenticate to the authorization server.
  • oauthRequest (Optional) - The OAuth requirement needed to request security tokens from the connector endpoint. See OAuth Request for more details.

Redshift Connector Profile Credentials

  • password (Required) - Password that corresponds to the user name.
  • username (Required) - Name of the user.

Salesforce Connector Profile Credentials

  • accessToken (Optional) - The credentials used to access protected Salesforce resources.
  • clientCredentialsArn (Optional) - The secret manager ARN, which contains the client ID and client secret of the connected app.
  • oauthRequest (Optional) - The OAuth requirement needed to request security tokens from the connector endpoint. See OAuth Request for more details.
  • refreshToken (Optional) - The credentials used to acquire new access tokens.

SAPOData Connector Profile Credentials

  • basicAuthCredentials (Optional) - The SAPOData basic authentication credentials.
  • password (Required) - The password to use to connect to a resource.
  • username (Required) - The username to use to connect to a resource.
  • oauthCredentials (Optional) - The SAPOData OAuth type authentication credentials.
  • accessToken (Optional) - The access token used to access protected SAPOData resources.
  • clientId (Required) - The identifier for the desired client.
  • clientSecret (Required) - The client secret used by the OAuth client to authenticate to the authorization server.
  • oauthRequest (Optional) - The OAuth requirement needed to request security tokens from the connector endpoint. See OAuth Request for more details.
  • refreshToken (Optional) - The refresh token used to refresh expired access token.

ServiceNow Connector Profile Credentials

  • password (Required) - Password that corresponds to the user name.
  • username (Required) - Name of the user.

Singular Connector Profile Credentials

  • apiKey (Required) - Unique alphanumeric identifier used to authenticate a user, developer, or calling program to your API.

Slack Connector Profile Credentials

  • accessToken (Optional) - The credentials used to access protected Slack resources.
  • clientId (Required) - The identifier for the client.
  • clientSecret (Required) - The client secret used by the OAuth client to authenticate to the authorization server.
  • oauthRequest (Optional) - The OAuth requirement needed to request security tokens from the connector endpoint. See OAuth Request for more details.

Snowflake Connector Profile Credentials

  • password (Required) - Password that corresponds to the user name.
  • username (Required) - Name of the user.

Trendmicro Connector Profile Credentials

  • apiSecretKey (Required) - The Secret Access Key portion of the credentials.

Veeva Connector Profile Credentials

  • password (Required) - Password that corresponds to the user name.
  • username (Required) - Name of the user.

Zendesk Connector Profile Credentials

  • accessToken (Optional) - The credentials used to access protected Zendesk resources.
  • clientId (Required) - The identifier for the desired client.
  • clientSecret (Required) - The client secret used by the OAuth client to authenticate to the authorization server.
  • oauthRequest (Optional) - The OAuth requirement needed to request security tokens from the connector endpoint. See OAuth Request for more details.
OAuth Request
  • authCode (Optional) - The code provided by the connector when it has been authenticated via the connected app.
  • redirectUri (Optional) - The URL to which the authentication server redirects the browser after authorization has been granted.

Connector Profile Properties

Custom Connector Profile Properties

  • oauth2Properties (Optional) - The OAuth 2.0 properties required for OAuth 2.0 authentication.
  • oauth2GrantType (Required) - The OAuth 2.0 grant type used by connector for OAuth 2.0 authentication. One of: AUTHORIZATION_CODE, CLIENT_CREDENTIALS.
  • tokenUrl (Required) - The token URL required for OAuth 2.0 authentication.
  • tokenUrlCustomProperties (Optional) - Associates your token URL with a map of properties that you define. Use this parameter to provide any additional details that the connector requires to authenticate your request.
  • profileProperties (Optional) - A map of properties that are required to create a profile for the custom connector.

Generic Connector Profile Properties

Datadog, Dynatrace, Infor Nexus, Marketo, ServiceNow, Slack, Veeva, and Zendesk all support the following attributes:

  • instanceUrl (Required) - The location of the Datadog resource.

Redshift Connector Profile Properties

  • bucketName (Required) - A name for the associated Amazon S3 bucket.
  • bucketPrefix (Optional) - The object key for the destination bucket in which Amazon AppFlow places the files.
  • clusterIdentifier (Optional) - The unique ID that's assigned to an Amazon Redshift cluster.
  • databaseName (Optional) - The name of an Amazon Redshift database.
  • databaseUrl (Required) - The JDBC URL of the Amazon Redshift cluster.
  • dataApiRoleArn (Optional) - ARN of the IAM role that permits AppFlow to access the database through Data API.
  • roleArn (Required) - ARN of the IAM role.

Salesforce Connector Profile Properties

  • instanceUrl (Optional) - The location of the Salesforce resource.
  • isSandboxEnvironment (Optional) - Indicates whether the connector profile applies to a sandbox or production environment.

SAPOData Connector Profile Properties

  • applicationHostUrl (Required) - The location of the SAPOData resource.
  • applicationServicePath (Required) - The application path to catalog service.
  • clientNumber (Required) - The client number for the client creating the connection.
  • logonLanguage (Optional) - The logon language of SAPOData instance.
  • oauthProperties (Optional) - The SAPOData OAuth properties required for OAuth type authentication.
  • authCodeUrl (Required) - The authorization code url required to redirect to SAP Login Page to fetch authorization code for OAuth type authentication.
  • oauthScopes (Required) - The OAuth scopes required for OAuth type authentication.
  • tokenUrl (Required) - The token url required to fetch access/refresh tokens using authorization code and also to refresh expired access token using refresh token.
  • portNumber (Required) - The port number of the SAPOData instance.
  • privateLinkServiceName (Optional) - The SAPOData Private Link service name to be used for private data transfers.

Snowflake Connector Profile Properties

  • accountName (Optional) - The name of the account.
  • bucketName (Required) - The name of the Amazon S3 bucket associated with Snowflake.
  • bucketPrefix (Optional) - The bucket path that refers to the Amazon S3 bucket associated with Snowflake.
  • privateLinkServiceName (Optional) - The Snowflake Private Link service name to be used for private data transfers.
  • region (Optional) - AWS Region of the Snowflake account.
  • stage (Required) - Name of the Amazon S3 stage that was created while setting up an Amazon S3 stage in the Snowflake account. This is written in the following format: <database>.<schema>.<stageName>.
  • warehouse (Required) - The name of the Snowflake warehouse.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - ARN of the connector profile.
  • credentialsArn - ARN of the connector profile credentials.

Import

AppFlow Connector Profile can be imported using the connector profile arn, e.g.

$ terraform import aws_appflow_connector_profile.profile arn:aws:appflow:us-west-2:123456789012:connectorprofile/example-profile