# Connections API
The Connections API describes the data types and API related to working with connections in AWS Glue.
**Topics**
+ [Connection API](aws-glue-api-catalog-connections-connections.md)
+ [Connection Types API](aws-glue-api-catalog-connections-connections-type.md)
+ [Connection Metadata and Preview API](aws-glue-api-catalog-connections-connections-metadata.md)
# Connection API
The Connection API describes AWS Glue connection data types, and the API for creating, deleting, updating, and listing connections.
## Data types
+ [Connection structure](#aws-glue-api-catalog-connections-connections-Connection)
+ [ConnectionInput structure](#aws-glue-api-catalog-connections-connections-ConnectionInput)
+ [TestConnectionInput structure](#aws-glue-api-catalog-connections-connections-TestConnectionInput)
+ [PhysicalConnectionRequirements structure](#aws-glue-api-catalog-connections-connections-PhysicalConnectionRequirements)
+ [GetConnectionsFilter structure](#aws-glue-api-catalog-connections-connections-GetConnectionsFilter)
+ [AuthenticationConfiguration structure](#aws-glue-api-catalog-connections-connections-AuthenticationConfiguration)
+ [AuthenticationConfigurationInput structure](#aws-glue-api-catalog-connections-connections-AuthenticationConfigurationInput)
+ [OAuth2Properties structure](#aws-glue-api-catalog-connections-connections-OAuth2Properties)
+ [OAuth2PropertiesInput structure](#aws-glue-api-catalog-connections-connections-OAuth2PropertiesInput)
+ [OAuth2ClientApplication structure](#aws-glue-api-catalog-connections-connections-OAuth2ClientApplication)
+ [AuthorizationCodeProperties structure](#aws-glue-api-catalog-connections-connections-AuthorizationCodeProperties)
+ [BasicAuthenticationCredentials structure](#aws-glue-api-catalog-connections-connections-BasicAuthenticationCredentials)
+ [OAuth2Credentials structure](#aws-glue-api-catalog-connections-connections-OAuth2Credentials)
## Connection structure
Defines a connection to a data source.
**Fields**
+ `Name` – UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection definition.
+ `Description` – Description string, not more than 2048 bytes long, matching the [URI address multi-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-uri).
The description of the connection.
+ `ConnectionType` – UTF-8 string (valid values: `JDBC` \$1 `SFTP` \$1 `MONGODB` \$1 `KAFKA` \$1 `NETWORK` \$1 `MARKETPLACE` \$1 `CUSTOM` \$1 `SALESFORCE` \$1 `VIEW_VALIDATION_REDSHIFT` \$1 `VIEW_VALIDATION_ATHENA` \$1 `GOOGLEADS` \$1 `GOOGLESHEETS` \$1 `GOOGLEANALYTICS4` \$1 `SERVICENOW` \$1 `MARKETO` \$1 `SAPODATA` \$1 `ZENDESK` \$1 `JIRACLOUD` \$1 `NETSUITEERP` \$1 `HUBSPOT` \$1 `FACEBOOKADS` \$1 `INSTAGRAMADS` \$1 `ZOHOCRM` \$1 `SALESFORCEPARDOT` \$1 `SALESFORCEMARKETINGCLOUD` \$1 `ADOBEANALYTICS` \$1 `SLACK` \$1 `LINKEDIN` \$1 `MIXPANEL` \$1 `ASANA` \$1 `STRIPE` \$1 `SMARTSHEET` \$1 `DATADOG` \$1 `WOOCOMMERCE` \$1 `INTERCOM` \$1 `SNAPCHATADS` \$1 `PAYPAL` \$1 `QUICKBOOKS` \$1 `FACEBOOKPAGEINSIGHTS` \$1 `FRESHDESK` \$1 `TWILIO` \$1 `DOCUSIGNMONITOR` \$1 `FRESHSALES` \$1 `ZOOM` \$1 `GOOGLESEARCHCONSOLE` \$1 `SALESFORCECOMMERCECLOUD` \$1 `SAPCONCUR` \$1 `DYNATRACE` \$1 `MICROSOFTDYNAMIC365FINANCEANDOPS` \$1 `MICROSOFTTEAMS` \$1 `BLACKBAUDRAISEREDGENXT` \$1 `MAILCHIMP` \$1 `GITLAB` \$1 `PENDO` \$1 `PRODUCTBOARD` \$1 `CIRCLECI` \$1 `PIPEDIVE` \$1 `SENDGRID` \$1 `AZURECOSMOS` \$1 `AZURESQL` \$1 `BIGQUERY` \$1 `BLACKBAUD` \$1 `CLOUDERAHIVE` \$1 `CLOUDERAIMPALA` \$1 `CLOUDWATCH` \$1 `CLOUDWATCHMETRICS` \$1 `CMDB` \$1 `DATALAKEGEN2` \$1 `DB2` \$1 `DB2AS400` \$1 `DOCUMENTDB` \$1 `DOMO` \$1 `DYNAMODB` \$1 `GOOGLECLOUDSTORAGE` \$1 `HBASE` \$1 `KUSTOMER` \$1 `MICROSOFTDYNAMICS365CRM` \$1 `MONDAY` \$1 `MYSQL` \$1 `OKTA` \$1 `OPENSEARCH` \$1 `ORACLE` \$1 `PIPEDRIVE` \$1 `POSTGRESQL` \$1 `SAPHANA` \$1 `SQLSERVER` \$1 `SYNAPSE` \$1 `TERADATA` \$1 `TERADATANOS` \$1 `TIMESTREAM` \$1 `TPCDS` \$1 `VERTICA`).
The type of the connection. Currently, SFTP is not supported.
+ `MatchCriteria` – An array of UTF-8 strings, not more than 10 strings.
A list of criteria that can be used in selecting this connection.
+ `ConnectionProperties` – A map array of key-value pairs, not more than 100 pairs.
Each key is a UTF-8 string (valid values: `HOST` \$1 `PORT` \$1 `USERNAME="USER_NAME"` \$1 `PASSWORD` \$1 `ENCRYPTED_PASSWORD` \$1 `JDBC_DRIVER_JAR_URI` \$1 `JDBC_DRIVER_CLASS_NAME` \$1 `JDBC_ENGINE` \$1 `JDBC_ENGINE_VERSION` \$1 `CONFIG_FILES` \$1 `INSTANCE_ID` \$1 `JDBC_CONNECTION_URL` \$1 `JDBC_ENFORCE_SSL` \$1 `CUSTOM_JDBC_CERT` \$1 `SKIP_CUSTOM_JDBC_CERT_VALIDATION` \$1 `CUSTOM_JDBC_CERT_STRING` \$1 `CONNECTION_URL` \$1 `KAFKA_BOOTSTRAP_SERVERS` \$1 `KAFKA_SSL_ENABLED` \$1 `KAFKA_CUSTOM_CERT` \$1 `KAFKA_SKIP_CUSTOM_CERT_VALIDATION` \$1 `KAFKA_CLIENT_KEYSTORE` \$1 `KAFKA_CLIENT_KEYSTORE_PASSWORD` \$1 `KAFKA_CLIENT_KEY_PASSWORD` \$1 `ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD` \$1 `ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD` \$1 `KAFKA_SASL_MECHANISM` \$1 `KAFKA_SASL_PLAIN_USERNAME` \$1 `KAFKA_SASL_PLAIN_PASSWORD` \$1 `ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD` \$1 `KAFKA_SASL_SCRAM_USERNAME` \$1 `KAFKA_SASL_SCRAM_PASSWORD` \$1 `KAFKA_SASL_SCRAM_SECRETS_ARN` \$1 `ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD` \$1 `KAFKA_SASL_GSSAPI_KEYTAB` \$1 `KAFKA_SASL_GSSAPI_KRB5_CONF` \$1 `KAFKA_SASL_GSSAPI_SERVICE` \$1 `KAFKA_SASL_GSSAPI_PRINCIPAL` \$1 `SECRET_ID` \$1 `CONNECTOR_URL` \$1 `CONNECTOR_TYPE` \$1 `CONNECTOR_CLASS_NAME` \$1 `ENDPOINT` \$1 `ENDPOINT_TYPE` \$1 `ROLE_ARN` \$1 `REGION` \$1 `WORKGROUP_NAME` \$1 `CLUSTER_IDENTIFIER` \$1 `DATABASE`).
Each value is a Value string, not less than 1 or more than 1024 bytes long.
These key-value pairs define parameters for the connection when using the version 1 Connection schema:
+ `HOST` - The host URI: either the fully qualified domain name (FQDN) or the IPv4 address of the database host.
+ `PORT` - The port number, between 1024 and 65535, of the port on which the database host is listening for database connections.
+ `USER_NAME` - The name under which to log in to the database. The value string for `USER_NAME` is "`USERNAME`".
+ `PASSWORD` - A password, if one is used, for the user name.
+ `ENCRYPTED_PASSWORD` - When you enable connection password protection by setting `ConnectionPasswordEncryption` in the Data Catalog encryption settings, this field stores the encrypted password.
+ `JDBC_DRIVER_JAR_URI` - The Amazon Simple Storage Service (Amazon S3) path of the JAR file that contains the JDBC driver to use.
+ `JDBC_DRIVER_CLASS_NAME` - The class name of the JDBC driver to use.
+ `JDBC_ENGINE` - The name of the JDBC engine to use.
+ `JDBC_ENGINE_VERSION` - The version of the JDBC engine to use.
+ `CONFIG_FILES` - (Reserved for future use.)
+ `INSTANCE_ID` - The instance ID to use.
+ `JDBC_CONNECTION_URL` - The URL for connecting to a JDBC data source.
+ `JDBC_ENFORCE_SSL` - A case-insensitive Boolean string (true, false) specifying whether Secure Sockets Layer (SSL) with hostname matching is enforced for the JDBC connection on the client. The default is false.
+ `CUSTOM_JDBC_CERT` - An Amazon S3 location specifying the customer's root certificate. AWS Glue uses this root certificate to validate the customer's certificate when connecting to the customer database. AWS Glue only handles X.509 certificates. The certificate provided must be DER-encoded and supplied in Base64 encoding PEM format.
+ `SKIP_CUSTOM_JDBC_CERT_VALIDATION` - By default, this is `false`. AWS Glue validates the Signature algorithm and Subject Public Key Algorithm for the customer certificate. The only permitted algorithms for the Signature algorithm are SHA256withRSA, SHA384withRSA or SHA512withRSA. For the Subject Public Key Algorithm, the key length must be at least 2048. You can set the value of this property to `true` to skip AWS Glue's validation of the customer certificate.
+ `CUSTOM_JDBC_CERT_STRING` - A custom JDBC certificate string which is used for domain match or distinguished name match to prevent a man-in-the-middle attack. In Oracle database, this is used as the `SSL_SERVER_CERT_DN`; in Microsoft SQL Server, this is used as the `hostNameInCertificate`.
+ `CONNECTION_URL` - The URL for connecting to a general (non-JDBC) data source.
+ `SECRET_ID` - The secret ID used for the secret manager of credentials.
+ `CONNECTOR_URL` - The connector URL for a MARKETPLACE or CUSTOM connection.
+ `CONNECTOR_TYPE` - The connector type for a MARKETPLACE or CUSTOM connection.
+ `CONNECTOR_CLASS_NAME` - The connector class name for a MARKETPLACE or CUSTOM connection.
+ `KAFKA_BOOTSTRAP_SERVERS` - A comma-separated list of host and port pairs that are the addresses of the Apache Kafka brokers in a Kafka cluster to which a Kafka client will connect to and bootstrap itself.
+ `KAFKA_SSL_ENABLED` - Whether to enable or disable SSL on an Apache Kafka connection. Default value is "true".
+ `KAFKA_CUSTOM_CERT` - The Amazon S3 URL for the private CA cert file (.pem format). The default is an empty string.
+ `KAFKA_SKIP_CUSTOM_CERT_VALIDATION` - Whether to skip the validation of the CA cert file or not. AWS Glue validates for three algorithms: SHA256withRSA, SHA384withRSA and SHA512withRSA. Default value is "false".
+ `KAFKA_CLIENT_KEYSTORE` - The Amazon S3 location of the client keystore file for Kafka client side authentication (Optional).
+ `KAFKA_CLIENT_KEYSTORE_PASSWORD` - The password to access the provided keystore (Optional).
+ `KAFKA_CLIENT_KEY_PASSWORD` - A keystore can consist of multiple keys, so this is the password to access the client key to be used with the Kafka server side key (Optional).
+ `ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD` - The encrypted version of the Kafka client keystore password (if the user has the AWS Glue encrypt passwords setting selected).
+ `ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD` - The encrypted version of the Kafka client key password (if the user has the AWS Glue encrypt passwords setting selected).
+ `KAFKA_SASL_MECHANISM` - `"SCRAM-SHA-512"`, `"GSSAPI"`, `"AWS_MSK_IAM"`, or `"PLAIN"`. These are the supported [SASL Mechanisms](https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xhtml).
+ `KAFKA_SASL_PLAIN_USERNAME` - A plaintext username used to authenticate with the "PLAIN" mechanism.
+ `KAFKA_SASL_PLAIN_PASSWORD` - A plaintext password used to authenticate with the "PLAIN" mechanism.
+ `ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD` - The encrypted version of the Kafka SASL PLAIN password (if the user has the AWS Glue encrypt passwords setting selected).
+ `KAFKA_SASL_SCRAM_USERNAME` - A plaintext username used to authenticate with the "SCRAM-SHA-512" mechanism.
+ `KAFKA_SASL_SCRAM_PASSWORD` - A plaintext password used to authenticate with the "SCRAM-SHA-512" mechanism.
+ `ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD` - The encrypted version of the Kafka SASL SCRAM password (if the user has the AWS Glue encrypt passwords setting selected).
+ `KAFKA_SASL_SCRAM_SECRETS_ARN` - The Amazon Resource Name of a secret in AWS Secrets Manager.
+ `KAFKA_SASL_GSSAPI_KEYTAB` - The S3 location of a Kerberos `keytab` file. A keytab stores long-term keys for one or more principals. For more information, see [MIT Kerberos Documentation: Keytab](https://web.mit.edu/kerberos/krb5-latest/doc/basic/keytab_def.html).
+ `KAFKA_SASL_GSSAPI_KRB5_CONF` - The S3 location of a Kerberos `krb5.conf` file. A krb5.conf stores Kerberos configuration information, such as the location of the KDC server. For more information, see [MIT Kerberos Documentation: krb5.conf](https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html).
+ `KAFKA_SASL_GSSAPI_SERVICE` - The Kerberos service name, as set with `sasl.kerberos.service.name` in your [Kafka Configuration](https://kafka.apache.org/documentation/#brokerconfigs_sasl.kerberos.service.name).
+ `KAFKA_SASL_GSSAPI_PRINCIPAL` - The name of the Kerberos princial used by AWS Glue. For more information, see [Kafka Documentation: Configuring Kafka Brokers](https://kafka.apache.org/documentation/#security_sasl_kerberos_clientconfig).
+ `ROLE_ARN` - The role to be used for running queries.
+ `REGION` - The AWS Region where queries will be run.
+ `WORKGROUP_NAME` - The name of an Amazon Redshift serverless workgroup or Amazon Athena workgroup in which queries will run.
+ `CLUSTER_IDENTIFIER` - The cluster identifier of an Amazon Redshift cluster in which queries will run.
+ `DATABASE` - The Amazon Redshift database that you are connecting to.
+ `SparkProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 2048 bytes long.
Connection properties specific to the Spark compute environment.
+ `AthenaProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 2048 bytes long.
Connection properties specific to the Athena compute environment.
+ `PythonProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 2048 bytes long.
Connection properties specific to the Python compute environment.
+ `PhysicalConnectionRequirements` – A [PhysicalConnectionRequirements](#aws-glue-api-catalog-connections-connections-PhysicalConnectionRequirements) object.
The physical connection requirements, such as virtual private cloud (VPC) and `SecurityGroup`, that are needed to make this connection successfully.
+ `CreationTime` – Timestamp.
The timestamp of the time that this connection definition was created.
+ `LastUpdatedTime` – Timestamp.
The timestamp of the last time the connection definition was updated.
+ `LastUpdatedBy` – UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The user, group, or role that last updated this connection definition.
+ `Status` – UTF-8 string (valid values: `READY` \$1 `IN_PROGRESS` \$1 `FAILED`).
The status of the connection. Can be one of: `READY`, `IN_PROGRESS`, or `FAILED`.
+ `StatusReason` – UTF-8 string, not less than 1 or more than 16384 bytes long.
The reason for the connection status.
+ `LastConnectionValidationTime` – Timestamp.
A timestamp of the time this connection was last validated.
+ `AuthenticationConfiguration` – An [AuthenticationConfiguration](#aws-glue-api-catalog-connections-connections-AuthenticationConfiguration) object.
The authentication properties of the connection.
+ `ConnectionSchemaVersion` – Number (integer), not less than 1 or more than 2.
The version of the connection schema for this connection. Version 2 supports properties for specific compute environments.
+ `CompatibleComputeEnvironments` – An array of UTF-8 strings.
A list of compute environments compatible with the connection.
## ConnectionInput structure
A structure that is used to specify a connection to create or update.
**Fields**
+ `Name` – *Required:* UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection.
+ `Description` – Description string, not more than 2048 bytes long, matching the [URI address multi-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-uri).
The description of the connection.
+ `ConnectionType` – *Required:* UTF-8 string (valid values: `JDBC` \$1 `SFTP` \$1 `MONGODB` \$1 `KAFKA` \$1 `NETWORK` \$1 `MARKETPLACE` \$1 `CUSTOM` \$1 `SALESFORCE` \$1 `VIEW_VALIDATION_REDSHIFT` \$1 `VIEW_VALIDATION_ATHENA` \$1 `GOOGLEADS` \$1 `GOOGLESHEETS` \$1 `GOOGLEANALYTICS4` \$1 `SERVICENOW` \$1 `MARKETO` \$1 `SAPODATA` \$1 `ZENDESK` \$1 `JIRACLOUD` \$1 `NETSUITEERP` \$1 `HUBSPOT` \$1 `FACEBOOKADS` \$1 `INSTAGRAMADS` \$1 `ZOHOCRM` \$1 `SALESFORCEPARDOT` \$1 `SALESFORCEMARKETINGCLOUD` \$1 `ADOBEANALYTICS` \$1 `SLACK` \$1 `LINKEDIN` \$1 `MIXPANEL` \$1 `ASANA` \$1 `STRIPE` \$1 `SMARTSHEET` \$1 `DATADOG` \$1 `WOOCOMMERCE` \$1 `INTERCOM` \$1 `SNAPCHATADS` \$1 `PAYPAL` \$1 `QUICKBOOKS` \$1 `FACEBOOKPAGEINSIGHTS` \$1 `FRESHDESK` \$1 `TWILIO` \$1 `DOCUSIGNMONITOR` \$1 `FRESHSALES` \$1 `ZOOM` \$1 `GOOGLESEARCHCONSOLE` \$1 `SALESFORCECOMMERCECLOUD` \$1 `SAPCONCUR` \$1 `DYNATRACE` \$1 `MICROSOFTDYNAMIC365FINANCEANDOPS` \$1 `MICROSOFTTEAMS` \$1 `BLACKBAUDRAISEREDGENXT` \$1 `MAILCHIMP` \$1 `GITLAB` \$1 `PENDO` \$1 `PRODUCTBOARD` \$1 `CIRCLECI` \$1 `PIPEDIVE` \$1 `SENDGRID` \$1 `AZURECOSMOS` \$1 `AZURESQL` \$1 `BIGQUERY` \$1 `BLACKBAUD` \$1 `CLOUDERAHIVE` \$1 `CLOUDERAIMPALA` \$1 `CLOUDWATCH` \$1 `CLOUDWATCHMETRICS` \$1 `CMDB` \$1 `DATALAKEGEN2` \$1 `DB2` \$1 `DB2AS400` \$1 `DOCUMENTDB` \$1 `DOMO` \$1 `DYNAMODB` \$1 `GOOGLECLOUDSTORAGE` \$1 `HBASE` \$1 `KUSTOMER` \$1 `MICROSOFTDYNAMICS365CRM` \$1 `MONDAY` \$1 `MYSQL` \$1 `OKTA` \$1 `OPENSEARCH` \$1 `ORACLE` \$1 `PIPEDRIVE` \$1 `POSTGRESQL` \$1 `SAPHANA` \$1 `SQLSERVER` \$1 `SYNAPSE` \$1 `TERADATA` \$1 `TERADATANOS` \$1 `TIMESTREAM` \$1 `TPCDS` \$1 `VERTICA`).
The type of the connection. Currently, these types are supported:
+ `JDBC` - Designates a connection to a database through Java Database Connectivity (JDBC).
`JDBC` Connections use the following ConnectionParameters.
+ Required: All of (`HOST`, `PORT`, `JDBC_ENGINE`) or `JDBC_CONNECTION_URL`.
+ Required: All of (`USERNAME`, `PASSWORD`) or `SECRET_ID`.
+ Optional: `JDBC_ENFORCE_SSL`, `CUSTOM_JDBC_CERT`, `CUSTOM_JDBC_CERT_STRING`, `SKIP_CUSTOM_JDBC_CERT_VALIDATION`. These parameters are used to configure SSL with JDBC.
+ `KAFKA` - Designates a connection to an Apache Kafka streaming platform.
`KAFKA` Connections use the following ConnectionParameters.
+ Required: `KAFKA_BOOTSTRAP_SERVERS`.
+ Optional: `KAFKA_SSL_ENABLED`, `KAFKA_CUSTOM_CERT`, `KAFKA_SKIP_CUSTOM_CERT_VALIDATION`. These parameters are used to configure SSL with `KAFKA`.
+ Optional: `KAFKA_CLIENT_KEYSTORE`, `KAFKA_CLIENT_KEYSTORE_PASSWORD`, `KAFKA_CLIENT_KEY_PASSWORD`, `ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD`, `ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD`. These parameters are used to configure TLS client configuration with SSL in `KAFKA`.
+ Optional: `KAFKA_SASL_MECHANISM`. Can be specified as `SCRAM-SHA-512`, `GSSAPI`, or `AWS_MSK_IAM`.
+ Optional: `KAFKA_SASL_SCRAM_USERNAME`, `KAFKA_SASL_SCRAM_PASSWORD`, `ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD`. These parameters are used to configure SASL/SCRAM-SHA-512 authentication with `KAFKA`.
+ Optional: `KAFKA_SASL_GSSAPI_KEYTAB`, `KAFKA_SASL_GSSAPI_KRB5_CONF`, `KAFKA_SASL_GSSAPI_SERVICE`, `KAFKA_SASL_GSSAPI_PRINCIPAL`. These parameters are used to configure SASL/GSSAPI authentication with `KAFKA`.
+ `MONGODB` - Designates a connection to a MongoDB document database.
`MONGODB` Connections use the following ConnectionParameters.
+ Required: `CONNECTION_URL`.
+ Required: All of (`USERNAME`, `PASSWORD`) or `SECRET_ID`.
+ `VIEW_VALIDATION_REDSHIFT` - Designates a connection used for view validation by Amazon Redshift.
+ `VIEW_VALIDATION_ATHENA` - Designates a connection used for view validation by Amazon Athena.
+ `NETWORK` - Designates a network connection to a data source within an Amazon Virtual Private Cloud environment (Amazon VPC).
`NETWORK` Connections do not require ConnectionParameters. Instead, provide a PhysicalConnectionRequirements.
+ `MARKETPLACE` - Uses configuration settings contained in a connector purchased from AWS Marketplace to read from and write to data stores that are not natively supported by AWS Glue.
`MARKETPLACE` Connections use the following ConnectionParameters.
+ Required: `CONNECTOR_TYPE`, `CONNECTOR_URL`, `CONNECTOR_CLASS_NAME`, `CONNECTION_URL`.
+ Required for `JDBC` `CONNECTOR_TYPE` connections: All of (`USERNAME`, `PASSWORD`) or `SECRET_ID`.
+ `CUSTOM` - Uses configuration settings contained in a custom connector to read from and write to data stores that are not natively supported by AWS Glue.
For more information on the connection parameters needed for a particular connector, see the documentation for the connector in [Adding an AWS Glue connection](https://docs.aws.amazon.com/glue/latest/dg/console-connections.html)in the AWS Glue User Guide.
`SFTP` is not supported.
For more information about how optional ConnectionProperties are used to configure features in AWS Glue, consult [AWS Glue connection properties](https://docs.aws.amazon.com/glue/latest/dg/connection-defining.html).
For more information about how optional ConnectionProperties are used to configure features in AWS Glue Studio, consult [Using connectors and connections](https://docs.aws.amazon.com/glue/latest/ug/connectors-chapter.html).
+ `MatchCriteria` – An array of UTF-8 strings, not more than 10 strings.
A list of criteria that can be used in selecting this connection.
+ `ConnectionProperties` – *Required:* A map array of key-value pairs, not more than 100 pairs.
Each key is a UTF-8 string (valid values: `HOST` \$1 `PORT` \$1 `USERNAME="USER_NAME"` \$1 `PASSWORD` \$1 `ENCRYPTED_PASSWORD` \$1 `JDBC_DRIVER_JAR_URI` \$1 `JDBC_DRIVER_CLASS_NAME` \$1 `JDBC_ENGINE` \$1 `JDBC_ENGINE_VERSION` \$1 `CONFIG_FILES` \$1 `INSTANCE_ID` \$1 `JDBC_CONNECTION_URL` \$1 `JDBC_ENFORCE_SSL` \$1 `CUSTOM_JDBC_CERT` \$1 `SKIP_CUSTOM_JDBC_CERT_VALIDATION` \$1 `CUSTOM_JDBC_CERT_STRING` \$1 `CONNECTION_URL` \$1 `KAFKA_BOOTSTRAP_SERVERS` \$1 `KAFKA_SSL_ENABLED` \$1 `KAFKA_CUSTOM_CERT` \$1 `KAFKA_SKIP_CUSTOM_CERT_VALIDATION` \$1 `KAFKA_CLIENT_KEYSTORE` \$1 `KAFKA_CLIENT_KEYSTORE_PASSWORD` \$1 `KAFKA_CLIENT_KEY_PASSWORD` \$1 `ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD` \$1 `ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD` \$1 `KAFKA_SASL_MECHANISM` \$1 `KAFKA_SASL_PLAIN_USERNAME` \$1 `KAFKA_SASL_PLAIN_PASSWORD` \$1 `ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD` \$1 `KAFKA_SASL_SCRAM_USERNAME` \$1 `KAFKA_SASL_SCRAM_PASSWORD` \$1 `KAFKA_SASL_SCRAM_SECRETS_ARN` \$1 `ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD` \$1 `KAFKA_SASL_GSSAPI_KEYTAB` \$1 `KAFKA_SASL_GSSAPI_KRB5_CONF` \$1 `KAFKA_SASL_GSSAPI_SERVICE` \$1 `KAFKA_SASL_GSSAPI_PRINCIPAL` \$1 `SECRET_ID` \$1 `CONNECTOR_URL` \$1 `CONNECTOR_TYPE` \$1 `CONNECTOR_CLASS_NAME` \$1 `ENDPOINT` \$1 `ENDPOINT_TYPE` \$1 `ROLE_ARN` \$1 `REGION` \$1 `WORKGROUP_NAME` \$1 `CLUSTER_IDENTIFIER` \$1 `DATABASE`).
Each value is a Value string, not less than 1 or more than 1024 bytes long.
These key-value pairs define parameters for the connection.
+ `SparkProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 2048 bytes long.
Connection properties specific to the Spark compute environment.
+ `AthenaProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 2048 bytes long.
Connection properties specific to the Athena compute environment.
+ `PythonProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 2048 bytes long.
Connection properties specific to the Python compute environment.
+ `PhysicalConnectionRequirements` – A [PhysicalConnectionRequirements](#aws-glue-api-catalog-connections-connections-PhysicalConnectionRequirements) object.
The physical connection requirements, such as virtual private cloud (VPC) and `SecurityGroup`, that are needed to successfully make this connection.
+ `AuthenticationConfiguration` – An [AuthenticationConfigurationInput](#aws-glue-api-catalog-connections-connections-AuthenticationConfigurationInput) object.
The authentication properties of the connection.
+ `ValidateCredentials` – Boolean.
A flag to validate the credentials during create connection. Default is true.
+ `ValidateForComputeEnvironments` – An array of UTF-8 strings.
The compute environments that the specified connection properties are validated against.
## TestConnectionInput structure
A structure that is used to specify testing a connection to a service.
**Fields**
+ `ConnectionType` – *Required:* UTF-8 string (valid values: `JDBC` \$1 `SFTP` \$1 `MONGODB` \$1 `KAFKA` \$1 `NETWORK` \$1 `MARKETPLACE` \$1 `CUSTOM` \$1 `SALESFORCE` \$1 `VIEW_VALIDATION_REDSHIFT` \$1 `VIEW_VALIDATION_ATHENA` \$1 `GOOGLEADS` \$1 `GOOGLESHEETS` \$1 `GOOGLEANALYTICS4` \$1 `SERVICENOW` \$1 `MARKETO` \$1 `SAPODATA` \$1 `ZENDESK` \$1 `JIRACLOUD` \$1 `NETSUITEERP` \$1 `HUBSPOT` \$1 `FACEBOOKADS` \$1 `INSTAGRAMADS` \$1 `ZOHOCRM` \$1 `SALESFORCEPARDOT` \$1 `SALESFORCEMARKETINGCLOUD` \$1 `ADOBEANALYTICS` \$1 `SLACK` \$1 `LINKEDIN` \$1 `MIXPANEL` \$1 `ASANA` \$1 `STRIPE` \$1 `SMARTSHEET` \$1 `DATADOG` \$1 `WOOCOMMERCE` \$1 `INTERCOM` \$1 `SNAPCHATADS` \$1 `PAYPAL` \$1 `QUICKBOOKS` \$1 `FACEBOOKPAGEINSIGHTS` \$1 `FRESHDESK` \$1 `TWILIO` \$1 `DOCUSIGNMONITOR` \$1 `FRESHSALES` \$1 `ZOOM` \$1 `GOOGLESEARCHCONSOLE` \$1 `SALESFORCECOMMERCECLOUD` \$1 `SAPCONCUR` \$1 `DYNATRACE` \$1 `MICROSOFTDYNAMIC365FINANCEANDOPS` \$1 `MICROSOFTTEAMS` \$1 `BLACKBAUDRAISEREDGENXT` \$1 `MAILCHIMP` \$1 `GITLAB` \$1 `PENDO` \$1 `PRODUCTBOARD` \$1 `CIRCLECI` \$1 `PIPEDIVE` \$1 `SENDGRID` \$1 `AZURECOSMOS` \$1 `AZURESQL` \$1 `BIGQUERY` \$1 `BLACKBAUD` \$1 `CLOUDERAHIVE` \$1 `CLOUDERAIMPALA` \$1 `CLOUDWATCH` \$1 `CLOUDWATCHMETRICS` \$1 `CMDB` \$1 `DATALAKEGEN2` \$1 `DB2` \$1 `DB2AS400` \$1 `DOCUMENTDB` \$1 `DOMO` \$1 `DYNAMODB` \$1 `GOOGLECLOUDSTORAGE` \$1 `HBASE` \$1 `KUSTOMER` \$1 `MICROSOFTDYNAMICS365CRM` \$1 `MONDAY` \$1 `MYSQL` \$1 `OKTA` \$1 `OPENSEARCH` \$1 `ORACLE` \$1 `PIPEDRIVE` \$1 `POSTGRESQL` \$1 `SAPHANA` \$1 `SQLSERVER` \$1 `SYNAPSE` \$1 `TERADATA` \$1 `TERADATANOS` \$1 `TIMESTREAM` \$1 `TPCDS` \$1 `VERTICA`).
The type of connection to test. This operation is only available for the `JDBC` or `SALESFORCE` connection types.
+ `ConnectionProperties` – *Required:* A map array of key-value pairs, not more than 100 pairs.
Each key is a UTF-8 string (valid values: `HOST` \$1 `PORT` \$1 `USERNAME="USER_NAME"` \$1 `PASSWORD` \$1 `ENCRYPTED_PASSWORD` \$1 `JDBC_DRIVER_JAR_URI` \$1 `JDBC_DRIVER_CLASS_NAME` \$1 `JDBC_ENGINE` \$1 `JDBC_ENGINE_VERSION` \$1 `CONFIG_FILES` \$1 `INSTANCE_ID` \$1 `JDBC_CONNECTION_URL` \$1 `JDBC_ENFORCE_SSL` \$1 `CUSTOM_JDBC_CERT` \$1 `SKIP_CUSTOM_JDBC_CERT_VALIDATION` \$1 `CUSTOM_JDBC_CERT_STRING` \$1 `CONNECTION_URL` \$1 `KAFKA_BOOTSTRAP_SERVERS` \$1 `KAFKA_SSL_ENABLED` \$1 `KAFKA_CUSTOM_CERT` \$1 `KAFKA_SKIP_CUSTOM_CERT_VALIDATION` \$1 `KAFKA_CLIENT_KEYSTORE` \$1 `KAFKA_CLIENT_KEYSTORE_PASSWORD` \$1 `KAFKA_CLIENT_KEY_PASSWORD` \$1 `ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD` \$1 `ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD` \$1 `KAFKA_SASL_MECHANISM` \$1 `KAFKA_SASL_PLAIN_USERNAME` \$1 `KAFKA_SASL_PLAIN_PASSWORD` \$1 `ENCRYPTED_KAFKA_SASL_PLAIN_PASSWORD` \$1 `KAFKA_SASL_SCRAM_USERNAME` \$1 `KAFKA_SASL_SCRAM_PASSWORD` \$1 `KAFKA_SASL_SCRAM_SECRETS_ARN` \$1 `ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD` \$1 `KAFKA_SASL_GSSAPI_KEYTAB` \$1 `KAFKA_SASL_GSSAPI_KRB5_CONF` \$1 `KAFKA_SASL_GSSAPI_SERVICE` \$1 `KAFKA_SASL_GSSAPI_PRINCIPAL` \$1 `SECRET_ID` \$1 `CONNECTOR_URL` \$1 `CONNECTOR_TYPE` \$1 `CONNECTOR_CLASS_NAME` \$1 `ENDPOINT` \$1 `ENDPOINT_TYPE` \$1 `ROLE_ARN` \$1 `REGION` \$1 `WORKGROUP_NAME` \$1 `CLUSTER_IDENTIFIER` \$1 `DATABASE`).
Each value is a Value string, not less than 1 or more than 1024 bytes long.
The key-value pairs that define parameters for the connection.
JDBC connections use the following connection properties:
+ Required: All of (`HOST`, `PORT`, `JDBC_ENGINE`) or `JDBC_CONNECTION_URL`.
+ Required: All of (`USERNAME`, `PASSWORD`) or `SECRET_ID`.
+ Optional: `JDBC_ENFORCE_SSL`, `CUSTOM_JDBC_CERT`, `CUSTOM_JDBC_CERT_STRING`, `SKIP_CUSTOM_JDBC_CERT_VALIDATION`. These parameters are used to configure SSL with JDBC.
SALESFORCE connections require the `AuthenticationConfiguration` member to be configured.
+ `AuthenticationConfiguration` – An [AuthenticationConfigurationInput](#aws-glue-api-catalog-connections-connections-AuthenticationConfigurationInput) object.
A structure containing the authentication configuration in the TestConnection request. Required for a connection to Salesforce using OAuth authentication.
## PhysicalConnectionRequirements structure
The OAuth client app in GetConnection response.
**Fields**
+ `SubnetId` – UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The subnet ID used by the connection.
+ `SecurityGroupIdList` – An array of UTF-8 strings, not more than 50 strings.
The security group ID list used by the connection.
+ `AvailabilityZone` – UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The connection's Availability Zone.
## GetConnectionsFilter structure
Filters the connection definitions that are returned by the `GetConnections` API operation.
**Fields**
+ `MatchCriteria` – An array of UTF-8 strings, not more than 10 strings.
A criteria string that must match the criteria recorded in the connection definition for that connection definition to be returned.
+ `ConnectionType` – UTF-8 string (valid values: `JDBC` \$1 `SFTP` \$1 `MONGODB` \$1 `KAFKA` \$1 `NETWORK` \$1 `MARKETPLACE` \$1 `CUSTOM` \$1 `SALESFORCE` \$1 `VIEW_VALIDATION_REDSHIFT` \$1 `VIEW_VALIDATION_ATHENA` \$1 `GOOGLEADS` \$1 `GOOGLESHEETS` \$1 `GOOGLEANALYTICS4` \$1 `SERVICENOW` \$1 `MARKETO` \$1 `SAPODATA` \$1 `ZENDESK` \$1 `JIRACLOUD` \$1 `NETSUITEERP` \$1 `HUBSPOT` \$1 `FACEBOOKADS` \$1 `INSTAGRAMADS` \$1 `ZOHOCRM` \$1 `SALESFORCEPARDOT` \$1 `SALESFORCEMARKETINGCLOUD` \$1 `ADOBEANALYTICS` \$1 `SLACK` \$1 `LINKEDIN` \$1 `MIXPANEL` \$1 `ASANA` \$1 `STRIPE` \$1 `SMARTSHEET` \$1 `DATADOG` \$1 `WOOCOMMERCE` \$1 `INTERCOM` \$1 `SNAPCHATADS` \$1 `PAYPAL` \$1 `QUICKBOOKS` \$1 `FACEBOOKPAGEINSIGHTS` \$1 `FRESHDESK` \$1 `TWILIO` \$1 `DOCUSIGNMONITOR` \$1 `FRESHSALES` \$1 `ZOOM` \$1 `GOOGLESEARCHCONSOLE` \$1 `SALESFORCECOMMERCECLOUD` \$1 `SAPCONCUR` \$1 `DYNATRACE` \$1 `MICROSOFTDYNAMIC365FINANCEANDOPS` \$1 `MICROSOFTTEAMS` \$1 `BLACKBAUDRAISEREDGENXT` \$1 `MAILCHIMP` \$1 `GITLAB` \$1 `PENDO` \$1 `PRODUCTBOARD` \$1 `CIRCLECI` \$1 `PIPEDIVE` \$1 `SENDGRID` \$1 `AZURECOSMOS` \$1 `AZURESQL` \$1 `BIGQUERY` \$1 `BLACKBAUD` \$1 `CLOUDERAHIVE` \$1 `CLOUDERAIMPALA` \$1 `CLOUDWATCH` \$1 `CLOUDWATCHMETRICS` \$1 `CMDB` \$1 `DATALAKEGEN2` \$1 `DB2` \$1 `DB2AS400` \$1 `DOCUMENTDB` \$1 `DOMO` \$1 `DYNAMODB` \$1 `GOOGLECLOUDSTORAGE` \$1 `HBASE` \$1 `KUSTOMER` \$1 `MICROSOFTDYNAMICS365CRM` \$1 `MONDAY` \$1 `MYSQL` \$1 `OKTA` \$1 `OPENSEARCH` \$1 `ORACLE` \$1 `PIPEDRIVE` \$1 `POSTGRESQL` \$1 `SAPHANA` \$1 `SQLSERVER` \$1 `SYNAPSE` \$1 `TERADATA` \$1 `TERADATANOS` \$1 `TIMESTREAM` \$1 `TPCDS` \$1 `VERTICA`).
The type of connections to return. Currently, SFTP is not supported.
+ `ConnectionSchemaVersion` – Number (integer), not less than 1 or more than 2.
Denotes if the connection was created with schema version 1 or 2.
## AuthenticationConfiguration structure
A structure containing the authentication configuration.
**Fields**
+ `AuthenticationType` – UTF-8 string (valid values: `BASIC` \$1 `OAUTH2` \$1 `CUSTOM` \$1 `IAM`).
A structure containing the authentication configuration.
+ `SecretArn` – UTF-8 string, matching the [Custom string pattern #36](aws-glue-api-common.md#regex_36).
The secret manager ARN to store credentials.
+ `KmsKeyArn` – UTF-8 string, matching the [Custom string pattern #42](aws-glue-api-common.md#regex_42).
The Amazon Resource Name (ARN) of the KMS key used to encrypt sensitive authentication information. This key is used to protect credentials and other sensitive data stored within the authentication configuration.
+ `OAuth2Properties` – An [OAuth2Properties](#aws-glue-api-catalog-connections-connections-OAuth2Properties) object.
The properties for OAuth2 authentication.
## AuthenticationConfigurationInput structure
A structure containing the authentication configuration in the CreateConnection request.
**Fields**
+ `AuthenticationType` – UTF-8 string (valid values: `BASIC` \$1 `OAUTH2` \$1 `CUSTOM` \$1 `IAM`).
A structure containing the authentication configuration in the CreateConnection request.
+ `OAuth2Properties` – An [OAuth2PropertiesInput](#aws-glue-api-catalog-connections-connections-OAuth2PropertiesInput) object.
The properties for OAuth2 authentication in the CreateConnection request.
+ `SecretArn` – UTF-8 string, matching the [Custom string pattern #36](aws-glue-api-common.md#regex_36).
The secret manager ARN to store credentials in the CreateConnection request.
+ `KmsKeyArn` – UTF-8 string, matching the [Custom string pattern #42](aws-glue-api-common.md#regex_42).
The ARN of the KMS key used to encrypt the connection. Only taken an as input in the request and stored in the Secret Manager.
+ `BasicAuthenticationCredentials` – A [BasicAuthenticationCredentials](#aws-glue-api-catalog-connections-connections-BasicAuthenticationCredentials) object.
The credentials used when the authentication type is basic authentication.
+ `CustomAuthenticationCredentials` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 2048 bytes long.
The credentials used when the authentication type is custom authentication.
## OAuth2Properties structure
A structure containing properties for OAuth2 authentication.
**Fields**
+ `OAuth2GrantType` – UTF-8 string (valid values: `AUTHORIZATION_CODE` \$1 `CLIENT_CREDENTIALS` \$1 `JWT_BEARER`).
The OAuth2 grant type. For example, `AUTHORIZATION_CODE`, `JWT_BEARER`, or `CLIENT_CREDENTIALS`.
+ `OAuth2ClientApplication` – An [OAuth2ClientApplication](#aws-glue-api-catalog-connections-connections-OAuth2ClientApplication) object.
The client application type. For example, AWS\$1MANAGED or USER\$1MANAGED.
+ `TokenUrl` – UTF-8 string, not more than 256 bytes long, matching the [Custom string pattern #40](aws-glue-api-common.md#regex_40).
The URL of the provider's authentication server, to exchange an authorization code for an access token.
+ `TokenUrlParametersMap` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 512 bytes long.
A map of parameters that are added to the token `GET` request.
## OAuth2PropertiesInput structure
A structure containing properties for OAuth2 in the CreateConnection request.
**Fields**
+ `OAuth2GrantType` – UTF-8 string (valid values: `AUTHORIZATION_CODE` \$1 `CLIENT_CREDENTIALS` \$1 `JWT_BEARER`).
The OAuth2 grant type in the CreateConnection request. For example, `AUTHORIZATION_CODE`, `JWT_BEARER`, or `CLIENT_CREDENTIALS`.
+ `OAuth2ClientApplication` – An [OAuth2ClientApplication](#aws-glue-api-catalog-connections-connections-OAuth2ClientApplication) object.
The client application type in the CreateConnection request. For example, `AWS_MANAGED` or `USER_MANAGED`.
+ `TokenUrl` – UTF-8 string, not more than 256 bytes long, matching the [Custom string pattern #40](aws-glue-api-common.md#regex_40).
The URL of the provider's authentication server, to exchange an authorization code for an access token.
+ `TokenUrlParametersMap` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 512 bytes long.
A map of parameters that are added to the token `GET` request.
+ `AuthorizationCodeProperties` – An [AuthorizationCodeProperties](#aws-glue-api-catalog-connections-connections-AuthorizationCodeProperties) object.
The set of properties required for the the OAuth2 `AUTHORIZATION_CODE` grant type.
+ `OAuth2Credentials` – An [OAuth2Credentials](#aws-glue-api-catalog-connections-connections-OAuth2Credentials) object.
The credentials used when the authentication type is OAuth2 authentication.
## OAuth2ClientApplication structure
The OAuth2 client app used for the connection.
**Fields**
+ `UserManagedClientApplicationClientId` – UTF-8 string, not more than 2048 bytes long, matching the [Custom string pattern #37](aws-glue-api-common.md#regex_37).
The client application clientID if the ClientAppType is `USER_MANAGED`.
+ `AWSManagedClientApplicationReference` – UTF-8 string, not more than 2048 bytes long, matching the [Custom string pattern #37](aws-glue-api-common.md#regex_37).
The reference to the SaaS-side client app that is AWS managed.
## AuthorizationCodeProperties structure
The set of properties required for the the OAuth2 `AUTHORIZATION_CODE` grant type workflow.
**Fields**
+ `AuthorizationCode` – UTF-8 string, not less than 1 or more than 4096 bytes long, matching the [Custom string pattern #37](aws-glue-api-common.md#regex_37).
An authorization code to be used in the third leg of the `AUTHORIZATION_CODE` grant workflow. This is a single-use code which becomes invalid once exchanged for an access token, thus it is acceptable to have this value as a request parameter.
+ `RedirectUri` – UTF-8 string, not more than 512 bytes long, matching the [Custom string pattern #41](aws-glue-api-common.md#regex_41).
The redirect URI where the user gets redirected to by authorization server when issuing an authorization code. The URI is subsequently used when the authorization code is exchanged for an access token.
## BasicAuthenticationCredentials structure
For supplying basic auth credentials when not providing a `SecretArn` value.
**Fields**
+ `Username` – UTF-8 string, not more than 512 bytes long, matching the [Custom string pattern #37](aws-glue-api-common.md#regex_37).
The username to connect to the data source.
+ `Password` – UTF-8 string, not more than 512 bytes long, matching the [Custom string pattern #33](aws-glue-api-common.md#regex_33).
The password to connect to the data source.
## OAuth2Credentials structure
The credentials used when the authentication type is OAuth2 authentication.
**Fields**
+ `UserManagedClientApplicationClientSecret` – UTF-8 string, not more than 512 bytes long, matching the [Custom string pattern #38](aws-glue-api-common.md#regex_38).
The client application client secret if the client application is user managed.
+ `AccessToken` – UTF-8 string, not more than 4096 bytes long, matching the [Custom string pattern #38](aws-glue-api-common.md#regex_38).
The access token used when the authentication type is OAuth2.
+ `RefreshToken` – UTF-8 string, not more than 4096 bytes long, matching the [Custom string pattern #38](aws-glue-api-common.md#regex_38).
The refresh token used when the authentication type is OAuth2.
+ `JwtToken` – UTF-8 string, not more than 8000 bytes long, matching the [Custom string pattern #39](aws-glue-api-common.md#regex_39).
The JSON Web Token (JWT) used when the authentication type is OAuth2.
## Operations
+ [CreateConnection action (Python: create\$1connection)](#aws-glue-api-catalog-connections-connections-CreateConnection)
+ [DeleteConnection action (Python: delete\$1connection)](#aws-glue-api-catalog-connections-connections-DeleteConnection)
+ [GetConnection action (Python: get\$1connection)](#aws-glue-api-catalog-connections-connections-GetConnection)
+ [GetConnections action (Python: get\$1connections)](#aws-glue-api-catalog-connections-connections-GetConnections)
+ [UpdateConnection action (Python: update\$1connection)](#aws-glue-api-catalog-connections-connections-UpdateConnection)
+ [TestConnection action (Python: test\$1connection)](#aws-glue-api-catalog-connections-connections-TestConnection)
+ [BatchDeleteConnection action (Python: batch\$1delete\$1connection)](#aws-glue-api-catalog-connections-connections-BatchDeleteConnection)
## CreateConnection action (Python: create\$1connection)
Creates a connection definition in the Data Catalog.
Connections used for creating federated resources require the IAM `glue:PassConnection` permission.
**Request**
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The ID of the Data Catalog in which to create the connection. If none is provided, the AWS account ID is used by default.
+ `ConnectionInput` – *Required:* A [ConnectionInput](#aws-glue-api-catalog-connections-connections-ConnectionInput) object.
A `ConnectionInput` object defining the connection to create.
+ `Tags` – A map array of key-value pairs, not more than 50 pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not more than 256 bytes long.
The tags you assign to the connection.
**Response**
+ `CreateConnectionStatus` – UTF-8 string (valid values: `READY` \$1 `IN_PROGRESS` \$1 `FAILED`).
The status of the connection creation request. The request can take some time for certain authentication types, for example when creating an OAuth connection with token exchange over VPC.
**Errors**
+ `AlreadyExistsException`
+ `InvalidInputException`
+ `OperationTimeoutException`
+ `ResourceNumberLimitExceededException`
+ `GlueEncryptionException`
## DeleteConnection action (Python: delete\$1connection)
Deletes a connection from the Data Catalog.
**Request**
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The ID of the Data Catalog in which the connection resides. If none is provided, the AWS account ID is used by default.
+ `ConnectionName` – *Required:* UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection to delete.
**Response**
+ *No Response parameters.*
**Errors**
+ `EntityNotFoundException`
+ `OperationTimeoutException`
## GetConnection action (Python: get\$1connection)
Retrieves a connection definition from the Data Catalog.
**Request**
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The ID of the Data Catalog in which the connection resides. If none is provided, the AWS account ID is used by default.
+ `Name` – *Required:* UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection definition to retrieve.
+ `HidePassword` – Boolean.
Allows you to retrieve the connection metadata without returning the password. For instance, the AWS Glue console uses this flag to retrieve the connection, and does not display the password. Set this parameter when the caller might not have permission to use the AWS KMS key to decrypt the password, but it does have permission to access the rest of the connection properties.
+ `ApplyOverrideForComputeEnvironment` – UTF-8 string (valid values: `SPARK` \$1 `ATHENA` \$1 `PYTHON`).
For connections that may be used in multiple services, specifies returning properties for the specified compute environment.
**Response**
+ `Connection` – A [Connection](#aws-glue-api-catalog-connections-connections-Connection) object.
The requested connection definition.
**Errors**
+ `EntityNotFoundException`
+ `OperationTimeoutException`
+ `InvalidInputException`
+ `GlueEncryptionException`
## GetConnections action (Python: get\$1connections)
Retrieves a list of connection definitions from the Data Catalog.
**Request**
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The ID of the Data Catalog in which the connections reside. If none is provided, the AWS account ID is used by default.
+ `Filter` – A [GetConnectionsFilter](#aws-glue-api-catalog-connections-connections-GetConnectionsFilter) object.
A filter that controls which connections are returned.
+ `HidePassword` – Boolean.
Allows you to retrieve the connection metadata without returning the password. For instance, the AWS Glue console uses this flag to retrieve the connection, and does not display the password. Set this parameter when the caller might not have permission to use the AWS KMS key to decrypt the password, but it does have permission to access the rest of the connection properties.
+ `NextToken` – UTF-8 string.
A continuation token, if this is a continuation call.
+ `MaxResults` – Number (integer), not less than 1 or more than 1000.
The maximum number of connections to return in one response.
**Response**
+ `ConnectionList` – An array of [Connection](#aws-glue-api-catalog-connections-connections-Connection) objects.
A list of requested connection definitions.
+ `NextToken` – UTF-8 string.
A continuation token, if the list of connections returned does not include the last of the filtered connections.
**Errors**
+ `EntityNotFoundException`
+ `OperationTimeoutException`
+ `InvalidInputException`
+ `GlueEncryptionException`
## UpdateConnection action (Python: update\$1connection)
Updates a connection definition in the Data Catalog.
**Request**
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The ID of the Data Catalog in which the connection resides. If none is provided, the AWS account ID is used by default.
+ `Name` – *Required:* UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection definition to update.
+ `ConnectionInput` – *Required:* A [ConnectionInput](#aws-glue-api-catalog-connections-connections-ConnectionInput) object.
A `ConnectionInput` object that redefines the connection in question.
**Response**
+ *No Response parameters.*
**Errors**
+ `InvalidInputException`
+ `EntityNotFoundException`
+ `OperationTimeoutException`
+ `InvalidInputException`
+ `GlueEncryptionException`
## TestConnection action (Python: test\$1connection)
Tests a connection to a service to validate the service credentials that you provide.
You can either provide an existing connection name or a `TestConnectionInput` for testing a non-existing connection input. Providing both at the same time will cause an error.
If the action is successful, the service sends back an HTTP 200 response.
**Request**
+ `ConnectionName` – UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
Optional. The name of the connection to test. If only name is provided, the operation will get the connection and use that for testing.
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The catalog ID where the connection resides.
+ `TestConnectionInput` – A [TestConnectionInput](#aws-glue-api-catalog-connections-connections-TestConnectionInput) object.
A structure that is used to specify testing a connection to a service.
**Response**
+ *No Response parameters.*
**Errors**
+ `InvalidInputException`
+ `OperationTimeoutException`
+ `ResourceNumberLimitExceededException`
+ `GlueEncryptionException`
+ `FederationSourceException`
+ `AccessDeniedException`
+ `EntityNotFoundException`
+ `ConflictException`
+ `InternalServiceException`
## BatchDeleteConnection action (Python: batch\$1delete\$1connection)
Deletes a list of connection definitions from the Data Catalog.
**Request**
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The ID of the Data Catalog in which the connections reside. If none is provided, the AWS account ID is used by default.
+ `ConnectionNameList` – *Required:* An array of UTF-8 strings, not more than 25 strings.
A list of names of the connections to delete.
**Response**
+ `Succeeded` – An array of UTF-8 strings.
A list of names of the connection definitions that were successfully deleted.
+ `Errors` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
Each value is a An [ErrorDetail](aws-glue-api-common.md#aws-glue-api-common-ErrorDetail) object.
A map of the names of connections that were not successfully deleted to error details.
**Errors**
+ `InternalServiceException`
+ `OperationTimeoutException`
# Connection Types API
The Connection Type API describes AWS Glue APIs related to describing connection types.
## Connection management APIs
+ [DescribeConnectionType action (Python: describe\$1connection\$1type)](#aws-glue-api-catalog-connections-connections-type-DescribeConnectionType)
+ [ListConnectionTypes action (Python: list\$1connection\$1types)](#aws-glue-api-catalog-connections-connections-type-ListConnectionTypes)
+ [ConnectionTypeBrief structure](#aws-glue-api-catalog-connections-connections-type-ConnectionTypeBrief)
+ [ConnectionTypeVariant structure](#aws-glue-api-catalog-connections-connections-type-ConnectionTypeVariant)
## DescribeConnectionType action (Python: describe\$1connection\$1type)
The `DescribeConnectionType` API provides full details of the supported options for a given connection type in AWS Glue.
**Request**
+ `ConnectionType` – *Required:* UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection type to be described.
**Response**
+ `ConnectionType` – UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection type.
+ `Description` – UTF-8 string, not more than 1024 bytes long.
A description of the connection type.
+ `Capabilities` – A [Capabilities](#aws-glue-api-catalog-connections-connections-type-Capabilities) object.
The supported authentication types, data interface types (compute environments), and data operations of the connector.
+ `ConnectionProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
Connection properties which are common across compute environments.
+ `ConnectionOptions` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
Returns properties that can be set when creating a connection in the `ConnectionInput.ConnectionProperties`. `ConnectionOptions` defines parameters that can be set in a Spark ETL script in the connection options map passed to a dataframe.
+ `AuthenticationConfiguration` – An [AuthConfiguration](#aws-glue-api-catalog-connections-connections-type-AuthConfiguration) object.
The type of authentication used for the connection.
+ `ComputeEnvironmentConfigurations` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [ComputeEnvironmentConfiguration](#aws-glue-api-catalog-connections-connections-type-ComputeEnvironmentConfiguration) object.
The compute environments that are supported by the connection.
+ `PhysicalConnectionRequirements` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
Physical requirements for a connection, such as VPC, Subnet and Security Group specifications.
+ `AthenaConnectionProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
Connection properties specific to the Athena compute environment.
+ `PythonConnectionProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
Connection properties specific to the Python compute environment.
+ `SparkConnectionProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
Connection properties specific to the Spark compute environment.
**Errors**
+ `ValidationException`
+ `InvalidInputException`
+ `InternalServiceException`
## ListConnectionTypes action (Python: list\$1connection\$1types)
The `ListConnectionTypes` API provides a discovery mechanism to learn available connection types in AWS Glue. The response contains a list of connection types with high-level details of what is supported for each connection type. The connection types listed are the set of supported options for the `ConnectionType` value in the `CreateConnection` API.
**Request**
+ `MaxResults` – Number (integer), not less than 1 or more than 1000.
The maximum number of results to return.
+ `NextToken` – UTF-8 string, not less than 1 or more than 2048 bytes long, matching the [Custom string pattern #11](aws-glue-api-common.md#regex_11).
A continuation token, if this is a continuation call.
**Response**
+ `ConnectionTypes` – An array of [ConnectionTypeBrief](#aws-glue-api-catalog-connections-connections-type-ConnectionTypeBrief) objects.
A list of `ConnectionTypeBrief` objects containing brief information about the supported connection types.
+ `NextToken` – UTF-8 string, not less than 1 or more than 2048 bytes long, matching the [Custom string pattern #11](aws-glue-api-common.md#regex_11).
A continuation token, if the current list segment is not the last.
**Errors**
+ `InternalServiceException`
## ConnectionTypeBrief structure
Brief information about a supported connection type returned by the `ListConnectionTypes` API.
**Fields**
+ `ConnectionType` – UTF-8 string (valid values: `JDBC` \$1 `SFTP` \$1 `MONGODB` \$1 `KAFKA` \$1 `NETWORK` \$1 `MARKETPLACE` \$1 `CUSTOM` \$1 `SALESFORCE` \$1 `VIEW_VALIDATION_REDSHIFT` \$1 `VIEW_VALIDATION_ATHENA` \$1 `GOOGLEADS` \$1 `GOOGLESHEETS` \$1 `GOOGLEANALYTICS4` \$1 `SERVICENOW` \$1 `MARKETO` \$1 `SAPODATA` \$1 `ZENDESK` \$1 `JIRACLOUD` \$1 `NETSUITEERP` \$1 `HUBSPOT` \$1 `FACEBOOKADS` \$1 `INSTAGRAMADS` \$1 `ZOHOCRM` \$1 `SALESFORCEPARDOT` \$1 `SALESFORCEMARKETINGCLOUD` \$1 `ADOBEANALYTICS` \$1 `SLACK` \$1 `LINKEDIN` \$1 `MIXPANEL` \$1 `ASANA` \$1 `STRIPE` \$1 `SMARTSHEET` \$1 `DATADOG` \$1 `WOOCOMMERCE` \$1 `INTERCOM` \$1 `SNAPCHATADS` \$1 `PAYPAL` \$1 `QUICKBOOKS` \$1 `FACEBOOKPAGEINSIGHTS` \$1 `FRESHDESK` \$1 `TWILIO` \$1 `DOCUSIGNMONITOR` \$1 `FRESHSALES` \$1 `ZOOM` \$1 `GOOGLESEARCHCONSOLE` \$1 `SALESFORCECOMMERCECLOUD` \$1 `SAPCONCUR` \$1 `DYNATRACE` \$1 `MICROSOFTDYNAMIC365FINANCEANDOPS` \$1 `MICROSOFTTEAMS` \$1 `BLACKBAUDRAISEREDGENXT` \$1 `MAILCHIMP` \$1 `GITLAB` \$1 `PENDO` \$1 `PRODUCTBOARD` \$1 `CIRCLECI` \$1 `PIPEDIVE` \$1 `SENDGRID` \$1 `AZURECOSMOS` \$1 `AZURESQL` \$1 `BIGQUERY` \$1 `BLACKBAUD` \$1 `CLOUDERAHIVE` \$1 `CLOUDERAIMPALA` \$1 `CLOUDWATCH` \$1 `CLOUDWATCHMETRICS` \$1 `CMDB` \$1 `DATALAKEGEN2` \$1 `DB2` \$1 `DB2AS400` \$1 `DOCUMENTDB` \$1 `DOMO` \$1 `DYNAMODB` \$1 `GOOGLECLOUDSTORAGE` \$1 `HBASE` \$1 `KUSTOMER` \$1 `MICROSOFTDYNAMICS365CRM` \$1 `MONDAY` \$1 `MYSQL` \$1 `OKTA` \$1 `OPENSEARCH` \$1 `ORACLE` \$1 `PIPEDRIVE` \$1 `POSTGRESQL` \$1 `SAPHANA` \$1 `SQLSERVER` \$1 `SYNAPSE` \$1 `TERADATA` \$1 `TERADATANOS` \$1 `TIMESTREAM` \$1 `TPCDS` \$1 `VERTICA`).
The name of the connection type.
+ `DisplayName` – UTF-8 string, not less than 1 or more than 128 bytes long.
The human-readable name for the connection type that is displayed in the AWS Glue console.
+ `Vendor` – UTF-8 string, not less than 1 or more than 128 bytes long.
The name of the vendor or provider that created or maintains this connection type.
+ `Description` – UTF-8 string, not more than 1024 bytes long.
A description of the connection type.
+ `Categories` – .
A list of categories that this connection type belongs to. Categories help users filter and find appropriate connection types based on their use cases.
+ `Capabilities` – A [Capabilities](#aws-glue-api-catalog-connections-connections-type-Capabilities) object.
The supported authentication types, data interface types (compute environments), and data operations of the connector.
+ `LogoUrl` – UTF-8 string.
The URL of the logo associated with a connection type.
+ `ConnectionTypeVariants` – An array of [ConnectionTypeVariant](#aws-glue-api-catalog-connections-connections-type-ConnectionTypeVariant) objects.
A list of variants available for this connection type. Different variants may provide specialized configurations for specific use cases or implementations of the same general connection type.
## ConnectionTypeVariant structure
Represents a variant of a connection type in AWS Glue Data Catalog. Connection type variants provide specific configurations and behaviors for different implementations of the same general connection type.
**Fields**
+ `ConnectionTypeVariantName` – UTF-8 string, not less than 1 or more than 128 bytes long.
The unique identifier for the connection type variant. This name is used internally to identify the specific variant of a connection type.
+ `DisplayName` – UTF-8 string, not less than 1 or more than 128 bytes long.
The human-readable name for the connection type variant that is displayed in the AWS Glue console.
+ `Description` – UTF-8 string, not more than 1024 bytes long.
A detailed description of the connection type variant, including its purpose, use cases, and any specific configuration requirements.
+ `LogoUrl` – UTF-8 string.
The URL of the logo associated with a connection type variant.
## datatypes
+ [Validation structure](#aws-glue-api-catalog-connections-connections-type-Validation)
+ [AuthConfiguration structure](#aws-glue-api-catalog-connections-connections-type-AuthConfiguration)
+ [Capabilities structure](#aws-glue-api-catalog-connections-connections-type-Capabilities)
+ [Property structure](#aws-glue-api-catalog-connections-connections-type-Property)
+ [AllowedValue structure](#aws-glue-api-catalog-connections-connections-type-AllowedValue)
+ [ComputeEnvironmentConfiguration structure](#aws-glue-api-catalog-connections-connections-type-ComputeEnvironmentConfiguration)
## Validation structure
Defines how a validation is performed on a connection property.
**Fields**
+ `ValidationType` – *Required:* UTF-8 string (valid values: `REGEX` \$1 `RANGE`).
The type of validation to be performed, such as `REGEX`.
+ `Patterns` – .
A list of patterns that apply to the validation.
+ `Description` – *Required:* UTF-8 string, not less than 1 or more than 1024 bytes long.
A description for the validation.
+ `MaxLength` – Number (integer).
A maximum length for a string connection property.
+ `Maximum` – Number (integer).
A maximum value when specifying a `RANGE` type of validation.
+ `Minimum` – Number (integer).
A minimum value when specifying a `RANGE` type of validation.
## AuthConfiguration structure
The authentication configuration for a connection returned by the `DescribeConnectionType` API.
**Fields**
+ `AuthenticationType` – *Required:* A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
The type of authentication for a connection.
+ `SecretArn` – A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
The Amazon Resource Name (ARN) for the Secrets Manager.
+ `OAuth2Properties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
A map of key-value pairs for the OAuth2 properties. Each value is a a `Property` object.
+ `BasicAuthenticationProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
A map of key-value pairs for the OAuth2 properties. Each value is a a `Property` object.
+ `CustomAuthenticationProperties` – A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
A map of key-value pairs for the custom authentication properties. Each value is a a `Property` object.
## Capabilities structure
Specifies the supported authentication types returned by the `DescribeConnectionType` API.
**Fields**
+ `SupportedAuthenticationTypes` – *Required:* An array of UTF-8 strings.
A list of supported authentication types.
+ `SupportedDataOperations` – *Required:* An array of UTF-8 strings.
A list of supported data operations.
+ `SupportedComputeEnvironments` – *Required:* An array of UTF-8 strings.
A list of supported compute environments.
## Property structure
An object that defines a connection type for a compute environment.
**Fields**
+ `Name` – *Required:* UTF-8 string, not less than 1 or more than 128 bytes long.
The name of the property.
+ `Description` – *Required:* UTF-8 string, not more than 1024 bytes long.
A description of the property.
+ `Required` – *Required:* Boolean.
Indicates whether the property is required.
+ `PropertyTypes` – *Required:* An array of UTF-8 strings.
Describes the type of property.
+ `AllowedValues` – An array of [AllowedValue](#aws-glue-api-catalog-connections-connections-type-AllowedValue) objects.
A list of `AllowedValue` objects representing the values allowed for the property.
+ `DataOperationScopes` – An array of UTF-8 strings.
Indicates which data operations are applicable to the property.
## AllowedValue structure
An object representing a value allowed for a property.
**Fields**
+ `Description` – UTF-8 string, not more than 1024 bytes long.
A description of the allowed value.
+ `Value` – *Required:* UTF-8 string, not less than 1 or more than 128 bytes long.
The value allowed for the property.
## ComputeEnvironmentConfiguration structure
An object containing configuration for a compute environment (such as Spark, Python or Athena) returned by the `DescribeConnectionType` API.
**Fields**
+ `Name` – *Required:* UTF-8 string, not less than 1 or more than 128 bytes long.
A name for the compute environment configuration.
+ `Description` – *Required:* UTF-8 string, not more than 1024 bytes long.
A description of the compute environment.
+ `ComputeEnvironment` – *Required:* UTF-8 string (valid values: `SPARK` \$1 `ATHENA` \$1 `PYTHON`).
The type of compute environment.
+ `SupportedAuthenticationTypes` – *Required:* An array of UTF-8 strings.
The supported authentication types for the compute environment.
+ `ConnectionOptions` – *Required:* A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a A [Property](#aws-glue-api-catalog-connections-connections-type-Property) object.
The parameters used as connection options for the compute environment.
+ `ConnectionPropertyNameOverrides` – *Required:* A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 128 bytes long.
The connection property name overrides for the compute environment.
+ `ConnectionOptionNameOverrides` – *Required:* A map array of key-value pairs.
Each key is a UTF-8 string, not less than 1 or more than 128 bytes long.
Each value is a UTF-8 string, not less than 1 or more than 128 bytes long.
The connection option name overrides for the compute environment.
+ `ConnectionPropertiesRequiredOverrides` – *Required:* .
The connection properties that are required as overrides for the compute environment.
+ `PhysicalConnectionPropertiesRequired` – Boolean.
Indicates whether `PhysicalConnectionProperties` are required for the compute environment.
# Connection Metadata and Preview API
The following connection APIs describe operations for describing connection metadata.
## Data types
+ [Entity structure](#aws-glue-api-catalog-connections-connections-metadata-Entity)
+ [Field structure](#aws-glue-api-catalog-connections-connections-metadata-Field)
## Entity structure
An entity supported by a given `ConnectionType`.
**Fields**
+ `EntityName` – UTF-8 string.
The name of the entity.
+ `Label` – UTF-8 string.
Label used for the entity.
+ `IsParentEntity` – Boolean.
A Boolean value which helps to determine whether there are sub objects that can be listed.
+ `Description` – UTF-8 string.
A description of the entity.
+ `Category` – UTF-8 string.
The type of entities that are present in the response. This value depends on the source connection. For example this is `SObjects` for Salesforce and `databases` or `schemas` or `tables` for sources like Amazon Redshift.
+ `CustomProperties` –
An optional map of keys which may be returned for an entity by a connector.
## Field structure
The `Field` object has information about the different properties associated with a field in the connector.
**Fields**
+ `FieldName` – UTF-8 string.
A unique identifier for the field.
+ `Label` – UTF-8 string.
A readable label used for the field.
+ `Description` – UTF-8 string.
A description of the field.
+ `FieldType` – UTF-8 string (valid values: `INT` \$1 `SMALLINT` \$1 `BIGINT` \$1 `FLOAT` \$1 `LONG` \$1 `DATE` \$1 `BOOLEAN` \$1 `MAP` \$1 `ARRAY` \$1 `STRING` \$1 `TIMESTAMP` \$1 `DECIMAL` \$1 `BYTE` \$1 `SHORT` \$1 `DOUBLE` \$1 `STRUCT`).
The type of data in the field.
+ `IsPrimaryKey` – Boolean.
Indicates whether this field can used as a primary key for the given entity.
+ `IsNullable` – Boolean.
Indicates whether this field can be nullable or not.
+ `IsRetrievable` – Boolean.
Indicates whether this field can be added in Select clause of SQL query or whether it is retrievable or not.
+ `IsFilterable` – Boolean.
Indicates whether this field can used in a filter clause (`WHERE` clause) of a SQL statement when querying data.
+ `IsPartitionable` – Boolean.
Indicates whether a given field can be used in partitioning the query made to SaaS.
+ `IsCreateable` – Boolean.
Indicates whether this field can be created as part of a destination write.
+ `IsUpdateable` – Boolean.
Indicates whether this field can be updated as part of a destination write.
+ `IsUpsertable` – Boolean.
Indicates whether this field can be upserted as part of a destination write.
+ `IsDefaultOnCreate` – Boolean.
Indicates whether this field is populated automatically when the object is created, such as a created at timestamp.
+ `SupportedValues` – .
A list of supported values for the field.
+ `SupportedFilterOperators` – An array of UTF-8 strings.
Indicates the support filter operators for this field.
+ `CustomProperties` –
Optional map of keys which may be returned.
## Operations
+ [ListEntities action (Python: list\$1entities)](#aws-glue-api-catalog-connections-connections-metadata-ListEntities)
+ [DescribeEntity action (Python: describe\$1entity)](#aws-glue-api-catalog-connections-connections-metadata-DescribeEntity)
+ [GetEntityRecords action (Python: get\$1entity\$1records)](#aws-glue-api-catalog-connections-connections-metadata-GetEntityRecords)
## ListEntities action (Python: list\$1entities)
Returns the available entities supported by the connection type.
**Request**
+ `ConnectionName` – UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
A name for the connection that has required credentials to query any connection type.
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The catalog ID of the catalog that contains the connection. This can be null, By default, the AWS Account ID is the catalog ID.
+ `ParentEntityName` – UTF-8 string.
Name of the parent entity for which you want to list the children. This parameter takes a fully-qualified path of the entity in order to list the child entities.
+ `NextToken` – UTF-8 string, not less than 1 or more than 2048 bytes long, matching the [Custom string pattern #11](aws-glue-api-common.md#regex_11).
A continuation token, included if this is a continuation call.
+ `DataStoreApiVersion` – UTF-8 string, not less than 1 or more than 256 bytes long, matching the [Custom string pattern #23](aws-glue-api-common.md#regex_23).
The API version of the SaaS connector.
**Response**
+ `Entities` – An array of [Entity](#aws-glue-api-catalog-connections-connections-metadata-Entity) objects.
A list of `Entity` objects.
+ `NextToken` – UTF-8 string, not less than 1 or more than 2048 bytes long, matching the [Custom string pattern #11](aws-glue-api-common.md#regex_11).
A continuation token, present if the current segment is not the last.
**Errors**
+ `EntityNotFoundException`
+ `OperationTimeoutException`
+ `InvalidInputException`
+ `GlueEncryptionException`
+ `ValidationException`
+ `FederationSourceException`
+ `AccessDeniedException`
## DescribeEntity action (Python: describe\$1entity)
Provides details regarding the entity used with the connection type, with a description of the data model for each field in the selected entity.
The response includes all the fields which make up the entity.
**Request**
+ `ConnectionName` – *Required:* UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection that contains the connection type credentials.
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The catalog ID of the catalog that contains the connection. This can be null, By default, the AWS Account ID is the catalog ID.
+ `EntityName` – *Required:* UTF-8 string.
The name of the entity that you want to describe from the connection type.
+ `NextToken` – UTF-8 string, not less than 1 or more than 2048 bytes long, matching the [Custom string pattern #11](aws-glue-api-common.md#regex_11).
A continuation token, included if this is a continuation call.
+ `DataStoreApiVersion` – UTF-8 string, not less than 1 or more than 256 bytes long, matching the [Custom string pattern #23](aws-glue-api-common.md#regex_23).
The version of the API used for the data store.
**Response**
+ `Fields` – An array of [Field](#aws-glue-api-catalog-connections-connections-metadata-Field) objects.
Describes the fields for that connector entity. This is the list of `Field` objects. `Field` is very similar to column in a database. The `Field` object has information about different properties associated with fields in the connector.
+ `NextToken` – UTF-8 string, not less than 1 or more than 2048 bytes long, matching the [Custom string pattern #11](aws-glue-api-common.md#regex_11).
A continuation token, present if the current segment is not the last.
**Errors**
+ `EntityNotFoundException`
+ `OperationTimeoutException`
+ `InvalidInputException`
+ `GlueEncryptionException`
+ `ValidationException`
+ `FederationSourceException`
+ `AccessDeniedException`
## GetEntityRecords action (Python: get\$1entity\$1records)
This API is used to query preview data from a given connection type or from a native Amazon S3 based AWS Glue Data Catalog.
Returns records as an array of JSON blobs. Each record is formatted using Jackson JsonNode based on the field type defined by the `DescribeEntity` API.
Spark connectors generate schemas according to the same data type mapping as in the `DescribeEntity` API. Spark connectors convert data to the appropriate data types matching the schema when returning rows.
**Request**
+ `ConnectionName` – UTF-8 string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The name of the connection that contains the connection type credentials.
+ `CatalogId` – Catalog id string, not less than 1 or more than 255 bytes long, matching the [Single-line string pattern](aws-glue-api-common.md#aws-glue-api-regex-oneLine).
The catalog ID of the catalog that contains the connection. This can be null, By default, the AWS Account ID is the catalog ID.
+ `EntityName` – *Required:* UTF-8 string.
Name of the entity that we want to query the preview data from the given connection type.
+ `NextToken` – UTF-8 string, not less than 1 or more than 2048 bytes long, matching the [Custom string pattern #11](aws-glue-api-common.md#regex_11).
A continuation token, included if this is a continuation call.
+ `DataStoreApiVersion` – UTF-8 string, not less than 1 or more than 256 bytes long, matching the [Custom string pattern #23](aws-glue-api-common.md#regex_23).
The API version of the SaaS connector.
+ `ConnectionOptions` – A map array of key-value pairs, not more than 100 pairs.
Each key is a UTF-8 string, not less than 1 or more than 256 bytes long, matching the [Custom string pattern #18](aws-glue-api-common.md#regex_18).
Each value is a UTF-8 string, not less than 1 or more than 256 bytes long, matching the [Custom string pattern #17](aws-glue-api-common.md#regex_17).
Connector options that are required to query the data.
+ `FilterPredicate` – UTF-8 string, not less than 1 or more than 100000 bytes long.
A filter predicate that you can apply in the query request.
+ `Limit` – *Required:* Number (long), not less than 1 or more than 1000.
Limits the number of records fetched with the request.
+ `SelectedFields` – An array of UTF-8 strings, not less than 1 or more than 1000 strings.
List of fields that we want to fetch as part of preview data.
**Response**
+ `Records` – An array of a structures.
A list of the requested objects.
+ `NextToken` – UTF-8 string, not less than 1 or more than 2048 bytes long, matching the [Custom string pattern #11](aws-glue-api-common.md#regex_11).
A continuation token, present if the current segment is not the last.
**Errors**
+ `EntityNotFoundException`
+ `OperationTimeoutException`
+ `InvalidInputException`
+ `GlueEncryptionException`
+ `ValidationException`
+ `FederationSourceException`
+ `AccessDeniedException`