# Connecting to Zoom Meetings
<a name="connecting-to-data-zoom-meetings"></a>

Zoom Meetings is a cloud-based video conferencing platform that can be used for video conferencing meetings, audio conferencing, webinars, meeting recordings, and live chat.

**Topics**
+ [AWS Glue support for Zoom Meetings](zoom-meetings-support.md)
+ [Policies containing the API operations for creating and using connections](zoom-meetings-configuring-iam-permissions.md)
+ [Configuring Zoom Meetings](zoom-meetings-configuring.md)
+ [Configuring the Zoom Meetings client app](zoom-meetings-configuring-client-app.md)
+ [Configuring Zoom Meetings connections](zoom-meetings-configuring-connections.md)
+ [Reading from Zoom Meetings entities](zoom-meetings-reading-from-entities.md)
+ [Zoom Meetings connection options](zoom-meetings-connection-options.md)
+ [Zoom Meetings limitations](zoom-meetings-limitations.md)

# AWS Glue support for Zoom Meetings
<a name="zoom-meetings-support"></a>

AWS Glue supports Zoom Meetings as follows:

**Supported as a source?**  
Yes. You can use AWS Glue ETL jobs to query data from Zoom Meetings.

**Supported as a target?**  
No.

**Supported Zoom Meetings API versions**  
The following Zoom Meetings API versions are supported:
+ v2

# Policies containing the API operations for creating and using connections
<a name="zoom-meetings-configuring-iam-permissions"></a>

The following sample policy describes the required AWS IAM permissions for creating and using connections. If you are creating a new role, create a policy that contains the following:

------
#### [ JSON ]

****  

```
{
  "Version":"2012-10-17",		 	 	 
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "glue:ListConnectionTypes",
        "glue:DescribeConnectionType",
        "glue:RefreshOAuth2Tokens",
        "glue:ListEntities",
        "glue:DescribeEntity"
      ],
      "Resource": "*"
    }
  ]
}
```

------

If you don't want to use the above method, alternatively use the following managed IAM policies:
+ [AWSGlueServiceRole](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole) – Grants access to resources that various AWS Glue processes require to run on your behalf. These resources include AWS Glue, Amazon S3, IAM, CloudWatch Logs, and Amazon EC2. If you follow the naming convention for resources specified in this policy, AWS Glue processes have the required permissions. This policy is typically attached to roles specified when defining crawlers, jobs, and development endpoints.
+ [AWSGlueConsoleFullAccess](https://console.aws.amazon.com/iam/home#policies/arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess) – Grants full access to AWS Glue resources when an identity that the policy is attached to uses the AWS Management Console. If you follow the naming convention for resources specified in this policy, users have full console capabilities. This policy is typically attached to users of the AWS Glue console.

# Configuring Zoom Meetings
<a name="zoom-meetings-configuring"></a>

Before you can use AWS Glue to transfer data from Zoom Meetings, you must meet these requirements:

## Minimum requirements
<a name="zoom-meetings-configuring-min-requirements"></a>

The following are minimum requirements:
+ You have a Zoom Meetings account.
+ Your Zoom account is enabled for API access.
+ You have created an OAuth2 app in your Zoom Meetings account. This integration provides the credentials that AWS Glue uses to access your data securely when it makes authenticated calls to your account. For more information, see [Configuring the Zoom Meetings client app](zoom-meetings-configuring-client-app.md).

If you meet these requirements, you’re ready to connect AWS Glue to your Zoom Meetings account. For typical connections, you don't need do anything else in Zoom Meetings.

# Configuring the Zoom Meetings client app
<a name="zoom-meetings-configuring-client-app"></a>

1. Log into the Zoom App Marketplace.

1. Choose **Develop** > **Build App**.

1. Choose **General App** for an OAuth 2.0 based app.

1. On the **Basic Info** page, add or update information about the app such as the app's name, how the app is managed, app credentials, and OAuth information.

1. In the **Select how the app is managed** section, confirm how you want your app to be managed:

   1. **Admin-managed**: Account admins add and manage the app

   1. **User-managed**: Individual users add and manage the app. The app has access to only the user's authorized data.

1. **App Credentials**: The build flow automatically generates app credentials (client ID and client secret) for your app.

1. In the OAuth Information section, set up OAuth for your app.

   1. **OAuth redirect URL** (required): Enter your redirect URL or endpoint to set up OAuth between your app and Zoom.

   1. **Use Strict Mode URL** (optional)

   1. **Subdomain check** (optional)

   1. **OAuth allow lists** (required): Add any unique URLs that Zoom should allow as valid redirects for your OAuth flows.

1. On the **Scopes** page, select the Zoom API methods your app is allowed to call. The scopes define which information and capabilities are available to your user. Select the following granular scopes:
   + user:read:list\$1users:admin
   + zoom\$1rooms:read:list\$1rooms:admin
   + group:read:list\$1members:admin
   + group:read:administrator:admin
   + group:read:list\$1groups:admin
   + report:read:admin
   + role:read:list\$1roles, role:read:list\$1roles:admin

   Once the scopes are added choose **Continue** and the app is ready to use.

For more information about OAuth 2.0 setup see [Integrations (OAuth apps)](https://developers.zoom.us/docs/integrations/).

# Configuring Zoom Meetings connections
<a name="zoom-meetings-configuring-connections"></a>

Zoom Meetings supports the AUTHORIZATION\$1CODE grant type for OAuth2. The grant type determines how AWS Glue communicates with Zoom Meetings to request access to your data.
+ This grant type is considered "three-legged" OAuth as it relies on redirecting users to a third-party authorization server to authenticate the user. It is used when creating connections via the AWS Glue console. The user creating a connection need to provide OAuth related information like Client ID and Client Secret for their Zoom Meetings client application. The AWS Glue console will redirect the user to Zoom where the user must login and allow AWS Glue the requested permissions to access their Zoom Meetings instance.
+ Users may still opt to create their own connected app in Zoom Meetings and provide their own client ID and client secret when creating connections through the AWS Glue console. In this scenario, they will still be redirected to Zoom Meetings to login and authorize AWS Glue to access their resources.
+ This grant type results in a refresh token and access token. The access token is short lived, and may be refreshed automatically without user interaction using the refresh token.
+ For public Zoom Meetings documentation on creating a connected app for Authorization Code OAuth flow, see [Using OAuth 2.0](https://developers.zoom.us/docs/api/using-zoom-apis/#using-oauth-20).

To configure a Zoom Meetings connection:

1. In AWS Secrets Manager, create a secret with the following details:

   1. For the customer managed connected app, the Secret should contain the connected app Consumer Secret with `USER_MANAGED_CLIENT_APPLICATION_CLIENT_SECRET` as key.

   1. Note: you must create a secret for your connections in AWS Glue.

1. In AWS Glue Glue Studio, create a connection under **Data Connections** by following the steps below:

   1. When selecting a **Connection type**, select Zoom Meetings.

   1. Provide the Zoom Meetings environment you want to connect to.

   1. Select the AWS IAM role which AWS Glue can assume and has permissions for following actions:

------
#### [ JSON ]

****  

      ```
      {
        "Version":"2012-10-17",		 	 	 
        "Statement": [
          {
            "Effect": "Allow",
            "Action": [
              "secretsmanager:DescribeSecret",
              "secretsmanager:GetSecretValue",
              "secretsmanager:PutSecretValue",
              "ec2:CreateNetworkInterface",
              "ec2:DescribeNetworkInterfaces",
              "ec2:DeleteNetworkInterface"
            ],
            "Resource": "*"
          }
        ]
      }
      ```

------

   1. Select the `secretName` which you want to use for this connection in AWS Glue to put the tokens.

   1. Select the network options if you want to use your network.

1. Grant the IAM role associated with your AWS Glue job permission to read `secretName`.

# Reading from Zoom Meetings entities
<a name="zoom-meetings-reading-from-entities"></a>

**Prerequisite**

A Zoom Meetings object you would like to read from. You will need the object namem such as `Group` or `Zoom Rooms`.

**Supported entities for source**:


| Entity | Can be filtered | Supports limit | Supports Order by | Supports Select \$1 | Supports partitioning | 
| --- | --- | --- | --- | --- | --- | 
| Zoom Rooms | No | Yes | No | Yes | No | 
| Group | No | No | No | Yes | No | 
| Group Member | Yes | Yes | No | Yes | No | 
| Group Admin | No | Yes | No | Yes | No | 
| Report (daily) | Yes | No | No | Yes | No | 
| Roles | No | No | No | Yes | No | 
| Users | Yes | Yes | No | Yes | No | 

**Example**:

```
zoom_read = glueContext.create_dynamic_frame.from_options(
    connection_type="zoom",
    connection_options={
        "connectionName": "connectionName",
        "ENTITY_NAME": "organization",
        "API_VERSION": "v2"
    }
)
```

**Zoom Meetings entity and field details**:

Zoom Meetings dynamically loads the available fields under the selected entity. Depending on the data type of the field, it supports the following filter operators.

[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/glue/latest/dg/zoom-meetings-reading-from-entities.html)

## Partitioning queries
<a name="zoom-meetings-reading-partitioning-queries"></a>

Zoom Meetings doesn't support filter-based partitioning or record-based partitioning.

# Zoom Meetings connection options
<a name="zoom-meetings-connection-options"></a>

The following are connection options for Zoom Meetings:
+ `ENTITY_NAME`(String) - (Required) Used for Read. The name of the Zoom Meetings entity. For example, `group`.
+ `API_VERSION`(String) - (Required) Used for Read. Zoom Meetings Rest API version you want to use. The value will be `v2`, as Zoom Meetings currently supports only version v2.
+ `SELECTED_FIELDS`(List<String>) - Default: empty(SELECT \$1). Used for Read. A comma-separated list of columns you want to select for the selected entity.
+ `FILTER_PREDICATE`(String) - Default: empty. Used for Read. It should be in the Spark SQL format.
+ `QUERY`(String) - Default: empty. Used for Read. Full Spark SQL query.

# Zoom Meetings limitations
<a name="zoom-meetings-limitations"></a>

The following are limitations or notes for Zoom Meetings:
+ Zoom Meetings does not support orderby.
+ Zoom Meetings does not support filter-based partitioning because there is no field that can satisfy the required criteria.
+ Zoom Meetings does not support record-based partitioning because the pagination limit and offset-based pagination is not supported.