Retrieves a connection definition from the Data Catalog.
See also: AWS API Documentation
get-connection [--catalog-id <value>] --name <value> [--hide-password | --no-hide-password] [--cli-input-json | --cli-input-yaml] [--generate-cli-skeleton <value>] [--debug] [--endpoint-url <value>] [--no-verify-ssl] [--no-paginate] [--output <value>] [--query <value>] [--profile <value>] [--region <value>] [--version <value>] [--color <value>] [--no-sign-request] [--ca-bundle <value>] [--cli-read-timeout <value>] [--cli-connect-timeout <value>] [--cli-binary-format <value>] [--no-cli-pager] [--cli-auto-prompt] [--no-cli-auto-prompt]
The ID of the Data Catalog in which the connection resides. If none is provided, the Amazon Web Services account ID is used by default.
The name of the connection definition to retrieve.
Allows you to retrieve the connection metadata without returning the password. For instance, the Glue console uses this flag to retrieve the connection, and does not display the password. Set this parameter when the caller might not have permission to use the KMS key to decrypt the password, but it does have permission to access the rest of the connection properties.
Reads arguments from the JSON string provided. The JSON string follows the format provided by
--generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value
input, prints a sample input JSON that can be used as an argument for
--cli-input-json. Similarly, if provided
yaml-input it will print a sample input YAML that can be used with
--cli-input-yaml. If provided with the value
output, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
Turn on debug logging.
Override command’s default URL with the given URL.
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
Disable automatic pagination.
The formatting style for command output.
A JMESPath query to use in filtering the response data.
Use a specific profile from your credential file.
The region to use. Overrides config/env settings.
Display the version of this tool.
Turn on/off color output.
Do not sign requests. Credentials will not be loaded if this argument is provided.
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
The formatting style to be used for binary blobs. The default format is base64. The base64 format expects binary blobs to be provided as a base64 encoded string. The raw-in-base64-out format preserves compatibility with AWS CLI V1 behavior and binary values must be passed literally. When providing contents from a file that map to a binary blob
fileb:// will always be treated as binary and use the file contents directly regardless of the
cli-binary-format setting. When using
file:// the file contents will need to properly formatted for the configured
Disable cli pager for output.
Automatically prompt for CLI input parameters.
Disable automatically prompt for CLI input parameters.
Connection -> (structure)
The requested connection definition.
Name -> (string)The name of the connection definition.
Description -> (string)The description of the connection.
ConnectionType -> (string)The type of the connection. Currently, SFTP is not supported.
MatchCriteria -> (list)
A list of criteria that can be used in selecting this connection.
ConnectionProperties -> (map)
These key-value pairs define parameters for the connection:
HOST- The host URI: either the fully qualified domain name (FQDN) or the IPv4 address of the database host.
PORT- The port number, between 1024 and 65535, of the port on which the database host is listening for database connections.
USER_NAME- The name under which to log in to the database. The value string for
PASSWORD- A password, if one is used, for the user name.
ENCRYPTED_PASSWORD- When you enable connection password protection by setting
ConnectionPasswordEncryptionin the Data Catalog encryption settings, this field stores the encrypted password.
JDBC_DRIVER_JAR_URI- The Amazon Simple Storage Service (Amazon S3) path of the JAR file that contains the JDBC driver to use.
JDBC_DRIVER_CLASS_NAME- The class name of the JDBC driver to use.
JDBC_ENGINE- The name of the JDBC engine to use.
JDBC_ENGINE_VERSION- The version of the JDBC engine to use.
CONFIG_FILES- (Reserved for future use.)
INSTANCE_ID- The instance ID to use.
JDBC_CONNECTION_URL- The URL for connecting to a JDBC data source.
JDBC_ENFORCE_SSL- A Boolean string (true, false) specifying whether Secure Sockets Layer (SSL) with hostname matching is enforced for the JDBC connection on the client. The default is false.
CUSTOM_JDBC_CERT- An Amazon S3 location specifying the customer’s root certificate. Glue uses this root certificate to validate the customer’s certificate when connecting to the customer database. Glue only handles X.509 certificates. The certificate provided must be DER-encoded and supplied in Base64 encoding PEM format.
SKIP_CUSTOM_JDBC_CERT_VALIDATION- By default, this is
false. Glue validates the Signature algorithm and Subject Public Key Algorithm for the customer certificate. The only permitted algorithms for the Signature algorithm are SHA256withRSA, SHA384withRSA or SHA512withRSA. For the Subject Public Key Algorithm, the key length must be at least 2048. You can set the value of this property to
trueto skip Glue’s validation of the customer certificate.
CUSTOM_JDBC_CERT_STRING- A custom JDBC certificate string which is used for domain match or distinguished name match to prevent a man-in-the-middle attack. In Oracle database, this is used as the
SSL_SERVER_CERT_DN; in Microsoft SQL Server, this is used as the
CONNECTION_URL- The URL for connecting to a general (non-JDBC) data source.
SECRET_ID- The secret ID used for the secret manager of credentials.
CONNECTOR_URL- The connector URL for a MARKETPLACE or CUSTOM connection.
CONNECTOR_TYPE- The connector type for a MARKETPLACE or CUSTOM connection.
CONNECTOR_CLASS_NAME- The connector class name for a MARKETPLACE or CUSTOM connection.
KAFKA_BOOTSTRAP_SERVERS- A comma-separated list of host and port pairs that are the addresses of the Apache Kafka brokers in a Kafka cluster to which a Kafka client will connect to and bootstrap itself.
KAFKA_SSL_ENABLED- Whether to enable or disable SSL on an Apache Kafka connection. Default value is “true”.
KAFKA_CUSTOM_CERT- The Amazon S3 URL for the private CA cert file (.pem format). The default is an empty string.
KAFKA_SKIP_CUSTOM_CERT_VALIDATION- Whether to skip the validation of the CA cert file or not. Glue validates for three algorithms: SHA256withRSA, SHA384withRSA and SHA512withRSA. Default value is “false”.
KAFKA_CLIENT_KEYSTORE- The Amazon S3 location of the client keystore file for Kafka client side authentication (Optional).
KAFKA_CLIENT_KEYSTORE_PASSWORD- The password to access the provided keystore (Optional).
KAFKA_CLIENT_KEY_PASSWORD- A keystore can consist of multiple keys, so this is the password to access the client key to be used with the Kafka server side key (Optional).
ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD- The encrypted version of the Kafka client keystore password (if the user has the Glue encrypt passwords setting selected).
ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD- The encrypted version of the Kafka client key password (if the user has the Glue encrypt passwords setting selected).
"AWS_MSK_IAM". These are the supported SASL Mechanisms .
KAFKA_SASL_SCRAM_USERNAME- A plaintext username used to authenticate with the “SCRAM-SHA-512” mechanism.
KAFKA_SASL_SCRAM_PASSWORD- A plaintext password used to authenticate with the “SCRAM-SHA-512” mechanism.
ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD- The encrypted version of the Kafka SASL SCRAM password (if the user has the Glue encrypt passwords setting selected).
KAFKA_SASL_SCRAM_SECRETS_ARN- The Amazon Resource Name of a secret in Amazon Web Services Secrets Manager.
KAFKA_SASL_GSSAPI_KEYTAB- The S3 location of a Kerberos
keytabfile. A keytab stores long-term keys for one or more principals. For more information, see MIT Kerberos Documentation: Keytab .
KAFKA_SASL_GSSAPI_KRB5_CONF- The S3 location of a Kerberos
krb5.conffile. A krb5.conf stores Kerberos configuration information, such as the location of the KDC server. For more information, see MIT Kerberos Documentation: krb5.conf .
KAFKA_SASL_GSSAPI_SERVICE- The Kerberos service name, as set with
sasl.kerberos.service.namein your Kafka Configuration .
KAFKA_SASL_GSSAPI_PRINCIPAL- The name of the Kerberos princial used by Glue. For more information, see Kafka Documentation: Configuring Kafka Brokers .
key -> (string)
value -> (string)
PhysicalConnectionRequirements -> (structure)
A map of physical connection requirements, such as virtual private cloud (VPC) and
SecurityGroup, that are needed to make this connection successfully.
SubnetId -> (string)The subnet ID used by the connection.
SecurityGroupIdList -> (list)
The security group ID list used by the connection.
AvailabilityZone -> (string)The connection’s Availability Zone. This field is redundant because the specified subnet implies the Availability Zone to be used. Currently the field must be populated, but it will be deprecated in the future.
CreationTime -> (timestamp)The time that this connection definition was created.
LastUpdatedTime -> (timestamp)The last time that this connection definition was updated.
LastUpdatedBy -> (string)The user, group, or role that last updated this connection definition.