:doc:`Glue <../../glue>` / Client / create_connection

*****************
create_connection
*****************



.. py:method:: Glue.Client.create_connection(**kwargs)

  

  Creates a connection definition in the Data Catalog.

   

  Connections used for creating federated resources require the IAM ``glue:PassConnection`` permission.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/glue-2017-03-31/CreateConnection>`_  


  **Request Syntax**
  ::

    response = client.create_connection(
        CatalogId='string',
        ConnectionInput={
            'Name': 'string',
            'Description': 'string',
            'ConnectionType': 'JDBC'|'SFTP'|'MONGODB'|'KAFKA'|'NETWORK'|'MARKETPLACE'|'CUSTOM'|'SALESFORCE'|'VIEW_VALIDATION_REDSHIFT'|'VIEW_VALIDATION_ATHENA'|'GOOGLEADS'|'GOOGLESHEETS'|'GOOGLEANALYTICS4'|'SERVICENOW'|'MARKETO'|'SAPODATA'|'ZENDESK'|'JIRACLOUD'|'NETSUITEERP'|'HUBSPOT'|'FACEBOOKADS'|'INSTAGRAMADS'|'ZOHOCRM'|'SALESFORCEPARDOT'|'SALESFORCEMARKETINGCLOUD'|'ADOBEANALYTICS'|'SLACK'|'LINKEDIN'|'MIXPANEL'|'ASANA'|'STRIPE'|'SMARTSHEET'|'DATADOG'|'WOOCOMMERCE'|'INTERCOM'|'SNAPCHATADS'|'PAYPAL'|'QUICKBOOKS'|'FACEBOOKPAGEINSIGHTS'|'FRESHDESK'|'TWILIO'|'DOCUSIGNMONITOR'|'FRESHSALES'|'ZOOM'|'GOOGLESEARCHCONSOLE'|'SALESFORCECOMMERCECLOUD'|'SAPCONCUR'|'DYNATRACE'|'MICROSOFTDYNAMIC365FINANCEANDOPS'|'MICROSOFTTEAMS'|'BLACKBAUDRAISEREDGENXT'|'MAILCHIMP'|'GITLAB'|'PENDO'|'PRODUCTBOARD'|'CIRCLECI'|'PIPEDIVE'|'SENDGRID'|'AZURECOSMOS'|'AZURESQL'|'BIGQUERY'|'BLACKBAUD'|'CLOUDERAHIVE'|'CLOUDERAIMPALA'|'CLOUDWATCH'|'CLOUDWATCHMETRICS'|'CMDB'|'DATALAKEGEN2'|'DB2'|'DB2AS400'|'DOCUMENTDB'|'DOMO'|'DYNAMODB'|'GOOGLECLOUDSTORAGE'|'HBASE'|'KUSTOMER'|'MICROSOFTDYNAMICS365CRM'|'MONDAY'|'MYSQL'|'OKTA'|'OPENSEARCH'|'ORACLE'|'PIPEDRIVE'|'POSTGRESQL'|'SAPHANA'|'SQLSERVER'|'SYNAPSE'|'TERADATA'|'TERADATANOS'|'TIMESTREAM'|'TPCDS'|'VERTICA',
            'MatchCriteria': [
                'string',
            ],
            'ConnectionProperties': {
                'string': 'string'
            },
            'SparkProperties': {
                'string': 'string'
            },
            'AthenaProperties': {
                'string': 'string'
            },
            'PythonProperties': {
                'string': 'string'
            },
            'PhysicalConnectionRequirements': {
                'SubnetId': 'string',
                'SecurityGroupIdList': [
                    'string',
                ],
                'AvailabilityZone': 'string'
            },
            'AuthenticationConfiguration': {
                'AuthenticationType': 'BASIC'|'OAUTH2'|'CUSTOM'|'IAM',
                'OAuth2Properties': {
                    'OAuth2GrantType': 'AUTHORIZATION_CODE'|'CLIENT_CREDENTIALS'|'JWT_BEARER',
                    'OAuth2ClientApplication': {
                        'UserManagedClientApplicationClientId': 'string',
                        'AWSManagedClientApplicationReference': 'string'
                    },
                    'TokenUrl': 'string',
                    'TokenUrlParametersMap': {
                        'string': 'string'
                    },
                    'AuthorizationCodeProperties': {
                        'AuthorizationCode': 'string',
                        'RedirectUri': 'string'
                    },
                    'OAuth2Credentials': {
                        'UserManagedClientApplicationClientSecret': 'string',
                        'AccessToken': 'string',
                        'RefreshToken': 'string',
                        'JwtToken': 'string'
                    }
                },
                'SecretArn': 'string',
                'KmsKeyArn': 'string',
                'BasicAuthenticationCredentials': {
                    'Username': 'string',
                    'Password': 'string'
                },
                'CustomAuthenticationCredentials': {
                    'string': 'string'
                }
            },
            'ValidateCredentials': True|False,
            'ValidateForComputeEnvironments': [
                'SPARK'|'ATHENA'|'PYTHON',
            ]
        },
        Tags={
            'string': 'string'
        }
    )
    
  :type CatalogId: string
  :param CatalogId: 

    The ID of the Data Catalog in which to create the connection. If none is provided, the Amazon Web Services account ID is used by default.

    

  
  :type ConnectionInput: dict
  :param ConnectionInput: **[REQUIRED]** 

    A ``ConnectionInput`` object defining the connection to create.

    

  
    - **Name** *(string) --* **[REQUIRED]** 

      The name of the connection.

      

    
    - **Description** *(string) --* 

      The description of the connection.

      

    
    - **ConnectionType** *(string) --* **[REQUIRED]** 

      The type of the connection. Currently, these types are supported:

       

      
      * ``JDBC`` - Designates a connection to a database through Java Database Connectivity (JDBC). ``JDBC`` Connections use the following ConnectionParameters. 

        
        * Required: All of ( ``HOST``, ``PORT``, ``JDBC_ENGINE``) or ``JDBC_CONNECTION_URL``.
         
        * Required: All of ( ``USERNAME``, ``PASSWORD``) or ``SECRET_ID``.
         
        * Optional: ``JDBC_ENFORCE_SSL``, ``CUSTOM_JDBC_CERT``, ``CUSTOM_JDBC_CERT_STRING``, ``SKIP_CUSTOM_JDBC_CERT_VALIDATION``. These parameters are used to configure SSL with JDBC.
        

      
       
      * ``KAFKA`` - Designates a connection to an Apache Kafka streaming platform. ``KAFKA`` Connections use the following ConnectionParameters. 

        
        * Required: ``KAFKA_BOOTSTRAP_SERVERS``.
         
        * Optional: ``KAFKA_SSL_ENABLED``, ``KAFKA_CUSTOM_CERT``, ``KAFKA_SKIP_CUSTOM_CERT_VALIDATION``. These parameters are used to configure SSL with ``KAFKA``.
         
        * Optional: ``KAFKA_CLIENT_KEYSTORE``, ``KAFKA_CLIENT_KEYSTORE_PASSWORD``, ``KAFKA_CLIENT_KEY_PASSWORD``, ``ENCRYPTED_KAFKA_CLIENT_KEYSTORE_PASSWORD``, ``ENCRYPTED_KAFKA_CLIENT_KEY_PASSWORD``. These parameters are used to configure TLS client configuration with SSL in ``KAFKA``.
         
        * Optional: ``KAFKA_SASL_MECHANISM``. Can be specified as ``SCRAM-SHA-512``, ``GSSAPI``, or ``AWS_MSK_IAM``.
         
        * Optional: ``KAFKA_SASL_SCRAM_USERNAME``, ``KAFKA_SASL_SCRAM_PASSWORD``, ``ENCRYPTED_KAFKA_SASL_SCRAM_PASSWORD``. These parameters are used to configure SASL/SCRAM-SHA-512 authentication with ``KAFKA``.
         
        * Optional: ``KAFKA_SASL_GSSAPI_KEYTAB``, ``KAFKA_SASL_GSSAPI_KRB5_CONF``, ``KAFKA_SASL_GSSAPI_SERVICE``, ``KAFKA_SASL_GSSAPI_PRINCIPAL``. These parameters are used to configure SASL/GSSAPI authentication with ``KAFKA``.
        

      
       
      * ``MONGODB`` - Designates a connection to a MongoDB document database. ``MONGODB`` Connections use the following ConnectionParameters. 

        
        * Required: ``CONNECTION_URL``.
         
        * Required: All of ( ``USERNAME``, ``PASSWORD``) or ``SECRET_ID``.
        

      
       
      * ``VIEW_VALIDATION_REDSHIFT`` - Designates a connection used for view validation by Amazon Redshift.
       
      * ``VIEW_VALIDATION_ATHENA`` - Designates a connection used for view validation by Amazon Athena.
       
      * ``NETWORK`` - Designates a network connection to a data source within an Amazon Virtual Private Cloud environment (Amazon VPC). ``NETWORK`` Connections do not require ConnectionParameters. Instead, provide a PhysicalConnectionRequirements.
       
      * ``MARKETPLACE`` - Uses configuration settings contained in a connector purchased from Amazon Web Services Marketplace to read from and write to data stores that are not natively supported by Glue. ``MARKETPLACE`` Connections use the following ConnectionParameters. 

        
        * Required: ``CONNECTOR_TYPE``, ``CONNECTOR_URL``, ``CONNECTOR_CLASS_NAME``, ``CONNECTION_URL``.
         
        * Required for ``JDBC`` ``CONNECTOR_TYPE`` connections: All of ( ``USERNAME``, ``PASSWORD``) or ``SECRET_ID``.
        

      
       
      * ``CUSTOM`` - Uses configuration settings contained in a custom connector to read from and write to data stores that are not natively supported by Glue.
      

       

      For more information on the connection parameters needed for a particular connector, see the documentation for the connector in `Adding an Glue connection <https://docs.aws.amazon.com/glue/latest/dg/console-connections.html>`__in the Glue User Guide.

       

      ``SFTP`` is not supported.

       

      For more information about how optional ConnectionProperties are used to configure features in Glue, consult `Glue connection properties <https://docs.aws.amazon.com/glue/latest/dg/connection-defining.html>`__.

       

      For more information about how optional ConnectionProperties are used to configure features in Glue Studio, consult `Using connectors and connections <https://docs.aws.amazon.com/glue/latest/ug/connectors-chapter.html>`__.

      

    
    - **MatchCriteria** *(list) --* 

      A list of criteria that can be used in selecting this connection.

      

    
      - *(string) --* 

      
  
    - **ConnectionProperties** *(dict) --* **[REQUIRED]** 

      These key-value pairs define parameters for the connection.

      

    
      - *(string) --* 

      
        - *(string) --* 

        
  

    - **SparkProperties** *(dict) --* 

      Connection properties specific to the Spark compute environment.

      

    
      - *(string) --* 

      
        - *(string) --* 

        
  

    - **AthenaProperties** *(dict) --* 

      Connection properties specific to the Athena compute environment.

      

    
      - *(string) --* 

      
        - *(string) --* 

        
  

    - **PythonProperties** *(dict) --* 

      Connection properties specific to the Python compute environment.

      

    
      - *(string) --* 

      
        - *(string) --* 

        
  

    - **PhysicalConnectionRequirements** *(dict) --* 

      The physical connection requirements, such as virtual private cloud (VPC) and ``SecurityGroup``, that are needed to successfully make this connection.

      

    
      - **SubnetId** *(string) --* 

        The subnet ID used by the connection.

        

      
      - **SecurityGroupIdList** *(list) --* 

        The security group ID list used by the connection.

        

      
        - *(string) --* 

        
    
      - **AvailabilityZone** *(string) --* 

        The connection's Availability Zone.

        

      
    
    - **AuthenticationConfiguration** *(dict) --* 

      The authentication properties of the connection.

      

    
      - **AuthenticationType** *(string) --* 

        A structure containing the authentication configuration in the CreateConnection request.

        

      
      - **OAuth2Properties** *(dict) --* 

        The properties for OAuth2 authentication in the CreateConnection request.

        

      
        - **OAuth2GrantType** *(string) --* 

          The OAuth2 grant type in the CreateConnection request. For example, ``AUTHORIZATION_CODE``, ``JWT_BEARER``, or ``CLIENT_CREDENTIALS``.

          

        
        - **OAuth2ClientApplication** *(dict) --* 

          The client application type in the CreateConnection request. For example, ``AWS_MANAGED`` or ``USER_MANAGED``.

          

        
          - **UserManagedClientApplicationClientId** *(string) --* 

            The client application clientID if the ClientAppType is ``USER_MANAGED``.

            

          
          - **AWSManagedClientApplicationReference** *(string) --* 

            The reference to the SaaS-side client app that is Amazon Web Services managed.

            

          
        
        - **TokenUrl** *(string) --* 

          The URL of the provider's authentication server, to exchange an authorization code for an access token.

          

        
        - **TokenUrlParametersMap** *(dict) --* 

          A map of parameters that are added to the token ``GET`` request.

          

        
          - *(string) --* 

          
            - *(string) --* 

            
      
    
        - **AuthorizationCodeProperties** *(dict) --* 

          The set of properties required for the the OAuth2 ``AUTHORIZATION_CODE`` grant type.

          

        
          - **AuthorizationCode** *(string) --* 

            An authorization code to be used in the third leg of the ``AUTHORIZATION_CODE`` grant workflow. This is a single-use code which becomes invalid once exchanged for an access token, thus it is acceptable to have this value as a request parameter.

            

          
          - **RedirectUri** *(string) --* 

            The redirect URI where the user gets redirected to by authorization server when issuing an authorization code. The URI is subsequently used when the authorization code is exchanged for an access token.

            

          
        
        - **OAuth2Credentials** *(dict) --* 

          The credentials used when the authentication type is OAuth2 authentication.

          

        
          - **UserManagedClientApplicationClientSecret** *(string) --* 

            The client application client secret if the client application is user managed.

            

          
          - **AccessToken** *(string) --* 

            The access token used when the authentication type is OAuth2.

            

          
          - **RefreshToken** *(string) --* 

            The refresh token used when the authentication type is OAuth2.

            

          
          - **JwtToken** *(string) --* 

            The JSON Web Token (JWT) used when the authentication type is OAuth2.

            

          
        
      
      - **SecretArn** *(string) --* 

        The secret manager ARN to store credentials in the CreateConnection request.

        

      
      - **KmsKeyArn** *(string) --* 

        The ARN of the KMS key used to encrypt the connection. Only taken an as input in the request and stored in the Secret Manager.

        

      
      - **BasicAuthenticationCredentials** *(dict) --* 

        The credentials used when the authentication type is basic authentication.

        

      
        - **Username** *(string) --* 

          The username to connect to the data source.

          

        
        - **Password** *(string) --* 

          The password to connect to the data source.

          

        
      
      - **CustomAuthenticationCredentials** *(dict) --* 

        The credentials used when the authentication type is custom authentication.

        

      
        - *(string) --* 

        
          - *(string) --* 

          
    
  
    
    - **ValidateCredentials** *(boolean) --* 

      A flag to validate the credentials during create connection. Default is true.

      

    
    - **ValidateForComputeEnvironments** *(list) --* 

      The compute environments that the specified connection properties are validated against.

      

    
      - *(string) --* 

      
  
  
  :type Tags: dict
  :param Tags: 

    The tags you assign to the connection.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'CreateConnectionStatus': 'READY'|'IN_PROGRESS'|'FAILED'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **CreateConnectionStatus** *(string) --* 

        The status of the connection creation request. The request can take some time for certain authentication types, for example when creating an OAuth connection with token exchange over VPC.

        
  
  **Exceptions**
  
  *   :py:class:`Glue.Client.exceptions.AlreadyExistsException`

  
  *   :py:class:`Glue.Client.exceptions.InvalidInputException`

  
  *   :py:class:`Glue.Client.exceptions.OperationTimeoutException`

  
  *   :py:class:`Glue.Client.exceptions.ResourceNumberLimitExceededException`

  
  *   :py:class:`Glue.Client.exceptions.GlueEncryptionException`

  