AWS Secrets Manager allows you to safely store and use data source credential information. Once you obtain the credential information for your data source, you must store this information as a secret in AWS Secrets Manager. The secret allows you to connect using an OAuth 2.0 grant. When creating a connection, you must specify the name of the secret you created to store your data source credential information.

Important: Your AWS Glue ETL job and secret must be hosted in the same region. Cross-region secret retrieval is not currently supported.

When you create a secret, you enter key-value pairs for each credential you are storing in the Secrets Manager. The keys are case-sensitive and must match the keys provided in the JDBC URL result field when creating a connection (see Creating a Dynamics 365 connection in AWS Glue Studio).

The credential information you need to set up a Dynamics 365 data source depends on the OAuth 2.0 grant flow you are using. Here is the credential information you must store in AWS Secrets Manager for each type of grant.

  • Client credentials grant
    • Service URL
    • Client ID
    • Client secret
    • Token URI
    • Scope
  • Refresh token grant
    • Service URL
    • Client ID
    • Client secret
    • Token URI
    • Refresh token

For more information about creating and using secrets, see Creating and Managing Secrets with AWS Secrets Manager.