Configuring Adobe Marketo Engage connections
Adobe Marketo Engage supports the CLIENT CREDENTIALS grant type for OAuth2.
This grant type is considered 2-legged OAuth 2.0 as it is used by clients to obtain an access token outside of the context of a user. Amazon Glue is able to use the client ID and client secret to authenticate the Adobe Marketo Engage APIs which are provided by custom services that you define.
Each custom service is owned by an API-only user which has a set of roles and permissions which authorize the service to perform specific actions. An access token is associated with a single custom service.
This grant type results in an access token which is short lived, and may be renewed by calling an identity endpoint.
For public Adobe Marketo Engage documentation for OAuth 2.0 with client credentials, see Authentication
in the Adobe Marketo Engage Developer Guide.
To configure a Adobe Marketo Engage connection:
In Amazon Secrets Manager, create a secret with the following details:
For the customer managed connected app, the Secret should contain the connected app Consumer Secret with
USER_MANAGED_CLIENT_APPLICATION_CLIENT_SECRET
as key.Note: You must create a secret per connection in Amazon Glue.
In the Amazon Glue Data Catalog, create a connection by following the steps below:
When selecting a Connection type, select Adobe Marketo Engage.
Provide the
INSTANCE_URL
of the Adobe Marketo Engage instance you want to connect to.Select the Amazon IAM role which Amazon Glue can assume and has permissions for the following actions:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterface", "ec2:DeleteNetworkInterface", ], "Resource": "*" } ] }
Select the
secretName
which you want to use for this connection in Amazon Glue to put the tokens.Select the network options if you want to use your network.
Grant the IAM role associated with your Amazon Glue job permission to read
secretName
.In your Amazon Glue job configuration, provide
connectionName
as an Additional network connection.