Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

reusing single credential configuration for multiple aws spokes

ApostolosS44578
Giga Contributor

yesterday

I'm really new to the platform and trying to figure out if I can reuse already setup credentials for one aws spoke (ec2) for other aws spokes (s3, cloudformation). 
So far in the instance I'm working, credentials looks like that there were duplicated for ec2 and iam, but I find this strange. I would expect that credentials are set only once and different aliases were using different algorithms so that eventually can be reused in other spokes...

Is my understanding wrong? is the current setup in the instance I'm using strange or is this normal? (there are multiple different aws accounts in the instance and adding a spoke seems to need another set of credentials to be setup.. imagine how that looks if you have like 40 different aws accounts and you need to configure 4 spokes)

Forgive my ignorance on the platform and please point to any documentation/blog entry that might help. 

thanks!!

0 Helpfuls
  • 39 Views
1 REPLY 1

pavani_paluri
Tera Guru

2 hours ago

Hi @ApostolosS44578 

 

Your understanding is correct: credentials should normally be set up once per AWS account and reused across spokes.
What you’re seeing is unusual but not “wrong” — it’s just a less efficient setup.
If you’re starting fresh, set up one alias per AWS account and point all spokes to it. That way, scaling to dozens of accounts stays manageable

 

How AWS Spoke Credentials Work in ServiceNow
Each AWS spoke (EC2, S3, CloudFormation, IAM, etc.) needs credentials to talk to AWS.
Credentials are stored in Connection & Credential Aliases.
By design, you can reuse the same credential alias across multiple spokes if the AWS account and permissions are the same.
What you’re seeing (duplicate credentials for EC2 and IAM) usually happens when admins set up each spoke separately instead of reusing an alias. It’s not technically wrong, but it’s redundant.


If you have 40 AWS accounts and configure 4 spokes for each, duplicating credentials would mean 160 separate entries — which is messy.
The cleaner approach is:
Create one credential alias per AWS account.
Reuse that alias across all spokes (EC2, S3, CloudFormation, etc.).
The spoke actions don’t care which alias you use, as long as the alias points to valid AWS credentials with the right permissions.

 

Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Pavani P