Cloud Discovery and SG-AWS

vaibhavbhatnaga · ‎04-05-2022

Cloud Discovery finds resources in the different cloud providers. It collects the logical data centres associated with the account, as well as any subaccounts. Collecting information about resources on the cloud is relevant for companies, organizations, and cloud companies providing Platform-as-a-Service solutions. Cloud Discovery uses discovery patterns to query devices and applications and collect information about them. Cloud Discovery collects metadata from APIs.

The Service Graph Connector for AWS (SG-AWS) is built to simplify the onboarding setup and ease the integration across multiple AWS accounts in an organization. This application uses one ServiceNow user account to pull data from all of the accounts in an AWS Organization. Service Graph Connector for AWS (SG-AWS) is the easiest and most optimized way to discover the cloud metadata and get inventory details.

In case, customers use the blended approach to use Cloud Discovery and SGC-AWS both. What it means –

Cloud Discovery and MID server for cloud metadata
Service Graph Connector for deep-dive inventory
Use Tag-based Service Mapping or ML-based Service Mapping for service context

Capability Matrix

IaaS (Metadata for VMs)

IaaS (Deep dive discovery)

PaaS / DBaaS

Container (CaaS)

Requirements

Cloud Discovery

Supported

NA

Load balancer / Cloud Database / Resource Inventory / Tags

AKS / EKS / GKE / AWS ECS

Service Account-based

Master account

Cross Assume Role

MID IAM Role-based

SG-AWS

Supported

Basic SAM use cases with Installed software, running process, & traffic data for ADM/Service Map

Load balancer / Cloud Database / Resource Inventory / Tags

Roadmap H2 2022

Minimum read access requires AWS Config & Systems Manager

	Cloud Discovery	SGC-AWS
Capabilities	API-based Discovery Cloud resource Inventory and Tags (metadata)	API-based Discovery Cloud Resource Inventory, Tags and Relationships Deep dive discovery – Server, OS, Software, Processes
Limitation	Cannot get “Server” level data (OS, Software inventory, Processes) Requires MID Server Wider Credential requirement	Requires AWS Systems Manager to be enabled Heavy reliance on AWS Config
When to recommend	Only needs cloud metadata Needs tag-based Service Mapping Do not use this approach for ITAM / Cloud Insights use cases	Needs deep dive Discovery but credentials and/or MID Servers are an issue Must be using AWS Systems Manager

Below are the standalone advantages of SG-AWS:

Easy to set up with guided steps
Requires read access to limited APIs
No MID is required
Gets deep-dive application and inventory details
Use Tag-based Service Mapping or ML-based Service Mapping for service

Sonu · ‎05-13-2022

Does SGC/Normal brings even the cloud formation stacks present in AWS into servicenow CMDB ?

Johannes · ‎06-13-2022

Hi @vaibhavbhatnagar

How would you compare the data collected with the "Service Graph connector for AWS" with the data collected with the "AWS Service Management Connector"?

https://store.servicenow.com/sn_appstore_store.do#!/store/application/f0b117a3db32320093a7d7a0cf961912

Tracy Li Gao · ‎08-09-2022

The article gives the differences from tech view. It's helpful, I have marked the "Helpful" flag.

My customer need a cost comparation for the Cloud Discovery and SG-AWS solutions.

Which solution would cost more if the customer want to discover the resources such as datacenter, vm instance, storage, network, load balancer… pretty much what we are discovering for non-cloud resources.

Which solution would save more effort in setup, configure?

Shridhar S Mal2 · ‎03-06-2023

Great article

RASlat_01 · ‎03-23-2023

Hello @vaibhavbhatnaga

I am still learning about servicenow discovery.
i have learned there is 2 method one is Discovery and second is service mapping
In discovery you use IP based discovery and in service mapping we then further define every individual CI;s dependencies

so what is cloud discovery and how this different to these to I have mentioned above ?

Regards
Rashid

Anna Lee1 · ‎03-31-2024

Hi @vaibhavbhatnagar,

Thank you for your beneficial information.

From your information, SGC-AWS can deep dive discovery - for example, Server, OS, Software, and Processes.

If I need to discover WEB and WAS CIs on EC2, does SGC-AWS support this?

Regards,

Anna

Christopher Hub · ‎06-24-2024

It's important to look at the total cost of the solution as well. SG-AWS requires S3 buckets for configuration collection as well as the configuration service, configuration recorder, and aggregator. In a large / dynamic environment that can be very expensive on the AWS side, exceeding the cost of a MID server deployment in some configurations.

Also be aware that SG-AWS does not support top-down service mapping. If you use or plan to use Certificate Inventory & Mgmt, also be aware that it uses horizontal patterns through Cloud Discovery to discover certificates, and this would not function in SG-AWS.

RajeshMahaling · ‎04-03-2025

Hello Members,

Do any of you have an arch diagram for the AWS Discovery for both API based & Pattern based discovery?