AWS Discovery of Virtual Machines using Credentials

Sameer Khanna
Tera Contributor

‎08-25-2023 01:00 AM

Hi,

I've implemented AWS Cloud Discovery in ServicNow using credentials.

 

I've a master account and 3 sub/member accounts. I've configured an IAM user in master account and provided it 'ReadOnlyAccess' policy and generated access key id and secret key and added them under AWS credentials in ServiceNow.

 

Then I configured a service account in ServiceNow and called the credentials setup earlier in the service account. So, I've a MID server setup in one of the EC2 instance in master account.

 

So, my question is , will I be able to discover EC2 instance (Virtual machines) which are setup in sub/member accounts from the MID server in master account's EC2 instance.

 

Thanks

 

 

0 Helpfuls
  • 1,482 Views
6 REPLIES 6

Appli
Mega Sage
Mega Sage

‎08-25-2023 04:10 AM

Hi, right, you should be able to discover VM instances in member accounts using Discovery manager.

Hope it helps
0 Helpfuls

Sameer Khanna
Tera Contributor
In response to Appli

‎08-26-2023 04:05 AM

Yes, you can use 'Discovery Manager' to do so, but I've few EC2 instances in sub/member accounts and when I tried to discover using the IAM's credentials configured in Master Account, I was only able to discover EC2 instances in Master account but not able to discover EC2 instances in sub/member account.

 

So, is there any specific role/policy that needs to be provided to IAM user in AWS console which would also allow discovery of EC2 instances in sub/member account ?

0 Helpfuls

Pratiksha
Mega Sage
Mega Sage

‎08-27-2023 07:54 PM

Hi @Sameer Khanna ,

 

Check this article https://support.servicenow.com/kb?id=kb_article_view&sys_kb_id=7a7e2a4ddba4f8144819fb2439961964

 

Check if you have followed all the steps. If yes we can discuss further. 

 

0 Helpfuls

Sameer Khanna
Tera Contributor
In response to Pratiksha

‎08-28-2023 12:10 AM

I've gone through this article, this article talks about credential - less approach using 'assume role', and the part where it does talk about credential , there is no mention about how EC2 instances in sub-accounts would be discovered.

So, using credential approach is there any specific role/policy that needs to be provided to IAM user in AWS console which would also allow discovery of EC2 instances in sub/member account ? 

0 Helpfuls