AWS Discovery with Assume Role

Breizh · ‎11-07-2023

We are using the Member to Master Discovery using Accessor account. This was set up earlier this year and worked like a champ until recently, following this document: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0957891#mcetoc_1f3jsltco19

Now, more often then not, discovery will fail, with the following error: The credentials can't be used with the account ID provided , Pattern name: Amazon AWS Service account. Without any change on the ServiceNow or AWS side, it occasionally works. I can't even tell where the failure is occurring: AWS or ServiceNow.

I opened a Support Ticket with ServiceNow but no luck so far. I would appreciate any pointers in where to start troubleshooting this issue.

Breizh · ‎11-15-2023

The problem was solved by creating a single Discovery Schedule for the Master account, instead of the initial set up that had a Discovery Schedule for each account. I cannot recall whether that was the documented recommendation or some decision on my part. Either way, it now works, although it takes over an hour to discover all 30 sub-accounts.