AWS Event Driven Discovery

Raj Abhishek
Tera Contributor

‎03-21-2023 06:48 AM

Hi,

I have a requirement form customer where we have to discover the resources form AWS cloud. As customer feedback I got 2 question

1)if we can use the Event driven discovery to update the CMDB with the resources and its VM details. 

I have a doubt that how this discovery will discover the existing resources as Event driven discovery uses Event from AWS config services to send SNS notification to snow cloud REST API in order to update the CMDB. So as unless there is a change made in any of the resources it won't get discovered right?

2) Is there any Alternate method to get the OS details apart from horizontal discovery?

 

Your Help is very much appreciated.

Thankyou.

0 Helpfuls
  • 2,281 Views
6 REPLIES 6

Raj Abhishek
Tera Contributor
In response to Ratnakar7

‎05-25-2023 04:36 AM

HI @Ratnakar7 

Thankyou for response.

 

Subscription Confirmation event does not have any button to 'confirm subscription'. But in AWS side the status is showing Confirmed.

RajAbhishek_1-1685014454239.png

 

Also in Payload, only subscription URL and .pem certificate was there. The certificate i have added in SNOW. But still I am not receiving any event. To test it i have create a new security group in one of Aws account and for that no event was received.
Can you help me to know what exactly I might be missing here?

 

Thankyou

0 Helpfuls

Parag_Sanyashiv
Giga Guru
In response to Raj Abhishek

‎09-25-2023 01:09 AM

Hello Raj,

In the screenshot provided, I can see the Subscription is confirmed. That means the configuration is correct. Still, if you are not getting further events, the config role would definitely be the issue. Try the below thing and check whether you are able to get the event.

1. Create a new Role in AWS with below permissions:

         - AmazonEC2FullAccess

         - AmazonSNSFullAccess

         - AWS_ConfigRole

          - AWSConfigRulesExecutionRole

  We are getting some higher privilege to confirm whether the event is working properly, once confirmed you need to assess the type of minimum permission required and apply that. 

2. Attach the newly created role to Config Settings in AWS

   

Parag_Sanyashiv_0-1695629052962.png

3. For Temporary Testing, Select AWS EC2 Instance as Resource categories under General Settings.

Parag_Sanyashiv_1-1695629145953.png

Keep the rest of the configuration the same and make sure you have selected the correct SNS topic name:

Parag_Sanyashiv_2-1695629229434.png

4. Save the Configuration. Wait for 1 minute after saving.

5. Try an ec2 machine turning on/off and check whether you are getting the events and Machine Status changed in ServiceNow.

 

Regards,

Parag Sanyashiv