Introduction 

CloudWatch provides a wealth of configurable monitoring features, and an easy way to send that information virtually anywhere by using AWS SNS (Simple Notification Service). 

ServiceNow routes incidents to the right people in your organization who need to take action when something meaningful happens in your AWS environment.

This post demonstrates how to integrate AWS SNS topics to send messages to ServiceNow, open an incident when a CloudWatch alarm is triggered, and test your configuration with a sample CloudWatch alarm.

• Important performance note: this example is meant for low-volume scenarios only, such as occasional billing alarms. It is not designed to handle full operational monitoring scale of processing and will very quickly consume all your API semaphores. ServiceNow offers fully-supported solutions for high-volume operational monitoring included with Event Management:
• • AWS Config: https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/cloud-management-v...

  • CloudWatch Alarms: https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/event-management/t...

  • CloudWatch metrics (included with Operational Intelligence):https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/event-management/t...

Configure ServiceNow

We will use a free ServiceNow developer instance to do our work. If you already have one, feel free to use your own.

1. Log in to https://developers.service-now.com, and request a developer instance https://developer.servicenow.com/app.do#!/instance

2. Log in to the developer instance as administrator, and make sure to remember your login credentials (these will be used later when configuring SNS topic subscription URLs)
3. Navigate to System Applications -> Studio, and choose [Import From Source Control]
4. Enter the following URL  https://github.com/byukich/x_snc_aws_sns and leave both “User name” and “Password” fields empty

1. Close the Studio browser tab; you won’t be needing it any more
2. Refresh your ServiceNow browser tab, and navigate to “AWS SNS”. Notice three new navigation links on the left pane:
   

Create AWS SNS topic and subscription

1. Log in to SNS console, in N Virginia, https://console.aws.amazon.com/sns/v2/home
2. Click [Topics] on left pane

3. Click [Create new topic], give it a name and display name "ServiceNow”
4. Click [Create Topic]
5. Click the ARN link for the topic you just created

6. Click [Create Subscription]

7. Choose HTTPS protocol

8. Endpoint (note: use the admin password that was given to you when you acquired the free ServiceNow developer instance): https://admin:<ServiceNow admin password>@<your developer instance>.service-now.com/api/x_snc_aws_sns/aws_sns

9. Click [Create subscription]

10. Note that your new subscription is "PendingConfirmation"
    

Confirm SNS subscription on ServiceNow

Before AWS SNS is allowed to send messages to ServiceNow, you must confirm the subscription on ServiceNow. At this point, AWS has already sent a handshake request, and it’s awaiting confirmation inside your ServiceNow instance.

1. On your ServiceNow browser tab, navigate to AWS SNS -> Subscriptions, and notice that a new record has been created by AWS.
   
2. Open the subscription by clicking “ServiceNow”, and click [Confirm Subscription]
   
3. Stay on this page, because you will need to create a “Handler” next

Now let’s do something meaningful whenever AWS SNS sends an alarm. In this case, we want open an incident when CloudWatch notifies you of a budget threshold being crossed. ServiceNow provides a script “Handler” that is invoked when SNS sends an alarm message. To configure a handler to create an incident, follow the instructions below:

1. At the bottom of the Subscription form, find the section titled “Handlers”
2. Click [New] and type a name for the handler, such as “Create SNS Spending Alarm Incident”
3. Paste the following code at line 3 (just inside the function):
   

   var incident = new GlideRecord("incident");
   incident.initialize();
   incident.short_description = "SNS Alarm: "+message.AlarmName;
   incident.description = "AWS Account ID: " + message.AWSAccountId + "\nRegion: " + message.Region + "\nDescription: " + message.NewStateReason;
   incident.insert();​

   
   
   

4. Click [Submit] to save the handler

Test using CloudWatch

To test this integration, a CloudWatch alarm is going to be created and tripped to trigger an SNS message, which will create an incident in ServiceNow.

1. Navigate to Cloudwatch; your alarm should be in the same region as your SNS topic, N Virginia.
2. Click “Create an Alarm” under Browse metrics, select Billing
   

3. Select “USD” and hit next as shown below:
   

4. Complete Setup by filling the details as shown below:
   
5. To test your Alarm, go to the same modification page as shown above, and chage your threshold to something lower than your current spend. That will trigger your alarm.

For example before trigger:

Alarms->Select Alarm->Modify

6. After refreshing the page, your alarm should be triggered
   

7. Navigate to ServiceNow and check whether an Incident was created.
   

8. If you see an incident, then you have successfully integrated SNS and ServiceNow.
   

Conclusion

This blog demonstrated one way of integrating ServiceNow with CloudWatch, by creating an incident whenever AWS billing exceeds a threshold. The principle can be extended to any type of SNS topic which notifies ServiceNow whenever anything meaningful happens inside AWS cloud environment. Within ServiceNow’s SNS Handlers, you can create any type of ServiceNow record you like; it could kick off an automated workflow, or create Events/Alerts/Notifications, or even automatically orchestrate some kind of remediation.

Below diagram shows some of the automation you can perform using this integration pattern.

Authors:

Grant Hulbert (Sr. Technology Alliance Architect)

Grant Hulbert is a senior Technology Alliance Architect for Servicenow, and manages technology relationships with ServiceNow’s global strategic alliance partner engineers

Itai David Njanji (Sr. Consultant, AWS)

Itai David Njanji is a certified Solutions Architect at AWS and leads the Operations Integrations practice on tooling strategy between AWS services and third party tools such as ServiceNow.

Special thanks to Ben Yukich, who wrote the ServiceNow source code for this integration

Learn more about the authors on Linkedin Itai David Njanji  Grant Hulbert  Ben Yukich