Harsh Kumar1
ServiceNow Employee
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
‎10-11-2020
09:24 PM
Amazon Web Services (AWS) is a cloud service provided by Amazon.com. AWS enables virtualized computing platforms accessible through the internet. ServiceNow's ITOM Discovery enables you to discover cloud services in AWS. Since the London release of the ServiceNow platform, our AWS Cloud Discovery offering has evolved. The major challenge our customers had with previous releases is that they need to share AWS account credentials to Servicenow for discovery and sharing credentials is a big no-no from a security standpoint. Now with the Paris release of ServiceNow's ITOM, customers can do much more without sharing AWS account credentials. Moreover, customers can do self account discovery, member to member discovery, member to master discovery, cross-organization discovery, and recursive discovery. Also, customers need fewer AWS resources to do the discovery and fewer resources mean less cost and less cost mean more savings for customers.
In this blog, I will explain to you step by step to setup Servicenow and AWS to enable AWS Cloud Discovery with Cross Assume Role and this blog does not cover how our discovery finds AWS resources, Magic..!
Step 1: Setup Servicenow's MID server on one of your EC2 instances or any other resources of your AWS account [eg: Account X ].
Step 2: Create a custom role [ eg: Role X] with the below sample policy/permissions [attached] and assign this to the EC2's IAM profile. Note: The permissions need to be modified to suit needs. E.g. if customers want to add a discovery pattern for getting some other cloud resource types, more permissions would be needed - the attached read/list permissions are typically enough.
Step 3: Create a trust relationship of this custom role [ eg: Role X] in other AWS accounts [ Account Y & Z ] where you want to discover AWS resources. This can be done by creating custom roles [ eg: Role Y & Z ] in other account and by establishing trust relationships from account X [ eg: Role X]
Step 4: Let's make sure the MID server is connected to the ServiceNow instance and validated. Once validated, enable the MID server to assume the role of the discovery by adding this configuration parameter with the value of the custom role [ eg: Role X] that you created. With this setup, you can do self-account discovery.
Step 5: Add AWS accounts to ServiceNow's to Service Accounts [eg: Account X, Y & Z ]. and during the setup add of accounts [ eg: Account Y & Z ] add the accessor account as [eg: Account X ] where the MID server is present.
Step 6: Disclose all the custom roles that you have created in AWS to Servicenow by creating one on one relationship in Cross Assume Role section of Servicenow, [ eg: Role Y & Z ] mapped to [ eg: Account Y & Z ]
Step 7: Go to Discovery Schedule to trigger a Cloud Discovery for accounts [ eg: Account X, Y or Z ].
You are all set to do the AWS cloud Discovery in accounts [ eg: Account X, Y & Z ] without sharing credentials to Servicenow, isn't that magic. This solution is an industry first and available on ServiceNow's ITOM.
More details can be found here...
Cloud Discovery Setup (AWS) - New York
- 9,196 Views
4 Comments
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
.png){kind=link}
