How do I see the Service Account a cloud tag is associated with

Go to solution
Not applicable

‎03-25-2022 06:55 AM

Cloud tags show up in the cmdb_key_value table with a reference field for the Configuration Item, but I am having a hard time writing a CMDB query or report that will show the Service Account associated with that Tag.  We have over 100 AWS accounts and knowing which service account is having tags being used out of compliance is critical for our review process.

How do I relate records in cmdb_key_value table to cloud service accounts?

Labels:
0 Helpfuls
  • 2,062 Views
1 ACCEPTED SOLUTION

Go to solution
Not applicable

‎03-31-2022 07:38 AM

I was able to resolve this issue through building a Database View that tied the cmdb_key_value (key value) table up to the Cloud Service Account table via the Configuration Item that is in the cmdb_key_value table.

rel1 Where Clause: keyvalue.configuration_item = rel1.parent and rel1.type = "5f985e0ec0a8010e00a9714f2a172815"

rel2 Where Clause: rel1.child = rel2.parent and  rel1.type = "5f985e0ec0a8010e00a9714f2a172815"

ci Where Clause: rel2.child = ci.sys_id

And on the entry for cmdb_ci_cloud_service_account I included the fields for Account ID and Name.

 

this built a view that showed me all the pieces I need across all the tags discovered.

Key, Value, CI, Service Account Name, Service Account ID

 

View solution in original post

Preview file
69 KB
6 REPLIES 6

Go to solution
Hail
ServiceNow Employee
ServiceNow Employee

‎03-27-2022 03:48 AM

when define AQWS Org discovery using mateer account there is button that retrieve all sub account and their tags. in service account form you have tab for key values

find_real_file.png

Preview file
96 KB
0 Helpfuls

Go to solution
Hail
ServiceNow Employee
ServiceNow Employee
In response to Hail

‎03-27-2022 03:49 AM

you need to deploy latest pattern store app, and refresh accounts in relevant Master account scheduler

0 Helpfuls

Go to solution
Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

‎03-27-2022 09:38 PM

the tag governance app (available in the store) allows you to find out all your CIs without the needed tags. you need to setup policies as per your company tagging needs.

once you setup the policy, run the audit - this returns a result where all violating CIs are marked failed the audit. Use this list to get details of service accounts, via script or so.

Please pose additional questions if you need help with tag governance.

Ram

0 Helpfuls

Go to solution
Not applicable

‎03-31-2022 07:38 AM

I was able to resolve this issue through building a Database View that tied the cmdb_key_value (key value) table up to the Cloud Service Account table via the Configuration Item that is in the cmdb_key_value table.

rel1 Where Clause: keyvalue.configuration_item = rel1.parent and rel1.type = "5f985e0ec0a8010e00a9714f2a172815"

rel2 Where Clause: rel1.child = rel2.parent and  rel1.type = "5f985e0ec0a8010e00a9714f2a172815"

ci Where Clause: rel2.child = ci.sys_id

And on the entry for cmdb_ci_cloud_service_account I included the fields for Account ID and Name.

 

this built a view that showed me all the pieces I need across all the tags discovered.

Key, Value, CI, Service Account Name, Service Account ID

 

Preview file
69 KB