How to Remove/Add New/Old Cloud Service Account in AWS Cloud Discovery Job

Go to solution
balaji_prusty1
Giga Guru

‎03-14-2024 01:32 AM

Hi All,

 

We have configured AWS Cloud Discovery in our organisation and it is working fine. Now I need to remove some Old Cloud Service Accounts which have already been added to the current Cloud discovery job to discover. Like Other discovery jobs (CI Based) we are removed from the Discovery Range but for the cloud, I am not finding any option to remove the configured Service Account.  Only I can see the Cloud Service Account (cmdb_ci_cloud_service_account) where we define the master and child.

 

Can someone please help with this?

 

Thanks

Balaji

 

0 Helpfuls
  • 1,546 Views
1 ACCEPTED SOLUTION

Go to solution
Ram Devanathan1
ServiceNow Employee
ServiceNow Employee
In response to balaji_prusty1

‎03-15-2024 10:56 PM

ok makes sense and that's the solution forward for now. you have to remember to set up regular checks to add accounts as needed - it won't be immediate. you can keep that as part of the account creation/termination request workflow also if there's one.

View solution in original post

0 Helpfuls
25 REPLIES 25

Go to solution
balaji_prusty1
Giga Guru
In response to Ram Devanathan1

‎03-14-2024 09:54 AM

Hi Ram,

 

There are Four Accounts out of 250 which we need to remove from the current AWS discovery and mark those retired as the business doesn't want those to be discovered. But whenever I tried to de-link those from master/parent ac and run the discovery job. Again those are reverting.

 

 

0 Helpfuls

Go to solution
Ram Devanathan1
ServiceNow Employee
ServiceNow Employee
In response to balaji_prusty1

‎03-14-2024 10:01 AM

that's something different from what we've been discussing esp since the accounts are operational.

 

how are you delinking the member accounts from the parent - in the AWS console?

 

do remember discovery is not doing any magic here, it is blindly following what's in the api payload. if yuo look at the payload returned, in the pattern debugger, do you see these child accounts  coming?

0 Helpfuls

Go to solution
balaji_prusty1
Giga Guru
In response to Ram Devanathan1

‎03-14-2024 10:10 AM

Thanks, Ram,

 

You are correct, when I see the payload it shows all those child accounts returning from the AWS console. Does it mean we need to remove/delink from the AWS console?

 

Thanks

Balaji Prusty

0 Helpfuls

Go to solution
Ram Devanathan1
ServiceNow Employee
ServiceNow Employee
In response to balaji_prusty1

‎03-14-2024 10:15 AM

if yu close those accounts completely following this page for example - Close an AWS account - AWS Account Management (amazon.com) - that will reoslve your problem.

 

if you keep the account but only unlink it - Remove a member account from your organization - AWS Organizations (amazon.com) - then there's a good chance that the account is not picked up from the parent.

0 Helpfuls

Go to solution
balaji_prusty1
Giga Guru
In response to Ram Devanathan1

‎03-14-2024 11:01 AM

Hi Ram,

 

Is this possible to remove/de-link those AC from the master ac but not from Org. We should remove it from Org as this will be again treated as a stand-alone ac and it will be out from the invoice and charge for credit card.  The above link you provided gives steps to remove from Org which we don't want. Only need to remove it from the Discover list.

 

Thanks

Balaji Prusty

0 Helpfuls