How to Remove/Add New/Old Cloud Service Account in AWS Cloud Discovery Job

Go to solution
balaji_prusty1
Giga Guru

‎03-14-2024 01:32 AM

Hi All,

 

We have configured AWS Cloud Discovery in our organisation and it is working fine. Now I need to remove some Old Cloud Service Accounts which have already been added to the current Cloud discovery job to discover. Like Other discovery jobs (CI Based) we are removed from the Discovery Range but for the cloud, I am not finding any option to remove the configured Service Account.  Only I can see the Cloud Service Account (cmdb_ci_cloud_service_account) where we define the master and child.

 

Can someone please help with this?

 

Thanks

Balaji

 

0 Helpfuls
  • 1,556 Views
1 ACCEPTED SOLUTION

Go to solution
Ram Devanathan1
ServiceNow Employee
ServiceNow Employee
In response to balaji_prusty1

‎03-15-2024 10:56 PM

ok makes sense and that's the solution forward for now. you have to remember to set up regular checks to add accounts as needed - it won't be immediate. you can keep that as part of the account creation/termination request workflow also if there's one.

View solution in original post

0 Helpfuls
25 REPLIES 25

Go to solution
Sam_Nat
Tera Contributor
In response to Ram Devanathan1

‎08-01-2024 01:01 AM

Hi,

I've a similar requirement, I've a master/parent account and around 35 child accounts in it. I've configured a discovery schedule at master/parent account level with setting to discover all the child accounts.

Now, I want to exclude 11 child account from discovery schedule.

So, how can this be achieved, do I need to deactivate the old schedule and create new schedule and in it select only the sub accounts to discovers or is there any other configuration which I can do update the already configured discovery schedule only.


Can someone help with this.

Thanks

 

T

0 Helpfuls

Go to solution
balaji_prusty1
Giga Guru
In response to Ram Devanathan1

‎03-20-2024 06:34 AM

Hi Ram,

 

As guided,  we added the deny rule for those four accounts and ran the All account discovery with sys property "glide.discovery.cdu.auto_refresh_sub_accounts_and_ldcs" true. 

 

It is updating those four accounts, the deny rule is not working.

 

 Is there any other approach without limiting the account in the discovery job?

 

Thanks

Balaji Prusty

0 Helpfuls

Go to solution
Ram Devanathan1
ServiceNow Employee
ServiceNow Employee
In response to balaji_prusty1

‎03-20-2024 07:38 AM

hi Balaji - i think last we agreed is to go with selected accounts - so please continue with that approach. the only downside is that you will need to regularly update and add any new accounts for discovery.

 

reg this last note - what sort of deny rules hvae been put in place - can you give more details?

 

Ram

0 Helpfuls

Go to solution
balaji_prusty1
Giga Guru
In response to Ram Devanathan1

‎03-20-2024 10:25 AM

Hi Ram,

 

Here is the deny role which our AWS team added to restrict.

 

balaji_prusty1_0-1710955475825.png

Thanks

Balaji Prusty

0 Helpfuls

Go to solution
Ram Devanathan1
ServiceNow Employee
ServiceNow Employee

‎03-20-2024 11:26 AM

ok makes sense - with this, the assumerole will fail as it has been denied.

so discovery of member account will not happen, unless there's some other way the discovery of member accounts is setup - with creds or so..

is the discovery at the member account level set up through any schedules?

0 Helpfuls