That error isn’t random — it usually means the request reaching AWS is missing a valid Authorization header, so the signature being generated is basically for an empty value. In simple terms, ServiceNow is not properly signing the request with your AWS credentials.

The fix is to recheck your AWS credential configuration in the Service Graph Connector setup:

• Make sure you’ve entered a valid Access Key ID and Secret Access Key (no extra spaces, no expired/rotated keys)
• Confirm the credential type is set for AWS (SigV4 signing) — this is important because AWS requires signed requests
• Verify the region matches where your AWS resources exist (e.g., us-east-1, ap-south-1)
• Check that the IAM user/role has required permissions (like ReadOnlyAccess or the specific policies needed for Service Graph)

Also, if you’re using a Connection & Credential alias, open it and ensure:

• It’s correctly mapped to the AWS credential
• No fields are left blank
• Test connection is using that alias

This specific hash (47DEQpj8...) is actually what you get when the system tries to sign an empty payload/header, so the root cause is almost always missing or misconfigured credentials/signing, not networking.

In short: fix the AWS credential + signing setup (SigV4) and the 400 error will go away.