Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

SG AWS key rotation issue

Go to solution
strahinjast
Tera Contributor

‎07-03-2025 07:42 AM

Hello,

 

we have a problem with OOB SG AWS key rotation setup:

 

Exception occurred while rotating keys for SG-AWS-CredentialAlias-Org, Error Message: com.glide.script.fencing.MethodNotAllowedException: Function „setDisplayValue“ is not allowed in scope „sn_aws_integ“

 

from AWS side looks all good, but the issue is: the script will replace the keys, the old one, which now can NOT be overwritten, will stay in ServiceNow, which means SG-AWS will be completely broken.

 

As this is OOB (scoped application), no changes should be made, I'm wondering if someone else had a same problem.

Thanks!

0 Helpfuls
  • 597 Views
1 ACCEPTED SOLUTION

Go to solution
Shreya Shikha
ServiceNow Employee
ServiceNow Employee

‎07-03-2025 08:51 AM - edited ‎07-03-2025 08:53 AM

Hi @strahinjast,

You're encountering a specific error: com.glide.script.fencing.MethodNotAllowedException: Function „setDisplayValue“ is not allowed in scope „sn_aws_integ“ during Service Graph Connector for AWS key rotation. This means the out-of-the-box (OOB) script is attempting an action (setDisplayValue) that is restricted within the sn_aws_integ scoped application, preventing the old keys from being overwritten and breaking the connector.

 

Have you checked for -

  • Version Incompatibility: A conflict between your ServiceNow instance version and the SGC connector's version, or a recent patch? Which version are you currently on?

  • ServiceNow User's SnowAccountAccessPolicy IAM permissions: For SGC AWS, Specific IAM permissions are required for a ServiceNow user where it is created. These roles are packaged as part of CreateServiceNowUser.yml with the policy SnowAccountAccessPolicy. If you need AWS Key rotation feature, then you should have 'iam:CreateAccessKey' and 'iam:DeleteAccessKey' permissions assigned in the policy. Can you verify this?

View solution in original post

1 REPLY 1

Go to solution
Shreya Shikha
ServiceNow Employee
ServiceNow Employee

‎07-03-2025 08:51 AM - edited ‎07-03-2025 08:53 AM

Hi @strahinjast,

You're encountering a specific error: com.glide.script.fencing.MethodNotAllowedException: Function „setDisplayValue“ is not allowed in scope „sn_aws_integ“ during Service Graph Connector for AWS key rotation. This means the out-of-the-box (OOB) script is attempting an action (setDisplayValue) that is restricted within the sn_aws_integ scoped application, preventing the old keys from being overwritten and breaking the connector.

 

Have you checked for -

  • Version Incompatibility: A conflict between your ServiceNow instance version and the SGC connector's version, or a recent patch? Which version are you currently on?

  • ServiceNow User's SnowAccountAccessPolicy IAM permissions: For SGC AWS, Specific IAM permissions are required for a ServiceNow user where it is created. These roles are packaged as part of CreateServiceNowUser.yml with the policy SnowAccountAccessPolicy. If you need AWS Key rotation feature, then you should have 'iam:CreateAccessKey' and 'iam:DeleteAccessKey' permissions assigned in the policy. Can you verify this?