<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>post AWS Cloud Discovery with ServiceNow's Paris in ITOM blog</title>
    <link>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/ba-p/2270232</link>
    <description>&lt;P&gt;Amazon Web Services (AWS) is a cloud service provided by Amazon.com. AWS enables virtualized computing platforms accessible through the internet. ServiceNow's ITOM Discovery enables you to discover cloud services in AWS. Since the London release of the ServiceNow platform, our AWS Cloud Discovery offering has evolved. &lt;STRONG&gt;The major challenge our customers had with previous releases is that they need to share AWS account credentials to Servicenow for discovery and sharing credentials is a big no-no from a security standpoint. Now with the Paris release of ServiceNow's ITOM, customers can do much more without sharing AWS account credentials&lt;/STRONG&gt;. Moreover, customers can do self account discovery, member to member discovery, member to master discovery, cross-organization discovery, and recursive discovery. Also, &lt;STRONG&gt;customers need fewer AWS resources to do the discovery and fewer resources mean less cost and less cost mean more savings for customers&lt;/STRONG&gt;.&amp;nbsp;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In this blog, I will explain to you step by step to setup Servicenow and AWS to enable AWS Cloud Discovery with Cross Assume Role and this blog does not cover how our discovery finds AWS resources, Magic..!&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171375i6117ED3D5B35D062/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 1:&lt;/STRONG&gt; Setup Servicenow's MID server on one of your EC2 instances or any other resources of your AWS account [eg: Account X ].&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171369i5E887B50F09680FC/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171377iB50D2A0145A82EA9/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 2:&lt;/STRONG&gt; Create a custom role [ eg: Role X] with the below sample policy/permissions [&lt;STRONG&gt;attached&lt;/STRONG&gt;] and assign this to the &lt;STRONG&gt;EC2's IAM profile.&amp;nbsp; &lt;/STRONG&gt;Note: The permissions need to be modified to suit needs. E.g. if customers want to add a discovery pattern for getting some other cloud resource types, more permissions would be needed - the attached read/list permissions are typically enough.&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171373iA3D1DB66B770E53F/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 3:&lt;/STRONG&gt; Create a trust relationship of this custom role [ eg: Role X]&amp;nbsp; in other AWS accounts [ Account Y &amp;amp; Z ]&amp;nbsp; where you want to discover AWS resources. This can be done by creating custom roles&amp;nbsp;[ eg: Role Y &amp;amp; Z ]&amp;nbsp; in other account and by establishing trust relationships from account X&amp;nbsp;[ eg: Role X]&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171371i44B462353896A451/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 4:&lt;/STRONG&gt; Let's make sure the MID server is connected to the ServiceNow instance and validated. Once validated, enable the MID server to assume the role of the discovery by adding this configuration parameter with the value of the custom role [ eg: Role X]&amp;nbsp; that you created. With this setup, you can do self-account discovery.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171391i8ED8C15D372B5FE2/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 5:&lt;/STRONG&gt; Add AWS accounts to ServiceNow's to Service Accounts [eg: Account X, Y &amp;amp; Z ]. and during the setup add of accounts [&amp;nbsp;eg:&amp;nbsp;Account Y &amp;amp; Z ] add the accessor account as [eg:&amp;nbsp;Account X ] where the MID server is present.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171389i10002A0F4F50FF5E/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171393i3742D47AED469F91/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 6:&lt;/STRONG&gt; Disclose all the custom roles that you have created in AWS to Servicenow by creating one on one relationship in Cross Assume Role section of Servicenow, [ eg: Role Y &amp;amp; Z ] mapped to&amp;nbsp;[&amp;nbsp;eg:&amp;nbsp;Account Y &amp;amp; Z ]&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171395iFC4B8585F7410B8A/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171399iA9FCBB8D9CA0AC56/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 7:&lt;/STRONG&gt; Go to Discovery Schedule to trigger a Cloud Discovery for accounts [&amp;nbsp;eg:&amp;nbsp;Account X, Y or Z ].&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171397iBF33D023566B6C81/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171413i2730C705311CDA2E/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;You are all set to do the AWS cloud Discovery in accounts [&amp;nbsp;eg:&amp;nbsp;Account X, Y &amp;amp; Z ] without sharing credentials to Servicenow, isn't that magic. This solution is an industry first and available on ServiceNow's ITOM.&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;More details can be found here...&lt;/P&gt;
&lt;P&gt;&lt;A href="https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/discovery/concept/aws-cloud-discovery.html" rel="nofollow"&gt;AWS Cloud Discovery&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://community.servicenow.com/community?id=community_video&amp;amp;sys_id=5180ab54dbd800145129a851ca96195b" rel="nofollow"&gt;Cloud Discovery Setup (AWS) - New York&lt;/A&gt;&lt;/P&gt;
&lt;DIV id="mstr_highlight_precard" style="position: absolute; left: 0px; top: 0px;"&gt;&amp;nbsp;&lt;/DIV&gt;</description>
    <pubDate>Mon, 12 Oct 2020 04:24:50 GMT</pubDate>
    <dc:creator>Harsh Kumar1</dc:creator>
    <dc:date>2020-10-12T04:24:50Z</dc:date>
    <item>
      <title>AWS Cloud Discovery with ServiceNow's Paris</title>
      <link>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/ba-p/2270232</link>
      <description>&lt;P&gt;Amazon Web Services (AWS) is a cloud service provided by Amazon.com. AWS enables virtualized computing platforms accessible through the internet. ServiceNow's ITOM Discovery enables you to discover cloud services in AWS. Since the London release of the ServiceNow platform, our AWS Cloud Discovery offering has evolved. &lt;STRONG&gt;The major challenge our customers had with previous releases is that they need to share AWS account credentials to Servicenow for discovery and sharing credentials is a big no-no from a security standpoint. Now with the Paris release of ServiceNow's ITOM, customers can do much more without sharing AWS account credentials&lt;/STRONG&gt;. Moreover, customers can do self account discovery, member to member discovery, member to master discovery, cross-organization discovery, and recursive discovery. Also, &lt;STRONG&gt;customers need fewer AWS resources to do the discovery and fewer resources mean less cost and less cost mean more savings for customers&lt;/STRONG&gt;.&amp;nbsp;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In this blog, I will explain to you step by step to setup Servicenow and AWS to enable AWS Cloud Discovery with Cross Assume Role and this blog does not cover how our discovery finds AWS resources, Magic..!&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171375i6117ED3D5B35D062/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 1:&lt;/STRONG&gt; Setup Servicenow's MID server on one of your EC2 instances or any other resources of your AWS account [eg: Account X ].&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171369i5E887B50F09680FC/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171377iB50D2A0145A82EA9/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 2:&lt;/STRONG&gt; Create a custom role [ eg: Role X] with the below sample policy/permissions [&lt;STRONG&gt;attached&lt;/STRONG&gt;] and assign this to the &lt;STRONG&gt;EC2's IAM profile.&amp;nbsp; &lt;/STRONG&gt;Note: The permissions need to be modified to suit needs. E.g. if customers want to add a discovery pattern for getting some other cloud resource types, more permissions would be needed - the attached read/list permissions are typically enough.&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171373iA3D1DB66B770E53F/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 3:&lt;/STRONG&gt; Create a trust relationship of this custom role [ eg: Role X]&amp;nbsp; in other AWS accounts [ Account Y &amp;amp; Z ]&amp;nbsp; where you want to discover AWS resources. This can be done by creating custom roles&amp;nbsp;[ eg: Role Y &amp;amp; Z ]&amp;nbsp; in other account and by establishing trust relationships from account X&amp;nbsp;[ eg: Role X]&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171371i44B462353896A451/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 4:&lt;/STRONG&gt; Let's make sure the MID server is connected to the ServiceNow instance and validated. Once validated, enable the MID server to assume the role of the discovery by adding this configuration parameter with the value of the custom role [ eg: Role X]&amp;nbsp; that you created. With this setup, you can do self-account discovery.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171391i8ED8C15D372B5FE2/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 5:&lt;/STRONG&gt; Add AWS accounts to ServiceNow's to Service Accounts [eg: Account X, Y &amp;amp; Z ]. and during the setup add of accounts [&amp;nbsp;eg:&amp;nbsp;Account Y &amp;amp; Z ] add the accessor account as [eg:&amp;nbsp;Account X ] where the MID server is present.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171389i10002A0F4F50FF5E/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171393i3742D47AED469F91/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 6:&lt;/STRONG&gt; Disclose all the custom roles that you have created in AWS to Servicenow by creating one on one relationship in Cross Assume Role section of Servicenow, [ eg: Role Y &amp;amp; Z ] mapped to&amp;nbsp;[&amp;nbsp;eg:&amp;nbsp;Account Y &amp;amp; Z ]&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171395iFC4B8585F7410B8A/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171399iA9FCBB8D9CA0AC56/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step 7:&lt;/STRONG&gt; Go to Discovery Schedule to trigger a Cloud Discovery for accounts [&amp;nbsp;eg:&amp;nbsp;Account X, Y or Z ].&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171397iBF33D023566B6C81/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"&gt;&lt;img src="https://www.servicenow.com/community/image/serverpage/image-id/171413i2730C705311CDA2E/image-size/large?v=v2&amp;amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /&gt;&lt;/span&gt;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;You are all set to do the AWS cloud Discovery in accounts [&amp;nbsp;eg:&amp;nbsp;Account X, Y &amp;amp; Z ] without sharing credentials to Servicenow, isn't that magic. This solution is an industry first and available on ServiceNow's ITOM.&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;More details can be found here...&lt;/P&gt;
&lt;P&gt;&lt;A href="https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/discovery/concept/aws-cloud-discovery.html" rel="nofollow"&gt;AWS Cloud Discovery&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://community.servicenow.com/community?id=community_video&amp;amp;sys_id=5180ab54dbd800145129a851ca96195b" rel="nofollow"&gt;Cloud Discovery Setup (AWS) - New York&lt;/A&gt;&lt;/P&gt;
&lt;DIV id="mstr_highlight_precard" style="position: absolute; left: 0px; top: 0px;"&gt;&amp;nbsp;&lt;/DIV&gt;</description>
      <pubDate>Mon, 12 Oct 2020 04:24:50 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/ba-p/2270232</guid>
      <dc:creator>Harsh Kumar1</dc:creator>
      <dc:date>2020-10-12T04:24:50Z</dc:date>
    </item>
    <item>
      <title>Re: AWS Cloud Discovery with ServiceNow's Paris</title>
      <link>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/bc-p/2270233#M86</link>
      <description>&lt;P&gt;&lt;A title="AWS Discovery" href="https://community.servicenow.com/community?id=community_article&amp;amp;sys_id=59924273dbac941023f4a345ca961984"&gt;https://community.servicenow.com/community?id=community_article&amp;amp;sys_id=59924273dbac941023f4a345ca961984&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks. nice article. I created a similar article.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 19 Oct 2020 16:44:16 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/bc-p/2270233#M86</guid>
      <dc:creator>Vivektietsood</dc:creator>
      <dc:date>2020-10-19T16:44:16Z</dc:date>
    </item>
    <item>
      <title>Re: AWS Cloud Discovery with ServiceNow's Paris</title>
      <link>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/bc-p/2270234#M87</link>
      <description>&lt;P&gt;Thanks Harsha. Here is how am planning to use it, summarizing it for everyone's benefit and let me know if you see any issues.&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;Install MID-Server on a EC2 instance part of a VPC, let us say in AWS Account "&lt;EM&gt;NSOC&lt;/EM&gt;"&lt;/LI&gt;
&lt;LI&gt;The VPC should be attached to Transit Gateway&lt;/LI&gt;
&lt;LI&gt;Create a custom role&amp;nbsp;Role&amp;nbsp;&lt;STRONG&gt;&lt;EM&gt;CMDBDiscoveryMidServerRole&amp;nbsp;&lt;/EM&gt;&lt;/STRONG&gt;with AmazonEC2FullAccess permission and assign this to the EC2's IAM profile.&lt;/LI&gt;
&lt;LI&gt;Create a trust relationship of this custom role&amp;nbsp;in other AWS accounts&amp;nbsp;where we want to discover AWS resources. This can be done by creating custom role [&lt;STRONG&gt;&lt;EM&gt;CMDBDiscoveryRole&amp;nbsp;&lt;/EM&gt;&lt;/STRONG&gt;] in other account and by establishing trust relationships from account NSOC&amp;nbsp;[Role&amp;nbsp;&lt;STRONG&gt;&lt;EM&gt;CMDBDiscoveryMidServerRole&lt;/EM&gt;&lt;/STRONG&gt;].&lt;/LI&gt;
&lt;LI&gt;Validate the MID-Server and is connected to SNOW SaaS&lt;/LI&gt;
&lt;LI&gt;Once validated, enable the MID-Server to assume the role of&amp;nbsp;the discovery by adding this configuration parameter (&lt;EM&gt;mid.aws.instance.profile.name&lt;/EM&gt;) with the value of the custom role [&lt;STRONG&gt;&lt;EM&gt;CMDBDiscoveryMidServerRole&lt;/EM&gt;&lt;/STRONG&gt;]&amp;nbsp; that we created. With this setup, we can do self account discovery of the&amp;nbsp;&lt;EM&gt;NSOC&lt;/EM&gt;&amp;nbsp;AWS Account.&amp;nbsp;&lt;/LI&gt;
&lt;LI&gt;Now, create Service Accounts for all AWS Accounts (NSOC, other accounts) that is attached to the TGW and accessible via the NSOC MID-Server.&lt;/LI&gt;
&lt;LI&gt;When creating other service accounts, add the accessor account as "&lt;EM&gt;NSOC&lt;/EM&gt;" account where the MID Server is present&lt;/LI&gt;
&lt;LI&gt;Disclose all the custom roles that you have created in AWS to Servicenow by creating one on one relationship in Cross Assume Role section of Servicenow, [&amp;nbsp;&lt;STRONG&gt;&lt;EM&gt;CMDBDiscoveryRole&amp;nbsp;&lt;/EM&gt;&lt;/STRONG&gt;&amp;nbsp;] mapped to&amp;nbsp;[&amp;nbsp;eg:&amp;nbsp;other AWS Accounts ]&lt;/LI&gt;
&lt;LI&gt;Now, go ahead and create Discovery schedule and trigger discovery for NSOC and other AWS Accounts.&lt;/LI&gt;
&lt;/OL&gt;
&lt;DIV id="highlighter--hover-tools" style="display: none;"&gt;&amp;nbsp;&lt;/DIV&gt;</description>
      <pubDate>Wed, 11 Nov 2020 05:43:29 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/bc-p/2270234#M87</guid>
      <dc:creator>Kiran Venkatesa</dc:creator>
      <dc:date>2020-11-11T05:43:29Z</dc:date>
    </item>
    <item>
      <title>Re: AWS Cloud Discovery with ServiceNow's Paris</title>
      <link>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/bc-p/2270235#M88</link>
      <description>&lt;P&gt;Hi &lt;SN-MENTION class="sn-mention" table="live_profile" sysid="c0876225dbae5010f21f5583ca961975"&gt;@Harsh Kumar&lt;/SN-MENTION&gt;&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;Thanks for putting together this step-by-step guide.&lt;BR /&gt;&lt;BR /&gt;I am trying to set up AWS Discovery with a single AWS account as a POC. The organization has multiple AWS accounts but at this point I am just trying to discover a single member(?) account.&lt;BR /&gt;&lt;BR /&gt;I don't have access to Access Key ID &amp;amp; Secret Access Key to create credentials and still want to use the new IAM role based access. How should I go about creating the Service Account (step 5 &amp;amp; 6) in this case?&lt;BR /&gt;I created the service account with just the Account Name, Account ID and Datacenter type. No parent, no accessor account, no master account. But this fails with the following error:&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;PRE class="language-markup"&gt;&lt;CODE&gt;AWS was not able to validate the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure; Request ID: ​&lt;/CODE&gt;&lt;/PRE&gt;
&lt;P&gt;&lt;BR /&gt;Any help on this is much appreciated,&lt;BR /&gt;Thank you&lt;/P&gt;</description>
      <pubDate>Sun, 02 May 2021 17:54:03 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/bc-p/2270235#M88</guid>
      <dc:creator>Marca</dc:creator>
      <dc:date>2021-05-02T17:54:03Z</dc:date>
    </item>
    <item>
      <title>Re: AWS Cloud Discovery with ServiceNow's Paris</title>
      <link>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/bc-p/2270236#M89</link>
      <description>&lt;P&gt;&lt;SPAN style="font-size: 10pt; font-family: Arial;" data-sheets-value="{&amp;quot;1&amp;quot;:2,&amp;quot;2&amp;quot;:&amp;quot;I love that you've shared this information. It could be useful for many managers who have to deal with this kind of problem. Nowadays, many companies are using different cloud services to stock their information and give access to the database to all employees. I love this tendency as I have tried it myself with https://www.clearscale.com/services/cloud-migration, and this type of modernization in companies makes the work a lot easier and gives it a lot of new opportunities. I hope more companies will start introducing this system in their work because it would help a lot in saving the information.&amp;quot;}" data-sheets-userformat="{&amp;quot;2&amp;quot;:371459,&amp;quot;3&amp;quot;:{&amp;quot;1&amp;quot;:0},&amp;quot;4&amp;quot;:{&amp;quot;1&amp;quot;:2,&amp;quot;2&amp;quot;:16777215},&amp;quot;11&amp;quot;:3,&amp;quot;12&amp;quot;:0,&amp;quot;14&amp;quot;:{&amp;quot;1&amp;quot;:2,&amp;quot;2&amp;quot;:0},&amp;quot;16&amp;quot;:10,&amp;quot;18&amp;quot;:1,&amp;quot;19&amp;quot;:0,&amp;quot;21&amp;quot;:0}"&gt;I love that you've shared this information. It could be useful for many managers who have to deal with this kind of problem. Nowadays, many companies are using different cloud services to stock their information and give access to the database to all employees. I love this tendency as I have tried it myself with &lt;A href="https://www.clearscale.com/services/cloud-migration"&gt;https://www.clearscale.com/services/cloud-migration&lt;/A&gt;, and this type of modernization in companies makes the work a lot easier and gives it a lot of new opportunities. I hope more companies will start introducing this system in their work because it would help a lot in saving the information.&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 22 Feb 2022 14:27:57 GMT</pubDate>
      <guid>https://www.servicenow.com/community/itom-blog/aws-cloud-discovery-with-servicenow-s-paris/bc-p/2270236#M89</guid>
      <dc:creator>stephchif</dc:creator>
      <dc:date>2022-02-22T14:27:57Z</dc:date>
    </item>
  </channel>
</rss>

