Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Extending ServiceNow Cloud Discovery for Accurate BYOL Detection on AWS

andrewcobbold
Tera Contributor

an hour ago

Executive Summary

 

As organizations continue to expand their use of public cloud platforms, accurately classifying software licensing models has become a foundational requirement for compliance, cost governance, and operational transparency. In Amazon Web Services (AWS), workloads may operate under either license‑included (cloud‑provided, pay‑as‑you‑go) or Bring Your Own License (BYOL) models. Distinguishing correctly between these models is essential, as each carries materially different compliance, financial, and audit implications.

ServiceNow provides native capabilities for AWS Cloud Discovery and Software Asset Management (SAM), including support for a Cloud License Type classification consumed during SAM reconciliation. Historically, many enterprise environments experienced limitations in out‑of‑the‑box (OOTB) discovery logic, particularly where license classification depended on Amazon Machine Image (AMI) metadata that may no longer be available. When this metadata was missing or inaccessible, EC2 instances could be left unclassified, resulting in ambiguity across both BYOL and license‑included workloads.

To address this, a discovery‑time extension was designed to classify AWS workloads using instance‑level metadata, ensuring that both BYOL and license‑included models were identified accurately and consistently during cloud discovery. The approach relied on upgrade‑safe discovery pattern extensions, aligned with ServiceNow’s supported content and governance model, and ensured that license classification occurred upstream—before SAM reconciliation.

In January 2026, ServiceNow introduced an update to the Discovery and Service Mapping patterns plugins that added native OOTB support for license model determination using instance-level metadata, significantly reducing reliance on AMI‑level metadata. This enhancement was publicly available prior to production deployment of the custom solution but was not identified or documented at the time of design.

This update validates the architectural direction taken—specifically the shift toward instance‑centric licensing signals—and reflects ServiceNow’s continued evolution toward workload‑based cloud license classification. Organizations should now reassess existing custom logic against current OOTB behavior, retaining extensions only where they provide additional governance, validation, or enterprise‑specific controls.

This paper documents both the original solution and the subsequent platform evolution, offering a practical reference for organizations seeking accurate, sustainable classification of both BYOL and license‑included workloads in AWS.

 

  1. Business Context

Cloud platforms abstract infrastructure in ways that challenge traditional software licensing assumptions. In AWS, licensing indicators may exist at multiple layers—including the AMI, instance configuration, tenancy model, or subscription—each with different lifecycles and ownership responsibilities.

From a software asset management perspective, the distinction between license‑included and BYOL workloads is critical:

  • License‑included workloads are licensed through the cloud provider and do not require customer‑owned entitlements.
  • BYOL workloads rely on customer‑supplied licenses and must be tracked for compliance and audit purposes.

ServiceNow Cloud Discovery is the system of record for populating this distinction in the CMDB through the Cloud License Type attribute consumed by SAM. When discovery does not populate this field reliably, downstream processes inherit uncertainty that must be addressed manually, increasing risk and operational effort.

Key enterprise impacts include:

  • Inaccurate compliance reporting
  • False positives or false negatives in SAM
  • Increased audit exposure
  • Manual remediation efforts
  • Misalignment between cloud, ITOM, and SAM teams

 

  1. Problem Statement

2.1 Reliance on AMI Metadata for License Classification

Earlier versions of ServiceNow AWS discovery patterns relied heavily on AMI metadata retrieved via the AWS DescribeImages API to infer whether a workload was BYOL or license‑included. This approach implicitly assumed that:

  • AMIs would remain available for the lifetime of all launched instances
  • AMIs would be accessible across accounts and regions
  • Licensing indicators would be consistently populated at the image level

In practice, these assumptions frequently break down. AMIs are often deregistered, replaced, hardened, or shared temporarily as part of normal cloud operations. When AMIs are unavailable, discovery cannot determine whether the resulting instance is BYOL or license‑included, leaving the Cloud License Type undefined.

 

2.2 Impact on Software Asset Management

ServiceNow SAM requires clear license classification at discovery time. When the Cloud License Type is missing or incorrect:

  • License‑included workloads may be incorrectly flagged as requiring entitlements
  • BYOL workloads may bypass compliance tracking altogether
  • Reconciliation results become unreliable
  • Dashboards and audit reports misrepresent actual exposure

These issues stem from discovery data quality rather than failures in SAM logic.

 

2.3 Governance and Sustainability Risks

Post‑processing or corrective scripts applied downstream introduce additional concerns:

  • Increased fragility during upgrades
  • Conflicts with ServiceNow Store updates
  • Higher operational ownership
  • Reduced alignment with ServiceNow’s roadmap

A sustainable solution must operate within the supported discovery framework and remain upgrade‑safe.

 

  1. Design Principles

The solution was guided by the following principles:

  1. Discovery‑First Classification
    License‑included vs BYOL must be determined during discovery.
  2. Workload‑Centric Authority
    Running instances, not historical images, are the source of truth.
  3. Upgrade Safety
    No modification to OOTB or Store‑delivered patterns.
  4. Minimal Privilege
    Read‑only AWS permissions only.
  5. Platform Alignment
    Full compatibility with ITOM and SAM processing models.

 

  1. Solution Overview

4.1 Using Instance‑Level AWS Metadata

AWS exposes persistent licensing indicators via the DescribeInstances API, including:

  • Platform details (e.g., Windows BYOL)
  • Usage operation identifiers
  • Tenancy (shared vs dedicated host)
  • Product codes
  • Optional AWS License Manager associations

These attributes allow consistent differentiation between license‑included and BYOL workloads, independent of AMI lifecycle.

 

4.2 Upgrade‑Safe Discovery Pattern Extensions

Discovery pattern extensions were introduced to:

  • Parse instance‑level licensing signals
  • Apply deterministic classification logic
  • Populate Cloud License Type during discovery

This preserved upgradeability and ensured consistent data quality across environments.

 

  1. License Classification Logic

Example rules included:

  • Instances with AWS product codes → License‑included
  • Windows or database workloads on dedicated hosts → BYOL
  • Ambiguous conditions → flagged for governance review

The logic aligned AWS licensing constructs with ServiceNow SAM expectations.

 

  1. CMDB and SAM Integration

6.1 CMDB Population

Results were written to CI records in a governed manner, ensuring the Cloud License Type was available before SAM reconciliation.

6.2 Downstream SAM Outcomes

With accurate classification:

  • License‑included workloads were excluded from entitlement checks
  • BYOL workloads were correctly tracked
  • False compliance signals were reduced
  • Audit confidence improved

 

  1. Security and Compliance

Only read‑only AWS describe permissions were required. No agents, workload changes, or credential escalation were introduced.

 

  1. Business Outcomes

Organizations realized:

  • Improved accuracy across both BYOL and license‑included workloads
  • Reduced manual intervention in SAM
  • Stronger audit posture
  • Better cross‑team alignment

 

  1. Platform Evolution Update (January 2026)

In January 2026, ServiceNow enhanced the Discovery and Service Mapping patterns plugins with native OOTB support for license‑included and BYOL classification using instance-level metadata. This reduced dependency on AMI metadata and closely aligned with the instance‑centric design described in this paper.

The update was released prior to production deployment but was not identified or documented at the time of implementation. Its introduction underscores the importance of regularly reassessing custom discovery logic as platform capabilities evolve.

 

  1. Conclusion

Accurate license classification in AWS requires clear differentiation between BYOL and license‑included workloads. While earlier platform limitations necessitated extension, ServiceNow’s continued evolution toward instance‑based discovery significantly strengthens native support for this requirement.

The experience outlined here highlights the importance of designing upgrade‑safe solutions while remaining responsive to platform advancements. By revisiting custom logic as native capabilities mature, organizations can maintain accurate, sustainable cloud license governance over time.

0 Helpfuls
  • 48 Views
Version history
Last update:
an hour ago
Updated by:
Contributors