Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

How ServiceNow AWS Spokes Support Multiple Regions with a Single Connection

shreychaudhary
ServiceNow Employee
ServiceNow Employee

yesterday

🌍 Understanding Region Support in ServiceNow’s AWS Spokes

When integrating AWS services with ServiceNow through Integration Hub Spokes, one of the most common questions we hear is:

“Can I use different AWS regions while using a single connection?”

The answer is Yes!

ServiceNow’s AWS Spokes fully support regions — not at the authentication level, but dynamically at the action level, where it actually matters.

 

🔐 Connection Setup — One Connection for All Regions

When you configure a connection alias for any AWS Spoke (e.g., Amazon EC2 or Amazon S3), you only need:

  • Access Key ID
  • Secret Access Key
  • (Optionally, a session token if you’re using temporary credentials)

Notice there’s no region field here.

That’s intentional — ServiceNow’s design keeps your connection region-agnostic, allowing the same connection to work seamlessly across all available AWS regions.

 

⚙️ How Regions Work at the Action Level

 

1. EC2 Example – Create Image

When you use the Create Image action under the Amazon EC2 Spoke, you’ll see a Region field as a dynamic choice.

Here’s what happens behind the scenes:

 

  • The spoke calls AWS’s DescribeRegions API using your credentials.
  • The response returns all AWS regions enabled for your account.
  • These are shown in the dropdown as selectable options (e.g., us-east-1, ap-south-1).

When you select a region, say ap-south-1, the spoke:

 

  • Builds the endpoint https://ec2.ap-south-1.amazonaws.com.
  • Signs the API request using AWS Signature Version 4 with that region.
  • Executes the call to create the image in that specific data center.

This means you can use the same connection to create EC2 resources in any region you choose — simply by picking the desired region from the action input.

 

2. S3 Example – Copy Object

The Copy Object action under the Amazon S3 Spoke provides Source Bucket and Destination Bucket as dynamic fields.

Here’s how it works:

 

  • When you open either dropdown, ServiceNow calls ListBuckets, which is a global S3 API that lists all your buckets, regardless of region.
  • After you select your buckets, ServiceNow automatically calls GetBucketLocation to determine each bucket’s region.
  • When you run the flow, the spoke builds region-specific endpoints for both source and destination and performs the copy securely using SigV4 signing.

So, even if your source bucket is in us-east-1 and the destination is in ap-south-1, ServiceNow handles the routing and signing automatically — no extra configuration required.

 

3. Create Actions – Explicit Region Specification

For actions where you are creating new AWS resources, the region you specify determines where that resource will live.

Examples:

 

  • Create Bucket (S3) → requires you to specify the region where the new bucket should be created.
  • Create Instance (EC2) → you select the region and availability zone for your new EC2 instance.

Here’s what happens internally:

 

  1. You select a region from the action input.
  2. The spoke builds a regional endpoint, for example:

    3.   The API request is signed with that specific region’s credentials and executed in that data center.

 

This ensures that new resources are provisioned exactly where you intend — in the right AWS region — without needing multiple connections or any hardcoded configurations.

 

 🧠 Why This Design Matters

 

Approach Description Flexibility
Region at Connection Level Region fixed during connection setup Requires multiple connections for different regions
Region at Action Level (ServiceNow) Region chosen dynamically per action   One connection supports all regions

 

This architecture ensures:

 

  • Flexibility: Easily switch regions for different actions.
  • Reusability: A single connection alias works across your AWS landscape.
  • Accuracy: Every request is signed for the correct region using SigV4.
  • Compliance: Regional data sovereignty and security standards are always respected.

 

⚙️ Behind the Scenes — The Dynamic Flow

 

Here’s a simplified view of what happens behind every region-enabled AWS action in ServiceNow:

 

  1. Action UI opens → Dynamic inputs trigger AWS APIs like Describe Regions or List Buckets.
  2. You make a selection → The spoke fetches or validates region data.
  3. Action executes → Integration Hub builds the correct endpoint, signs the request with SigV4 using that region, and performs the operation.

 

Key Takeaways

 

  • AWS Spokes in ServiceNow already support regions dynamically.
  • Regions are configurable at the action level, not hardcoded at connection creation.
  • Actions like Create Image, Copy Object, and Create Bucket intelligently use region information to target the correct endpoints.
  • A single AWS connection can securely operate across all AWS regions.

 

 

0 Helpfuls
  • 40 Views
Version history
Last update:
yesterday
Updated by:
ServiceNow Employee
Contributors