Add an AWS service account to the cloud account

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • During Cloud Provisioning and Governance Day 1 setup, you added one service account to the cloud account. To compartmentalize your infrastructure or to include different datacenters, you can add another service account. A particular datacenter, however, cannot be selected in more than one service account in a cloud account.

    Avant de commencer

    Role required: sn_cmp.cloud_admin

    Pourquoi et quand exécuter cette tâche

    A service account is a secure record on your instance that stores the credential and access information for your provider account. Discovery uses the information to access your provider account to get data on each resource in each specified datacenter.
    In this example, you added the service account named ProviderB-ServiceAccount-1 and selected three datacenters to include in the cloud account:
    Figure 1. A service account with three selected datacenters
    A second service account with three selected datacenters
    Important :
    In a cloud account, you cannot select a particular datacenter in two different service accounts.

    Procédure

    1. Navigate to Cloud Admin Portal > Service Accounts.
    2. Click New, enter a unique and meaningful Name, and then fill in the form.
      Tableau 1. Cloud Service Account form
      Field Description
      Name The unique and meaningful name for this service account.
      Account ID 12-digit user account number. Expand the list under the AWS account name on the AWS Management Console to view the number.
      Important :
      In the Account ID field, remove the hyphen characters (-) from the number.
      Figure 2. IAM user account number
      Determine the IAM user account number to fill in the Account ID field
      Discovery credentials

      The credentials needed for ServiceNow applications to access this account. You may configure this field at a later stage, while configuring access to AWS accounts.

      • If you configured AWS credentials at ServiceNow AI Platform , select the magnifying glass icon, and then select the name of the relevant AWS credential.
      • To use other AWS accounts to access this account, leave the field blank. For example, you don't need to specify the AWS credentials for accounts assuming IAM roles or member accounts using their management account for access.
      Datacenter URL

      URL of the datacenter.

      This field is required for AWS China region and AWS GovCloud (US) accounts.

      For example:
      • AWS China region: https://organizations.cn-northwest-1.amazonaws.com.cn
      • AWS GovCloud (US): https://ec2.us-gov-west-1.amazonaws.com
      Datacenter type Type of the datacenter where the account is hosted.

      Select AWS datacenter.
      Datacenter discovery status Auto-generated value: Status and timestamp of the last execution of Discovery on the datacenter.
      Parent account Name of the management account that represents the organization in AWS that this member account belongs to.

      It appears when you select AWS datacenter.

      Leave the field empty if this account is not part of an AWS organization.
      Is master account Management account flag.

      It appears when you select AWS datacenter from the Datacenter Type drop-down. Select the check box to associate the AWS service account with the management account. Select this check box only for accounts that you previously configured in the AWS Management Console as management accounts with some member accounts belonging to them. See the AWS documentation for information on AWS Organizations.

      Remarque :
      You will need to setup the correct permission in AWS or the Organization role for a standard credential. For more information, see Control AWS access and permissions using policies.
      Accessor account Name of the trusted account.

      Configure this field only for accounts that don't use permanent AWS credentials and rely on IAM roles for access.
    3. Click Update or Submit.
      The system creates the service account and displays the list of all discovered datacenters.
    4. Repeat the process to add as many service accounts as needed.