Create AWS service accounts
Create AWS service accounts on the ServiceNow AI Platform to access your AWS account during AWS discovery.
Avant de commencer
- Retrieve the user account number, which can be found in the AWS Management Console by expanding the list under the AWS account name.
- Confirm that Discovery Admin Workspace is using at least version 1.10.0. The navigation module isn't available with earlier versions. To access Cloud Service Accounts with an earlier version, enter in the navigation filter: cmdb_ci_cloud_service_account.list.
Role required: discovery_admin
Pourquoi et quand exécuter cette tâche
A service account is a secure record on your instance that stores the credential and access information for your provider account. Discovery uses the information to access your provider account to get data on each resource in each specified datacenter. A cloud account is the logical representation in cloud management of all or part of your managed cloud infrastructure. A cloud account can include multiple service accounts—even service accounts from different providers. For each service account, you specify which datacenter to include in the cloud account.
Procédure
-
On the form, fill in the fields.
Tableau 1. Cloud Service Account form Field Description Name The unique and meaningful name for this service account. Account ID 12-digit user account number. Expand the list under the AWS account name on the AWS Management Console to view the number. Important :In the Account ID field, remove the hyphen characters (-) from the number.Figure 1. IAM user account number Discovery credentials The credentials needed for ServiceNow applications to access this account. You may configure this field at a later stage, while configuring access to AWS accounts.
- If you configured AWS credentials at ServiceNow AI Platform , select the magnifying glass icon, and then select the name of the relevant AWS credential.
- To use other AWS accounts to access this account, leave the field blank. For example, you don't need to specify the AWS credentials for accounts assuming IAM roles or member accounts using their management account for access.
Datacenter URL URL of the datacenter.
This field is required for AWS China region and AWS GovCloud (US) accounts.
For example:- AWS China region: https://organizations.cn-northwest-1.amazonaws.com.cn
- AWS GovCloud (US): https://ec2.us-gov-west-1.amazonaws.com
Datacenter type Type of the datacenter where the account is hosted. Select AWS datacenter.
Datacenter discovery status Auto-generated value: Status and timestamp of the last execution of Discovery on the datacenter. Parent account Name of the management account that represents the organization in AWS that this member account belongs to. It appears when you select AWS datacenter.
Leave the field empty if this account is not part of an AWS organization.
Is master account Management account flag. It appears when you select AWS datacenter from the Datacenter Type drop-down. Select the check box to associate the AWS service account with the management account. Select this check box only for accounts that you previously configured in the AWS Management Console as management accounts with some member accounts belonging to them. See the AWS documentation for information on AWS Organizations.
Remarque :You will need to setup the correct permission in AWS or the Organization role for a standard credential. For more information, see Control AWS access and permissions using policies.Accessor account Name of the trusted account. Configure this field only for accounts that don't use permanent AWS credentials and rely on IAM roles for access.