Amazon Cognito discovery

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 3 minutes de lecture

    • The ServiceNow Discovery and Service Mapping applications use the Amazon AWS Cognito pattern to provide authentication, authorization, and user management functions for AWS customers. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    You can use this pattern on the ServiceNow AI Platform using London Patch 8, Madrid Patch 2, or later releases.

    Request apps on the Store

    Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    User permissions
    Provide user with read-only permission to run the following API:
    • https://cognito-idp.<region>.amazonaws.com
    • Method: POST
    • Body: {\"MaxResults\": 10}
    • Headers: X-Amz-Target:AWSCognitoIdentityProviderService.ListUserPools,Content-Type:application/x-amz-json-1.0
    AWS Credentials
    On your instance, configure credentials of type AWS Credentials and set to Active.
    Cloud service account
    On your instance, configure the cloud service account of type AWS Datacenter and set to AWS account ID. Use the credentials defined in the preceding AWS Credentials.
    Discovery schedule
    Create a cloud application schedule for discovering AWS Cognito and configure the attributes. Set Discovery to Cloud application.
    Execution pattern
    Create and define the serverless execution pattern for cloud application discovery.
    1. Create new Cloud Execution Patterns.
    2. Define Name.
    3. Verify that Active is true.
    4. Verify that Domain is global.
    5. Choose the AWS pattern you want to run.
    6. Create multiple records if you want to run more than one pattern.
    Discovery schedule for full AWS discovery
    Create a discovery schedule from your Cloud service account created in the earlier procedure.
    1. Click on Discover Datacenter and wait for it to finish.
    2. Click Create Discovery Schedule.
    3. This new schedule is created under the Discovery Schedule and runs all AWS patterns.

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    Remarque :
    You can test the AWS REST APIs using Postman API platform. For more information, see the How to test AWS REST API using POSTMAN [KB0782183] article in the Now Support Knowledge Base.

    Data collected by Discovery and Service Mapping during horizontal and top-down discovery

    The AWS Cognito pattern collects data.

    Tableau 1. Collected information from the AWS Cognito pattern
    Field Description
    Main CI: cmdb_ci_cloud_authentication
    name A descriptive name used to identify the user pool.
    object_id This is equal to the account_id and used by IRE identification rules.
    Fqdn Example of an ARN: arn:aws:cognito-idp:eu-west-1:751200741520:userpool/eu-west-1_fim5E2mix

    Tags are also being collected by an extension section that runs following the pattern. The tagging API for AWS specifies the resource type Cognito.

    Tableau 2. Collected information from the AWS Cognito tags
    Field Description
    cmdb_key_value
    key The actual tag key.
    value The tag value.
    configuration_item The unique resource ID (ARN) that identifies the resource in the AWS console.

    CI relationships

    The AWS Cognito pattern creates the following CI relationship.
    CI Relationship CI
    Cloud authentication [cmdb_ci_cloud_authentication] Hosts:Hosted on Logical datacenter [cmdb_ci_logical_datacenter]

    Troubleshooting

    If the mapping process does not proceed as you expected, follow the following suggestions.
    Symptom Cause Solution
    Discovery fails. The discovery message contains the information about an error caused by the REST timeout. There are many CIs sending the REST call response in the deployment. The MID Server cannot process the REST call response without exceeding the time limit controlled by the mid.sa.cloud.request_timeout parameter. By default, the mid.sa.cloud.request_timeout parameter is set to 30000 milliseconds.
    Increase the value of this parameter on the relevant MID Server and run discovery again.
    Remarque :
    If the Configuration Parameters related list for the relevant MID Server does not show this parameter, you may need to add it.
    Pattern Designer fails during a debug session. The Pattern Designer message contains information about an error caused by a timeout. The Pattern Designer fails because of a timeout during pattern debugging (and not during discovery). By default, the sa.debugger.max_timeoutparameter is set to 240 seconds.

    Increase the value of this parameter on the relevant MID Server.