Amazon Web Services (AWS) Resource Inventory

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Amazon Web Services (AWS) Resource Inventory

    The AWS Resource Inventory pattern in ServiceNow Discovery and Service Mapping enables customers to discover and map AWS resources available through the AWS Config Service. It is designed for AWS resources that lack a dedicated discovery pattern, such as AWS Lambda and EC2. This pattern works with ServiceNow platform versions London (Patch 8), Madrid (Patch 2), or later. To leverage this capability, customers may need to update to the latest Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Show full answer Show less

    Key Features

    • Resource Discovery via AWS Config Service: Utilizes AWS Config APIs to discover supported AWS resource types and their tags.
    • Resource Inclusion List: Allows fine-tuning of which AWS resource types are discovered. Customers can customize this list to avoid duplicate discoveries and expand discovery to additional resource types following vendor naming conventions.
    • Discovery Scope and Maintenance: Customizations to the inclusion list must be maintained manually as updates to the application do not overwrite these changes.
    • API Usage: Uses specific AWS API endpoints with required headers to query resources and their tags in the selected AWS regions.
    • Credential Requirements: Requires creation of AWS credentials and use of an AWS management service account (not sub-accounts) to perform discovery.
    • Data Model: Discovered resources are stored as Configuration Items (CIs) with key attributes such as Amazon Resource Name (ARN), name, and resource type, and include CI relationships like “Hosted on” to Logical Datacenters.

    Practical Guidance for ServiceNow Customers

    • Ensure you have appropriate AWS credentials and use the management service account for discovery tasks.
    • Schedule full AWS discovery or select specific inventory patterns to tailor your discovery process.
    • If you have custom AWS discovery patterns, update the Resource Inclusion List to prevent duplicate discoveries by removing overlapping resource types.
    • Maintain customized resource inclusion lists manually after applying modifications to ensure continued accuracy after application updates.
    • Understand the discovered data structure to efficiently integrate AWS resources into your CMDB, supporting better service mapping and operational insight.

    Expected Outcomes

    By implementing the AWS Resource Inventory pattern, ServiceNow customers gain comprehensive visibility into AWS resources that are supported by AWS Config Service, even those lacking dedicated patterns. This enables improved configuration management, dependency mapping, and operational awareness of their AWS environments within ServiceNow’s CMDB. The discovery results include detailed resource attributes and logical relationships, facilitating more effective cloud service management.

    The ServiceNow Discovery and Service Mapping applications can find and map the AWS resources available by AWS Config Service. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Discovery uses the AWS Resource Inventory pattern to discover the resources available through AWS. Use this pattern for AWS resources which do not have a dedicated pattern, such as AWS Lambda or EC2. This pattern is limited to resources that are available from AWS Config Service, as described in the AWS Config Developer Guide.

    You can use this pattern on the ServiceNow platform using London (Patch 8), Madrid (Patch 2), or later releases.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    • Create AWS credentials.
    • Create an AWS cloud service account.
      You can use only the AWS management service account for discovery, not its sub-accounts.
      Note:
      The Cloud Discovery user interface refers to member accounts as sub-accounts.
    • Discover AWS Datacenters (LDC)
    • Schedule a full AWS discovery or use a specific inventory pattern
    • Fine-tune AWS resource discovery using the Resource Inclusion List.

      If your deployment has custom patterns for AWS discovery, ensure that you do not discover AWS resources twice.

      1. Ensure that the application scope is Discovery and Service Mapping Patterns:
        1. Navigate to Settings > Developer.
        2. Select Discovery and Service Mapping Patterns from the Application list.
      2. Navigate to System Definitions > Tables.
      3. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
      4. Under Related Links, click Show List.
      5. Select resource types for which you have custom patterns, and select Delete from the Actions on selected rows list.
      The Cloud Inventory Resource Inclusion List is predefined with common services. You can expand the list with additional resource types that you want the pattern to discover. The names of these resource types must conform to the appropriate vendor naming conventions.
      Note:
      When you modify the out-of-the-box inclusion list, it is no longer updated automatically in application updates. You need to maintain the customized list on your own.
      1. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
      2. Click New.
      3. Fill in the form, and then click Submit.
        Field Description
        Cloud Vendor The vendor of the resource type: AWS.
        Resource Type The AWS resource type value. For example, AWS::CloudWatch::Alarm.
        Application The application scope: Discovery and Service Mapping Patterns.

      The changes are applied the next time you run the pattern.

    • To discover the resources that support the AWS Config service, the pattern uses API: https://config.[AWS region].amazonaws.com. It specifies the resource type in the API request using the following format: {"resourceType":"AWS::[RESOURCE]::[TYPE]"}

      The POST method requires the following headers:

      • X-Amz-Target - StarlingDoveService.ListDiscoveredResources​
      • Accept - application/json​
      • Content-Type - application/x-amz-json-1.1​
    • To discover the resource tags for resources that support tags, the pattern uses API: https://tagging.[AWS region].amazonaws.com. It specifies the resource type in the API request using the following format: {"ResourceTypeFilters": [“[resource]:[type]"]}

      The POST method requires the following headers:

      • X-Amz-Target - ResourceGroupsTaggingAPI_20170126.GetResources​
      • Accept - application/json​
      • Content-Type - application/x-amz-json-1.1​

    Data collected by Discovery during horizontal discovery

    Table and field Description
    Main CI [cmdb_ci_cmp_resource]
    object_id The ID of the item. This is typically the Amazon Resource Name (ARN).
    name Name of the resource.
    resource_type The asset resource type, based on the contents of the JSON file.
    description Short description of how the CI is populated.

    CI relationships

    The AWS Resource Inventory pattern creates the following CI relationship:
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on :: Hosts Logical Datacenter [cmdb_ci_logical_datacenter]

    The following is a dependency view of the collected data flow.

    Figure 1. AWS Resource Inventory dependency view
    AWS Resource Inventory dependency view