Amazon Web Services (AWS) Resource Inventory

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Amazon Web Services (AWS) Resource Inventory

    The AWS Resource Inventory pattern in ServiceNow Discovery and Service Mapping enables customers to discover and map AWS resources that are available through the AWS Config Service. This pattern is particularly useful for AWS resources without dedicated discovery patterns, such as AWS Lambda or EC2 instances. It works with ServiceNow versions London (Patch 8), Madrid (Patch 2), or later, and requires the latest Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Show full answer Show less

    Key Features

    • Resource Discovery: Uses the AWS Config Service API to identify supported AWS resources and their tags.
    • Resource Inclusion List: Allows fine-tuning which AWS resource types to discover by modifying the Cloud Inventory Resource Inclusion List table. This helps avoid duplicate discoveries if custom patterns exist.
    • CI Relationships: Establishes relationships in the CMDB, linking AWS resources (cmdbcicmpresource) to logical datacenters (cmdbcilogicaldatacenter) via “Hosted on :: Hosts” relationships.
    • API Integration: Utilizes AWS APIs for resource and tag discovery, specifying resource types and using appropriate authentication headers to retrieve data.

    Practical Considerations for ServiceNow Customers

    • Prerequisites: Create AWS credentials and a cloud service account dedicated to discovery (management accounts only, not sub-accounts).
    • Pattern Configuration: Ensure you are in the Discovery and Service Mapping Patterns application scope when modifying the resource inclusion list.
    • Customization: When you customize the resource inclusion list, you must maintain it manually, as it will no longer update automatically with future application updates.
    • Discovery Execution: Run full AWS discovery or targeted inventory patterns to collect resource information and map dependencies accurately in the CMDB.

    Expected Outcomes

    By using the AWS Resource Inventory pattern, ServiceNow customers can automatically identify and map a wide range of AWS resources through AWS Config, enhancing visibility into their cloud environment. This improves asset management, supports accurate CMDB population, and facilitates better operational decision-making. The resulting configuration items include resource identifiers, names, types, descriptions, and their relationships to datacenters, enabling comprehensive dependency views and service mapping.

    The ServiceNow Discovery and Service Mapping applications can find and map the AWS resources available by AWS Config Service. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Discovery uses the AWS Resource Inventory pattern to discover the resources available through AWS. Use this pattern for AWS resources which do not have a dedicated pattern, such as AWS Lambda or EC2. This pattern is limited to resources that are available from AWS Config Service, as described in the AWS Config Developer Guide.

    You can use this pattern on the ServiceNow platform using London (Patch 8), Madrid (Patch 2), or later releases.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    • Create AWS credentials.
    • Create an AWS cloud service account.
      You can use only the AWS management service account for discovery, not its sub-accounts.
      Note:
      The Cloud Discovery user interface refers to member accounts as sub-accounts.
    • Discover AWS Datacenters (LDC)
    • Schedule a full AWS discovery or use a specific inventory pattern
    • Fine-tune AWS resource discovery using the Resource Inclusion List.

      If your deployment has custom patterns for AWS discovery, ensure that you do not discover AWS resources twice.

      1. Ensure that the application scope is Discovery and Service Mapping Patterns:
        1. Navigate to Settings > Developer.
        2. Select Discovery and Service Mapping Patterns from the Application list.
      2. Navigate to System Definitions > Tables.
      3. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
      4. Under Related Links, click Show List.
      5. Select resource types for which you have custom patterns, and select Delete from the Actions on selected rows list.
      The Cloud Inventory Resource Inclusion List is predefined with common services. You can expand the list with additional resource types that you want the pattern to discover. The names of these resource types must conform to the appropriate vendor naming conventions.
      Note:
      When you modify the out-of-the-box inclusion list, it is no longer updated automatically in application updates. You need to maintain the customized list on your own.
      1. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
      2. Click New.
      3. Fill in the form, and then click Submit.
        Field Description
        Cloud Vendor The vendor of the resource type: AWS.
        Resource Type The AWS resource type value. For example, AWS::CloudWatch::Alarm.
        Application The application scope: Discovery and Service Mapping Patterns.

      The changes are applied the next time you run the pattern.

    • To discover the resources that support the AWS Config service, the pattern uses API: https://config.[AWS region].amazonaws.com. It specifies the resource type in the API request using the following format: {"resourceType":"AWS::[RESOURCE]::[TYPE]"}

      The POST method requires the following headers:

      • X-Amz-Target - StarlingDoveService.ListDiscoveredResources​
      • Accept - application/json​
      • Content-Type - application/x-amz-json-1.1​
    • To discover the resource tags for resources that support tags, the pattern uses API: https://tagging.[AWS region].amazonaws.com. It specifies the resource type in the API request using the following format: {"ResourceTypeFilters": [“[resource]:[type]"]}

      The POST method requires the following headers:

      • X-Amz-Target - ResourceGroupsTaggingAPI_20170126.GetResources​
      • Accept - application/json​
      • Content-Type - application/x-amz-json-1.1​

    Data collected by Discovery during horizontal discovery

    Table and field Description
    Main CI [cmdb_ci_cmp_resource]
    object_id The ID of the item. This is typically the Amazon Resource Name (ARN).
    name Name of the resource.
    resource_type The asset resource type, based on the contents of the JSON file.
    description Short description of how the CI is populated.

    CI relationships

    The AWS Resource Inventory pattern creates the following CI relationship:
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on :: Hosts Logical Datacenter [cmdb_ci_logical_datacenter]

    The following is a dependency view of the collected data flow.

    Figure 1. AWS Resource Inventory dependency view
    AWS Resource Inventory dependency view