Configure the trusting account for Cloud Configuration Governance and Cloud Action Library

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Configure the trusting account whose resources need to be accessed, to rely on the trusted account using the Identity and Access Management (IAM) role.

    Avant de commencer

    • Familiarize yourself with the Amazon documentation on Creating a role to delegate permissions to an IAM user.
    • Decide which Amazon Web Services (AWS) account is going to be the trusted account. You use the trusted account to configure temporary credentials for Cloud Configuration Governance using IAM roles. The trusted account that you use to access other accounts using IAM roles is referred to as an accessor account.
    • Set up the trusted and the trusting account as described in Set up Cloud Configuration Governance for AWS.

    Role required: sn_itom_ccg.scheduling_admin

    Procédure

    1. Create an IAM role for the trusting account and configure the trust relationship between the user assuming this role and the trusted (accessor) account.
      1. Log in to the trusting account on the AWS Management Console.
      2. Create and configure the IAM role specifying the trusted (accessor) account ID in the Account ID field.
        For information on creating AWS roles, see the Amazon documentation.
      3. On the Summary page for the IAM role, select the Trust Relationships tab.
      4. Select Edit trust relationship.
        The Edit Trust Relationship page opens showing the policy document.
      5. Set the AWS parameter to the full user ARN of the trusted (accessor) account.

        Editing trust relationship for the trusting account.
      6. Verify that the Action value is set to sts:AssumeRole.
      7. Select Update Trust Policy.
    2. Configure the trusted service account for the trusting account in the ServiceNow AI Platform.
      1. Navigate to All > Cloud Provisioning and Governance > Service Accounts
      2. Open the trusting account.
      3. On the Cloud Service Account form, enter the name of the trusted account in the Accessor account field.
      4. Select Update.
    3. Create an assume role configuration for the trusting account.
      For more information, see Create an assume role configuration.