AWS Resource Inventory discovery with Patterns

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AWS Resource Inventory discovery with Patterns

    ServiceNow’s Discovery and Service Mapping applications can identify and map AWS resources using the AWS Resource Inventory pattern. This pattern is designed to discover AWS resources available through the AWS Config Service, especially for those resources without dedicated patterns such as AWS Lambda and EC2. It supports ServiceNow platform releases London (Patch 8), Madrid (Patch 2), and later.

    Show full answer Show less

    Prerequisites and Setup

    • Create AWS credentials and an AWS cloud service account; discovery requires the AWS management service account, not sub-accounts.
    • Schedule full AWS discovery or select specific inventory patterns as needed.
    • Fine-tune discovery by managing the Cloud Inventory Resource Inclusion List to avoid duplicate discoveries if custom AWS patterns exist.
    • Ensure the application scope is set to Discovery and Service Mapping Patterns when configuring resources.

    Resource Inclusion List Management

    The Cloud Inventory Resource Inclusion List controls which AWS resource types the pattern discovers. Customers can:

    • Remove resource types with existing custom patterns to prevent duplicate discovery.
    • Add new resource types by entering the vendor (AWS), resource type (e.g., AWS::CloudWatch::Alarm), and application scope.
    • Note that once customized, this list is not automatically updated during application updates and must be maintained manually.

    Discovery API Usage

    The pattern uses AWS Config Service APIs to discover resources and their tags:

    • Resource discovery API endpoint: https://config.[AWS region].amazonaws.com with POST method and specific headers.
    • Resource tagging API endpoint: https://tagging.[AWS region].amazonaws.com to retrieve tags for supported resources.

    Data Collected and Relationships

    The discovery collects key resource data stored in the cmdbcicmpresource table, including:

    • objectid: Usually the Amazon Resource Name (ARN).
    • name: Resource name.
    • resourcetype: AWS resource type as per JSON data.
    • description: How the configuration item (CI) is populated.

    The pattern also creates CI relationships, such as linking AWS Cloud Resources to Logical Datacenters with a "Hosted on :: Hosts" relationship.

    Practical Benefits for ServiceNow Customers

    • Enables comprehensive discovery of AWS resources, including those without dedicated patterns, improving cloud asset visibility.
    • Supports customization and fine-tuning to align discovery with unique organizational environments and avoid duplication.
    • Facilitates integration of AWS resource data into the ServiceNow CMDB with accurate relationships, assisting in service mapping and impact analysis.
    • Leverages AWS Config and Tagging APIs to ensure up-to-date and tagged resource information is captured.

    The ServiceNow Discovery and Service Mapping applications can find and map the AWS resources available by AWS Config Service. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Discovery uses the AWS Resource Inventory pattern to discover the resources available through AWS. Use this pattern for AWS resources which do not have a dedicated pattern, such as AWS Lambda or EC2. This pattern is limited to resources that are available from AWS Config Service, as described in the AWS Config Developer Guide.

    You can use this pattern on the ServiceNow platform using London (Patch 8), Madrid (Patch 2), or later releases.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    • Create AWS credentials.
    • Create an AWS cloud service account.
      You can use only the AWS management service account for discovery, not its sub-accounts.
      Note:
      The Cloud Discovery user interface refers to member accounts as sub-accounts.
    • Discover AWS Datacenters (LDC)
    • Schedule a full AWS discovery or use a specific inventory pattern
    • Fine-tune AWS resource discovery using the Resource Inclusion List.

      If your deployment has custom patterns for AWS discovery, ensure that you do not discover AWS resources twice.

      1. Ensure that the application scope is Discovery and Service Mapping Patterns:
        1. Navigate to Settings > Developer.
        2. Select Discovery and Service Mapping Patterns from the Application list.
      2. Navigate to System Definitions > Tables.
      3. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
      4. Under Related Links, click Show List.
      5. Select resource types for which you have custom patterns, and select Delete from the Actions on selected rows list.
      The Cloud Inventory Resource Inclusion List is predefined with common services. You can expand the list with additional resource types that you want the pattern to discover. The names of these resource types must conform to the appropriate vendor naming conventions.
      Note:
      When you modify the out-of-the-box inclusion list, it is no longer updated automatically in application updates. You need to maintain the customized list on your own.
      1. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
      2. Click New.
      3. Fill in the form, and then click Submit.
        Field Description
        Cloud Vendor The vendor of the resource type: AWS.
        Resource Type The AWS resource type value. For example, AWS::CloudWatch::Alarm.
        Application The application scope: Discovery and Service Mapping Patterns.

      The changes are applied the next time you run the pattern.

    • To discover the resources that support the AWS Config service, the pattern uses API: https://config.[AWS region].amazonaws.com. It specifies the resource type in the API request using the following format: {"resourceType":"AWS::[RESOURCE]::[TYPE]"}

      The POST method requires the following headers:

      • X-Amz-Target - StarlingDoveService.ListDiscoveredResources​
      • Accept - application/json​
      • Content-Type - application/x-amz-json-1.1​
    • To discover the resource tags for resources that support tags, the pattern uses API: https://tagging.[AWS region].amazonaws.com. It specifies the resource type in the API request using the following format: {"ResourceTypeFilters": [“[resource]:[type]"]}

      The POST method requires the following headers:

      • X-Amz-Target - ResourceGroupsTaggingAPI_20170126.GetResources​
      • Accept - application/json​
      • Content-Type - application/x-amz-json-1.1​

    Data collected by Discovery during horizontal discovery

    Table and field Description
    Main CI [cmdb_ci_cmp_resource]
    object_id The ID of the item. This is typically the Amazon Resource Name (ARN).
    name Name of the resource.
    resource_type The asset resource type, based on the contents of the JSON file.
    description Short description of how the CI is populated.

    CI relationships

    The AWS Resource Inventory pattern creates the following CI relationship:
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on :: Hosts Logical Datacenter [cmdb_ci_logical_datacenter]

    The following is a dependency view of the collected data flow.

    Figure 1. AWS Resource Inventory dependency view
    AWS Resource Inventory dependency view