Skip this procedure if your organization does not use AWS GovCloud
(US).
To securely access data on your provider account, the Discovery process must present appropriate credentials. An AWS GovCloud
(US) region is an isolated AWS region that meets stringent US government security and compliance requirements to host sensitive workloads. Cloud Provisioning and Governance supports all AWS GovCloud
(US) services.
Before you begin
Note:
- ServiceNow® ITOM products are not officially certified or
supported against Germany and China regions.
- Skip this procedure if your organization does not use AWS GovCloud
(US).
- You will need the AWS GovCloud
(US) access key ID and the secret access key that you generated on the AWS Management
Console.
Role required: sn_cmp.cloud_admin
About this task
Cloud Provisioning and Governance accesses GovCloud regions using a set of credentials for each region. To configure Cloud Provisioning and Governance to support a GovCloud region, you create one standard AWS account for each region (required for billing), obtain the credentials for the account, and then create a service
account for the region. For more information on billing, see the "AWS GovCloud (US) Billing and Payment" page in
the AWS documentation.
Procedure
-
On the AWS Management
Console, enter IAM in the AWS services search box to open the Identity and
Access Managements (IAM) service.
-
On the IAM Resources portal, click Users.
-
Create the Discovery user that has programmatic access to your AWS GovCloud
(US) resource and billing data.
-
Select Add user.
On the Details page, configure the user settings, and then select
Next.
| User name |
Name for the programmatic user, for example, servicenowcloud. |
| Access type |
Select Programmatic access. |
-
On the Permissions page, attach the user to a policy by configuring the following settings and then click Next.
| Set permissions for <username> |
Select Attach existing policies directly. |
| Attach one or more policies … |
Select the appropriate policy.
Note: The AdministratorAccess policy has the most powerful permission level, including permission to provision cloud resources. The policy enables the same access that would be granted to
the instance if you were not using IAM and used your AWS account Access Key ID and Secret Access Key. You might instead prefer to create a policy or combine
multiple policies to grant the appropriate permission level. See Control AWS access and permissions using policies for details. |
-
On the Review page, verify your selections and then click Create
user.
-
On the Complete page, perform two steps:
Note: Do not leave the page until you have completed both steps. The
Secret access key value will not appear again.
Paste the values that you generate in these steps into a Cloud Provisioning and Governance form.
- Click Show to display the Secret access key. Copy
the value.
- Click Download .csv to save the CSV-format file
that contains the user name, Access key ID, and the Secret access key
value. You create the file as a backup in the case that you lose the
values. Verify that the file was created and then store the file
securely.
-
On your instance, navigate to .
-
Click New, select AWS
Credentials, enter a unique and meaningful
Name (for example, AWS GovCloud Creds
O1), and then fill in the form.
Table 1. AWS Credentials form fields
| Field |
Input value |
Name |
Unique and descriptive name for the AWS credentials. |
Active |
Option to use the credential. |
Access Key ID |
The Access key ID that you generated on the AWS Management Console, such as: APIAIOSFODNN7EXAMPLE. |
Secret access key |
The Secret access key that you generated on the AWS Management Console, such as: wPalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY. |
-
Click Submit.