Configure MID Server for AWS KMS access
Configure MID Server properties to enable Key Management Service (KMS) key access from the ServiceNow AI Platform® when performing Systems Manager (SSM) Agent discovery.
Before you begin
- You have at least one MID Server installed and in the Up state. For more information, see Install and configure MID Servers to access cloud environments.
- You have an AWS credential that allows the MID Server to access and make API calls into the AWS environment. For more information, see AWS Access for MID Server.
- You created a custom AWS KMS key to encrypt sensitive credentials. For more information, see Create a Customer Managed AWS KMS Key.
Role required: discovery_admin
About this task
Using a dedicated key enhances security by verifying that applicative credentials are encrypted and securely retrieved at runtime, without being exposed in plain text. This step is optional and only necessary if you plan to use applicative credentials during discovery. To configure the MID Server to support secure credential handling during SSM Agent discovery, set the mid.discovery.aws_ssm.kms_key_name property to the name of the AWS KMS key. Then, set the mid.discovery.aws_ssm.kms_key_region property to the region where the key is located.
Procedure
- Navigate to .
- In the Name field, enter mid.discovery.aws_ssm.kms_key_name.
- Double-click the Value field to perform inline editing.
- Enter the name of the KMS key.
-
Select the check mark (
) icon.
- In the Name field, enter mid.discovery.aws_ssm.kms_key_region.
- Double-click the Value field to perform inline editing.
- Enter the name of the region where the KMS key is located.
-
Select the check mark () icon.