Create an assume role configuration

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Create a service account assume role configuration to facilitate cross-account access that is from a management account to a member account or from a trusted account to a trusting account. All the related member accounts or trusted accounts are automatically loaded avoiding the need to add account individually.

    Before you begin

    Make sure that the accessor account credentials are configured in the ServiceNow AI Platform.

    Role required: sn_itom_ccg.scheduling_admin

    About this task

    If permanent credentials aren't defined for the member account, Cloud Configuration Governance checks the Cloud Service Account Assume Role Config [sn_itom_ccg_service_account_assume_role_config] table to identify the special configuration associated with the management account, and then uses the management account credentials to generate temporary credentials for the member accounts. If the configuration exists in the table, Cloud Configuration Governance uses the temporary credentials acquired by specifying a role and its configuration in the Amazon Web Services (AWS) Security Token Services API AssumeRole action.

    Procedure

    1. Navigate to All > Cloud Configuration Governance > Assume Role Config.
    2. Select New.
    3. Fill the values on the Service Account Assume Role Config form.
      For a description of the form fields, see Cloud Configuration Governance Service Account Assume Role Config form.
    4. Select Submit.