Executing scripts required for setting up AWS

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：12分

You must execute scripts provided with the Service Graph Connector for AWS to set up the AWS environment for importing data.

重要:

Before executing an AWS script, ensure that you have completed the prerequisites. See Prerequisites for executing scripts.

The AWS scripts provided with the connector configure AWS resources to import the configuration items (CIs) data into the CMDB. To learn more, see AWS resources used by the Service Graph Connector for AWS.

Based on the AWS environment requirements, the scripts provided with the Service Graph Connector for AWS are categorized as described in the following table.

Basic scripts Scripts for configuring the AWS environment to import data by using the connector.

Deep discovery scripts Scripts for setting up deep discovery on Amazon Elastic Compute Cloud (Amazon EC2) instances.

Amazon EKS scripts Scripts for setting up Amazon Elastic Kubernetes Service (EKS) clusters.

Basic scripts

Use the basic scripts to configure the AWS environment for importing data using the Service Graph Connector for AWS.

The following table describes the basic AWS scripts available with the connector, the input parameters entered when executing a script, the conditions to execute the scripts, and the script execution results.

表 : 1. Basic script details
Script	Input parameters	Execution condition	Result
EnableAWSConfig.yml	None	Execute the script in all the AWS accounts and AWS regions by creating a CloudFormation StackSet in the management account. See Create a stack set on the AWS documentation site.	Enables the AWS Config recorder.
CreateServiceNowUser.yml	SNUserName Name of the ServiceNow IAM user that was created as part of the setup. See Prerequisites for executing scripts. Default value: `NOWSGCUser` MbrActRoleName Name of the ServiceNow IAM role that was created as part of the setup. See Prerequisites for executing scripts. Default value: `SnowOrganizationAccountAccessRole`	Execute the script by creating a stack either in the management account or in a designated member account. See Creating a stack on the AWS CloudFormation console on the AWS documentation site.	Creates the ServiceNow IAM user.
CreateSnowOrganizationAccountAccessRoleInMemberAccount.yml	ACNNBR Management account ID when the ServiceNow IAM user is in a management account Or Designated member account ID when the ServiceNow IAM user is in a designated member account. S3Bucket Amazon S3 bucket name to get the `SendCommand` output. ServiceNowUserName Name of the ServiceNow IAM user that was created as part of the setup. See Prerequisites for executing scripts. Default value: `NOWSGCUser`	Execute the script in all the AWS accounts by creating a CloudFormation StackSet in the management account. See Create a stack set on the AWS documentation site.	Enables read-only IAM policies, roles, and groups for the ServiceNow IAM user.
SnowDesignatedAccountAccessRoleInManagementAccount.yml	MEMBERACTNBR Member account ID where the ServiceNow IAM user was created.	Execute the script by creating a stack in the management account. See Creating a stack on the AWS CloudFormation console on the AWS documentation site. 注: Use the `SnowDesignatedAccountAccessRoleInManagementAccount.yml` script only when the ServiceNow IAM user was created in a member account.	Creates the ServiceNow IAM role in the management account.
AWS-SystemsManager-AutomationExecutionRole.yml	None	Execute the script in all the AWS accounts by creating a CloudFormation StackSet in the management account. See Create a stack set on the AWS documentation site.	Provisions the execution role necessary to run automations in member accounts. A prerequisite for configuring Systems Manager Automation.
AWS-SystemsManager-AutomationAdministrationRole.yml	None	Execute the script by creating a stack in the management account. See Creating a stack on the AWS CloudFormation console on the AWS documentation site.	Provisions the administrator role in the management account necessary to run cross-account automation across multiple accounts. A prerequisite for configuring Systems Manager Automation.

Deep discovery scripts

Use the deep discovery scripts to set up deep discovery on Amazon EC2 instances.

注:

Execute the deep discovery scripts only when you want to perform deep discovery on EC2 instances.

The following table describes the deep discovery scripts, the input parameters entered when executing a script, the conditions to execute the scripts, and the script execution results.

表 : 2. Deep discovery script details
Script	Input parameters	Execution condition	Result
AmazonSSMForInstancesRoleSetup.yml	S3Bucket S3 bucket name that collects the details from EC2 instances. See Prerequisites for executing scripts.	Execute the script in all the AWS accounts by creating a CloudFormation StackSet in the management account. See Create a stack set on the AWS documentation site.	Creates the AmazonSSMForInstancesRole IAM instance profile role to be attached to the EC2 instances.
SG-AWS-RunShellScript-Setup.yml	None	Execute the script in all the AWS accounts and the AWS regions by creating a CloudFormation StackSet in the management account. AWS administrators must update SSM documents and verify that EC2 instances can execute relevant commands for proper integration. See Create a stack set on the AWS documentation site.	Creates AWS Systems Manager (SSM) documents to fetch deep discovery data from a Linux EC2 instance. Retrieves version details for middleware applications, including Apache HTTP server, Nginx server, Apache Tomcat server, and MySQL instance.
SG-AWS-RunPowerShellScript-Setup.yml	None	Execute the script in all the AWS accounts and the AWS regions by creating a CloudFormation StackSet in the management account. See Create a stack set on the AWS documentation site.	Creates AWS SSM documents to fetch deep discovery data from a Windows EC2 instance.

Amazon EKS scripts

Use the Amazon EKS scripts to set up Amazon Elastic Kubernetes Service (EKS) clusters.

注:

Execute the Amazon EKS scripts only when the Amazon EKS service for Kubernetes clusters is required.

The following table describes the Amazon EKS scripts, the conditions to execute the scripts, and the script execution results.

表 : 3. Amazon EKS script details
Script	Execution condition	Result
SG-AWS-RunKubeCtlEKSNamesShellScript.yml	Execute the script in all the AWS accounts and the AWS regions where the EC2 Bastion hosts are located by creating a CloudFormation StackSet in the management account. See Create a stack set on the AWS documentation site.	Creates an AWS SSM document to discover EKS clusters associated with EC2 Bastion hosts. 注: An AWS Cloud administrator can update the SSM document in their AWS setup.
SG-AWS-RunKubeCtlShellScript.yml	Execute the script in all the AWS accounts and the AWS regions where the EC2 Bastion hosts are located by creating a CloudFormation StackSet in the management account. See Create a stack set on the AWS documentation site.	Creates an AWS SSM document to fetch CIs related to Kubernetes components, such as pods, services, and deployments, from EKS clusters. 注: An AWS Cloud administrator can update the SSM document in their AWS setup.