Configuring Cloud Account Management
Configuring the Cloud Account Management application involves a set of required tasks, integrations, and setups to be completed before initiating service account creation and provisioning.
The steps involved are different for AWS and Azure. These configurations are listed in the following tables.
| No. | Task | Task Owner | Impacted Feature | Input | Output | Purpose |
|---|---|---|---|---|---|---|
| 1 |
|
Email Admin | Create an account | None | Email Alias | A single AD email across multiple AWS accounts streamlines management, enhances security, and boosts collaboration. |
| 2 | Set up an Identity Access Manager account for a ServiceNow user in AWS |
AWS Admin | All features | None |
AWS Access Key AWS Secret Key |
A centralized IAM user in the management account efficiently manages multiple AWS accounts via a CloudFormation template. |
| 3 | Set up suspension of an AWS account using service control policy |
AWS Admin | Account suspension | None | SCP Policy ID | Adding an account number to the AWS organization's Service Control Policy blocks the creation of new resources and helps prevent overspending, while existing resources remain unaffected. |
| 4 | Setting up Terraform and GitHub 注:
This step isn’t required if cloud native interface is used for provisioning the account. |
Terraform Admin DevOps Admin |
Create an account for AWS |
AWS Access Key AWS Secret Key |
Terraform API Key Token Terraform OAuth Token ID Terraform Org VCS Identifier Terraform URL |
GitHub templates deployed to Terraform Cloud or Enterprise streamline account creation and promote consistent configurations. |
| 5 | Create a cloud native interface account configuration 注: This step isn’t required if Terraform is used for provisioning the account. |
ServiceNow AI Platform Admin | Create an account for Cloud Native Interface | None | None | No additional procedure is needed for cloud native interface. You can proceed to Install Cloud Workspace. |
| 6 | ServiceNow AI Platform Admin | All features | Discovery Credentials |
Cloud Organization AWS Org Unit Cloud Service Account |
Cloud Discovery or Service Graph Connector for AWS to import cloud organization structures and create subscription accounts. | |
| 7 | Provisioning modes for Cloud Account Management in Cloud Workspace |
ServiceNow AI Platform Admin | Create an account |
Email Alias Terraform Cloud API Key Token Terraform Cloud OAuth Token ID Terraform Cloud Org VCS Identifier |
None | Streamline provisioning with flexible modes like Terraform and cloud native interface, centralizes management, enhances security, optimizes costs, and improves governance. |
| 8 | ServiceNow AI Platform Admin | Visualization | None | None | Data visualization requires scanning all account violations based on the policy set. | |
| 9 | ServiceNow AI Platform Admin | All features | None | None | Confirm that members are assigned to the correct group for them to perform the account request, approval, provisioning, and certification process. Assign members to the correct groups for proper permissions, helping prevent unauthorized access and promoting security. | |
| 10 | Cloud Workspace Admin | All features | None | None | Configure before creating, suspending, or scanning accounts. | |
| 11 | Review default Cloud Account Management certification policy |
Cloud Workspace Admin | All features | None | None | Certify all cloud service accounts either created or boarded after discovery can be certified. The admin can also customize the default policy or create a policy. The default policy helps to certify all the available cloud service accounts once every 90 days. |
| 12 | Cloud Workspace Admin | All features | None | None |
Request Policies are rules that govern the behavior of request workflows by applying data checks and conditions. Regularly reviewing and updating these policies confirms that your cloud account request process remains consistent with the procedure for creating cloud subscription accounts. |
| No. | Name | Task Owner | Impacted feature | Input | Output | Purpose |
|---|---|---|---|---|---|---|
| 1 | Azure Admin | Account suspension | None |
OAuth Client ID OAuth Client Secret Tenant ID |
Configure the permission and assign the permission to a user who suspends or reactivates the account. | |
| 2 | ServiceNow AI Platform Admin | All features |
OAuth Client ID OAuth Client Secret Tenant ID |
None | Provide the Azure credentials obtained from your Azure administrator. These credentials are used to create a suspension profile and enables you to suspend temporarily or terminate Azure accounts as needed. | |
| 3 | Create a cloud native interface account configuration 注: This step isn’t required if Terraform is used for provisioning the account. |
ServiceNow AI Platform Admin | Create an account for Cloud Native Interface | None | None | No additional procedure is needed for cloud native interface. You can proceed to Install Cloud Workspace. |
| 4 | ServiceNow AI Platform Admin | All features | Discovery Credentials |
Cloud Organization Azure Management Group Cloud Service Account |
Cloud Discovery import cloud organization structures and create subscription accounts. | |
| 5 | ServiceNow AI Platform Admin | Visualization | None | None | Data visualization requires scanning all account violations based on the policy set. | |
| 6 | ServiceNow AI Platform Admin | All features | None | None | Confirm that members are assigned to the correct group for them to perform the account request, approval, provisioning, and certification process. Assign members to the correct groups for proper permissions, helping prevent unauthorized access and promoting security. | |
| 7 | Cloud Workspace Admin | All features | None | None | Configure before creating, suspending, or scanning accounts. | |
| 8 | Review default Cloud Account Management certification policy |
Cloud Workspace Admin | All features | None | None | Certify all cloud service accounts either created or boarded after discovery can be certified. The admin can also customize the default policy or create a policy. The default policy helps to certify all the available cloud service accounts once every 90 days. |