AWS API gateway discovery

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AWS API Gateway Discovery

    The ServiceNow Discovery and Service Mapping applications facilitate the identification of AWS API gateways and their connections to other resources. To utilize these capabilities, it is essential to update the Discovery and Service Mapping Patterns application from the ServiceNow Store. This functionality is available starting from the Kingston release.

    Show full answer Show less

    Key Features

    • AWS Service Account: Create a service account with your AWS Account ID and appropriate AWS credentials to enable discovery.
    • Update Set Requirement: For instances on Jakarta or Istanbul versions, import the update set from KB0679927 for AWS Lambda top-down discovery.
    • User Access Permissions: Grant permissions for the apigateway:GET function to the user in the AWS Console, and download the Cloud Discovery patterns spreadsheet to manage permissions and access additional information.
    • Data Collection: Discovery gathers critical data such as Cloud Gateway ID, DNS Name, IP Address, and AWS Resource Name to establish connections.

    Key Outcomes

    By leveraging the AWS API Gateway discovery capabilities, customers can efficiently map application services and understand relationships between various AWS resources. Successful implementation supports enhanced visibility into AWS infrastructure and optimizes service mapping processes. In case of any issues, troubleshooting steps are provided to resolve common problems related to discovery and pattern debugging.

    The ServiceNow Discovery and Service Mapping applications can find AWS API gateways and connections to other entities. Discovering some of these resources requires updating the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Discovery and Service Mapping use the Amazon AWS API Gateway pattern to run horizontal and top-down discovery.

    You can use this pattern on the ServiceNow platform using the Kingston release or later.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    AWS service account with credentials
    On the ServiceNow AI Platform®, set up the service account with the following:
    • An Account ID, which is the Amazon account ID to which API Gateway belongs. Use the Account ID as it appears in the AWS Management Console. You can run discovery from the service account form.
    • The appropriate AWS credentials required for the account ID to reach the AWS cloud.

    Refer to Service accounts for Discovery and Service Mapping in product documentation.

    Update set
    If your instance is on the Jakarta or Istanbul versions, import the update set provided in KB0679927: AWS Lambda top-down discovery update set. This update set is required for Service Mapping.
    User access
    On the AWS Console, provide a user with permissions to run the apigateway:GET function for just the GET action in API Gateway.

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    Note:
    You can test the AWS REST APIs using Postman API platform. For more information, see the How to test AWS REST API using POSTMAN [KB0782183] article in the Now Support Knowledge Base.

    Data collected by Discovery during horizontal discovery

    Table and field Additional information
    Cloud Gateway [cmdb_ci_cloud_gateway]
    Object ID The ID of the gateway.
    Short description The short description of the gateway.
    DNS Name [cmdb_ci_dns_name]
    Name The unique name or IP address of the DNS host.
    IP address The IP address of the DNS host.
    AWS Resource Name Endpoint [cmdb_ci_endpoint_arn]
    Host The hostname or IP address of the endpoint.
    ARN The ID (Amazon Resource Name) of other AWS entities to which the gateway connects.

    Configuration item (CI) Relationships

    These relationships are created to support AWS API Gateway discovery:
    CI Relationship CI
    Cloud Gateway

    [cmdb_ci_cloud_gateway]

    		 Uses:Used by DNS Name

    [cmdb_ci_dns_name]
    Hosted on:Hosts AWS Datacenter [cmdb_ci_aws_datacenter]

    The AWS datacenter has relationships to other AWS CIs, such as availability zones, service accounts, and so on. See AWS and Azure Cloud Discovery in product documentation for additional details.

    Connections discovered by Service Mapping during the top-down discovery

    Service Mapping performs the top-down discovery of the AWS API Gateways in the context of application services. It discovers outgoing connections of the AWS API Gateways:
    • AWS Lambda
    • VPC Link for Virtual Private Cloud
    • HTTP endpoint defined as the configured URL on the API Gateway

    Troubleshooting

    If the mapping process does not proceed as you expected, follow the following suggestions.
    Symptom Cause Solution
    Discovery fails. The discovery message contains the information about an error caused by the REST timeout. There are many CIs sending the REST call response in the deployment. The MID Server cannot process the REST call response without exceeding the time limit controlled by the mid.sa.cloud.request_timeout parameter. By default, the mid.sa.cloud.request_timeout parameter is set to 30000 milliseconds.
    Increase the value of this parameter on the relevant MID Server and run discovery again.
    Note:
    If the Configuration Parameters related list for the relevant MID Server does not show this parameter, you may need to add it.
    Pattern Designer fails during a debug session. The Pattern Designer message contains information about an error caused by a timeout. The Pattern Designer fails because of a timeout during pattern debugging (and not during discovery). By default, the sa.debugger.max_timeoutparameter is set to 240 seconds.

    Increase the value of this parameter on the relevant MID Server.