AWS CloudTrail Trail pattern-based discovery

  • Release version: Xanadu
  • Updated June 16, 2026
  • 1 minute to read

    • Discovery and Service Mapping Patterns finds AWS services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Pattern-based discovery and mapping requirements

    Verify the AWS discovery prerequisites
    For more information, see the prerequisites section in Amazon AWS Cloud components discovery using patterns.
    Remove resources from the Resource Inclusion List table
    Verify that the relevant resource isn't listed in the Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table to avoid duplicate discovery. For more information on removing resources from the Resource Inclusion List, see Amazon Web Services (AWS) Resource Inventory.
    Enable the relevant pattern
    The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
    Configure the Discovery schedule to support GovCloud
    Discovering AWS GovCloud (US) accounts requires using a datacenter URL when setting up an AWS service account. For more information, see Create AWS service accounts.

    Data stored in CMDB tables

    Discovery and Service Mapping Patterns application populates data in the CMDB when running the Amazon AWS - CloudTrail Trail - Extended Inventory (LP) pattern.

    Table 1. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Object ID [object_id] The Amazon Resource Name (ARN) uniquely identifying the CloudTrail trail.
    Name [name] The name of the CloudTrail trail.
    Resource type [resource_type] Type of resource. The value is set to AWS::CloudTrail::Trail.
    Install Status [install_status] Install status of the resource. Default value is Installed.
    Operational status [operational_status] Operational status of the resource. Default value is Operational.

    CI relationships

    The Amazon AWS - CloudTrail Trail - Extended Inventory (LP) pattern creates these relationships to support AWS CloudTrail Trail discovery.

    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]

    AWS tag discovery

    The pattern collects tags and populates them in the Key Value [cmdb_key_value] table.
    Table 2. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.