AWS Services discovery using patterns

  • Release version: Xanadu
  • Updated April 3, 2025
  • 8 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AWS Services discovery using patterns

    The Discovery and Service Mapping Patterns application in ServiceNow uses Amazon AWS service patterns to perform horizontal discovery of AWS services. This enables automated identification and inventory of numerous AWS resources within your environment. Certain AWS services require the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store to be discoverable. The application also supports AWS GovCloud (US) accounts for specific services.

    Show full answer Show less

    Key Features

    • Supported AWS Services: Includes discovery of services such as AppSync API, Athena Workgroup, Backup Plan and Vault, CloudFront Distribution, CloudWatch Logs, CodeDeploy, CodePipeline, DMS Endpoints, Elastic Beanstalk Applications, EMR clusters, EventBridge, FSx backups, Glue databases, IAM resources, KMS keys, MQ Brokers, S3 Glacier Vaults, SageMaker Notebook Instances, Secrets Manager, SES Identity, SQS Queues, Step Functions State Machines, Storage Gateway, Systems Manager components, Transfer Family Servers, VPC Flow Logs, and X-Ray Sampling Rules.
    • AWS GovCloud (US) Support: Enables discovery of selected services like AppSync API, Elastic Beanstalk, EventBridge, MQ Broker, SQS Queue, Step Functions, and Storage Gateway, requiring use of datacenter URLs during AWS service account setup.
    • Pattern Activation: Patterns are disabled by default and must be enabled to start discovery. Activating or deactivating patterns does not count as customization, ensuring updates continue after upgrades.
    • Data Collection: Discovered data is primarily stored in non-CMDB tables under the AWS section, with some services populating data into specific CMDB tables such as Cloud Resource, Cloud Messaging Service, Cloud App Server, Cloud Function, and Cloud Gateway.
    • CI Relationships: The discovery process creates relationships between discovered AWS resources and underlying AWS datacenters or cloud service accounts, supporting accurate dependency mapping and service context.
    • AWS Tag Discovery: Tags from AWS resources are collected and stored within the Key Value table, enabling tag-based filtering and reporting.
    • Resource Inclusion List: To avoid duplicate discoveries, resources must be verified and removed from the Resource Inclusion List table if necessary.
    • Prerequisites: Customers must verify Amazon AWS discovery prerequisites and properly configure AWS service accounts, including setting datacenter URLs for AWS GovCloud (US).

    Key Outcomes

    • Comprehensive automated discovery of a broad range of AWS services within ServiceNow, increasing visibility into cloud environments.
    • Accurate population of AWS resource data into CMDB and non-CMDB tables, enabling effective cloud service management and operational insights.
    • Improved configuration management through creation of relationships between AWS resources and datacenters or service accounts.
    • Enhanced tagging information availability for resource categorization and governance.
    • Seamless updates and pattern management ensuring ongoing compatibility and feature enhancements without losing configuration state.

    Discovery and Service Mapping Patterns application uses Amazon AWS service patterns to discover Amazon AWS Services during horizontal discovery. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The latest version of Discovery and Service Mapping Patterns supports discovering the following Amazon AWS Services:

    • AppSync API
    • Athena workgroup
    • Backup plan
    • Backup vault
    • CloudFront distribution
    • CloudWatch Logs
    • CodeDeploy deployment
    • CodePipeline pipeline
    • Database Migration Service (DMS) endpoints
    • Elastic BeanStalk Application
    • EMR cluster (running on EC2)
    • EventBridge Event Bus
    • FSx backup
    • FSx file system
    • Glue database
    • IAM policy
    • IAM role
    • IAM user
    • KMS key
    • MQ Broker
    • MQ configuration
    • S3 Glacier Vault
    • SageMaker notebook instance
    • Secrets Manager secret
    • Simple Email Service (SES) Identity
    • SQS Queue
    • Step Functions State Machine
    • Storage Gateway gateway
    • Systems Manager Document
    • Systems Manager Parameter Store
    • Transfer Family server
    • VPC Flow Log
    • VPC-managed prefix list
    • X-Ray sampling rule
    Discovery and Service Mapping Patterns supports AWS GovCloud (US) accounts for the following services:
    • AppSync API
    • Elastic BeanStalk Application
    • EventBridge Event Bus
    • MQ Broker
    • SQS Queue
    • Step Functions State Machine
    • Storage Gateway gateway
    Discovering AWS GovCloud (US) accounts requires using a datacenter URL when setting up an AWS service account. For more information, see Set up AWS service accounts.

    Prerequisites

    Verify Amazon AWS discovery prerequisites
    For more information, see the prerequisites section in Amazon AWS Cloud components discovery using patterns.
    Remove resources from the Resource Inclusion List table
    Verify that the relevant resource isn't listed in the Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table to avoid duplicate discovery. For more information on removing resources from the Resource Inclusion List, see Amazon Web Services (AWS) Resource Inventory.
    Enable the relevant pattern
    The Discovery and Service Mapping Patterns for these services are disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.

    Data collected by Discovery during horizontal discovery

    Discovery populates data for each of the patterns in non-CMDB tables. These tables are listed under All > Configuration > AWS. You can also search the navigation filter for the specific pattern name.

    Figure 1. Navigation example for non-CMDB table AWS Athena Workgroup
    AWS Athena Workgroup non-CMDB table navigation

    Discovery populates data in the Cloud Resource [cmdb_ci_cmp_resource] CMDB table when running the following patterns:

    • Amazon AWS - Athena Workgroup - Extended Inventory (LP)
    • Amazon AWS - Backup Backup Plan - Extended Inventory (LP)
    • Amazon AWS - Backup Backup Vault - Extended Inventory (LP)
    • Amazon AWS - CloudFront Distribution - Extended Inventory (LP)
    • Amazon AWS - CloudWatch Log - Extended Inventory (LP)
    • Amazon AWS - CodeDeploy Deployment - Extended Inventory (LP)
    • Amazon AWS - CodePipeline Pipeline - Extended Inventory (LP)
    • Amazon AWS - DMS Endpoint - Extended Inventory (LP)
    • Amazon AWS - EMR Cluster - Extended Inventory (LP)
    • Amazon AWS - FSx Backup - Extended Inventory (LP)
    • Amazon AWS - FSx File System - Extended Inventory (LP)
    • Amazon AWS - Glue Database - Extended Inventory (LP)
    • Amazon AWS - IAM Policy - Extended Inventory (LP)
    • Amazon AWS - IAM Role - Extended Inventory (LP)
    • Amazon AWS - IAM User - Extended Inventory (LP)
    • Amazon AWS - KMS Key - Extended Inventory (LP)
    • Amazon AWS - MQ Configuration - Extended Inventory (LP)
    • Amazon AWS - S3 Glacier Vault - Extended Inventory (LP)
    • Amazon AWS - SageMaker Notebook Instance - Extended Inventory (LP)
    • Amazon AWS - Secrets Manager Secret - Extended Inventory (LP)
    • Amazon AWS - Simple Email Service Identity - Extended Inventory (LP)
    • Amazon AWS - Systems Manager Document - Extended Inventory (LP)
    • Amazon AWS - Systems Manager Parameter Store - Extended Inventory (LP)
    • Amazon AWS - Transfer Family Server - Extended Inventory (LP)
    • Amazon AWS - VPC Flow Log - Extended Inventory (LP)
    • Amazon AWS - VPC Managed Prefix List - Extended Inventory (LP)
    • Amazon AWS - XRay Sampling Rule - Extended Inventory (LP)
    Table 1. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Name [name] Name of the AWS resource.
    Object ID [object_id] Amazon Resource Name (ARN) for the AWS resource.
    Resource type [resource_type] Type of resource, in the following format— Vendor::Service::Component.

    For example, for the DMS endpoint resource, the value is set to AWS::DMS::Endpoint.
    Install Status [install_status] Install status of the resource. Default value: Installed.
    Operational status [operational_status] Operational status of the resource. Default value: Operational.

    Discovery populates the data in various CMDB tables when running the following patterns.

    Amazon AWS - AppSync API - Extended Inventory (LP)
    Table 2. Cloud Messaging Service [cmdb_ci_cloud_messaging_service]
    Field Description
    Name [name] Name of the AWS AppSync API, which is the GraphQL interface.
    Object ID [object_id] ARN for the API.
    Type [type] Type of resource, in the following format— Vendor::Service::Component.

    The value is set to AWS::AppSync::API.
    Amazon AWS - Elastic BeanStalk Application - Extended Inventory (LP)
    Table 3. Cloud App Server [cmdb_ci_cloud_appserver]
    Field Description
    Name [name] Name of the application.
    Object ID [object_id] ARN of the application.
    Amazon AWS - EventBridge Event Bus - Extended Inventory (LP)
    Table 4. Cloud Messaging Service [cmdb_ci_cloud_messaging_service]
    Field Description
    Name [name] Name of the event bus.
    Object ID [object_id] ARN of the event bus.
    Type [type] Type of resource, in the following format— Vendor::Service::Component.

    The value is set to AWS::EventBridge::EventBus.
    Amazon AWS - MQ Broker - Extended Inventory (LP)
    Table 5. Cloud Messaging Service [cmdb_ci_cloud_messaging_service]
    Field Description
    Name [name] Name of the MQ Broker.

    This value must be unique in the AWS account, between 1-50 characters long, and contain only letters, numbers, dashes, and underscores. For example: MyActiveMQBroker.
    Object ID [object_id] ARN of the MQ Broker.
    Type [type] Type of broker engine. For example: ACTIVEMQ or RABBITMQ.
    Version [version] Version of the broker engine.
    Amazon AWS - SQS Queue - Extended Inventory (LP)
    Table 6. Cloud Messaging Service [cmdb_ci_cloud_messaging_service]
    Field Description
    Name [name] Name of the queue for which you want to fetch the URL. The name can be up to 80 characters long.
    Object ID [object_id] ARN of the queue.
    Type [type] Type of resource, in the following format— Vendor::Service::Component.

    The value is set to AWS::SQS::Queue.
    Amazon AWS - Step Functions State Machine - Extended Inventory (LP)
    Table 7. Cloud Function [cmdb_ci_cloud_function]
    Field Description
    Name [name] Name of the state machine.
    Object ID [object_id] ARN of the state machine.
    Edition [edition] Edition of the state machine. Possible values: STANDARD or EXPRESS.
    Amazon AWS - Storage Gateway Gateway - Extended Inventory (LP)
    Table 8. Cloud Gateway [cmdb_ci_cloud_gateway]
    Field Description
    Name [name] Name you configured for your gateway.
    Object ID [object_id] ARN of the gateway.
    Environment [environment] Type of hardware or software platform on which the gateway runs.

    CI relationships

    Discovery creates these relationships to support the Amazon AWS Services discovery.

    These relationships support the discovery of AWS Services when running the following patterns.
    • Amazon AWS - Athena Workgroup - Extended Inventory (LP)
    • Amazon AWS - Backup Backup Plan - Extended Inventory (LP)
    • Amazon AWS - Backup Backup Vault - Extended Inventory (LP)
    • Amazon AWS - CloudFront Distribution - Extended Inventory (LP)
    • Amazon AWS - CloudWatch Log - Extended Inventory (LP)
    • Amazon AWS - CodeDeploy Deployment - Extended Inventory (LP)
    • Amazon AWS - CodePipeline Pipeline - Extended Inventory (LP)
    • Amazon AWS - DMS Endpoint - Extended Inventory (LP)
    • Amazon AWS - EMR Cluster - Extended Inventory (LP)
    • Amazon AWS - FSx Backup - Extended Inventory (LP)
    • Amazon AWS - FSx File System - Extended Inventory (LP)
    • Amazon AWS - Glue Database - Extended Inventory (LP)
    • Amazon AWS - IAM Policy - Extended Inventory (LP)
    • Amazon AWS - IAM Role - Extended Inventory (LP)
    • Amazon AWS - IAM User - Extended Inventory (LP)
    • Amazon AWS - KMS Key - Extended Inventory (LP)
    • Amazon AWS - MQ Configuration - Extended Inventory (LP)
    • Amazon AWS - S3 Glacier Vault - Extended Inventory (LP)
    • Amazon AWS - SageMaker Notebook Instance - Extended Inventory (LP)
    • Amazon AWS - Secrets Manager Secret - Extended Inventory (LP)
    • Amazon AWS - Simple Email Service Identity - Extended Inventory (LP)
    • Amazon AWS - Systems Manager Document - Extended Inventory (LP)
    • Amazon AWS - Systems Manager Parameter Store - Extended Inventory (LP)
    • Amazon AWS - Transfer Family Server - Extended Inventory (LP)
    • Amazon AWS - VPC Flow Log - Extended Inventory (LP)
    • Amazon AWS - VPC Managed Prefix List - Extended Inventory (LP)
    • Amazon AWS - XRay Sampling Rule - Extended Inventory (LP)
    Table 9. Regional services
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Table 10. Global services
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts Cloud Service Account [cmdb_ci_cloud_service_account]
    These relationships support the discovery of AWS Services when running the following patterns.
    Amazon AWS - AppSync API - Extended Inventory (LP)
    CI Relationship CI
    Cloud Messaging Service [cmdb_ci_cloud_messaging_service] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - Elastic Beanstalk Application - Extended Inventory (LP)
    CI Relationship CI
    Cloud App Server [cmdb_ci_cloud_appserver] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - EventBridge Event Bus - Extended Inventory (LP)
    CI Relationship CI
    Cloud Messaging Service [cmdb_ci_cloud_messaging_service] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - MQ Broker - Extended Inventory (LP)
    CI Relationship CI
    Cloud Messaging Service [cmdb_ci_cloud_messaging_service] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - SQS Queue - Extended Inventory (LP)
    CI Relationship CI
    Cloud Messaging Service [cmdb_ci_cloud_messaging_service] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - Step Functions State Machine - Extended Inventory (LP)
    CI Relationship CI
    Cloud Function [cmdb_ci_cloud_function] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - Storage Gateway Gateway - Extended Inventory (LP)
    CI Relationship CI
    Cloud Gateway [cmdb_ci_cloud_gateway] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]

    AWS Tag discovery

    The pattern collects tags and populates them in the Key Value [cmdb_key_value] table.
    Table 11. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.