Amazon AWS Cloud components discovery using patterns

  • Release version: Yokohama
  • Updated January 30, 2025
  • 28 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Amazon AWS Cloud components discovery using patterns

    This document details how ServiceNow Discovery and Service Mapping Patterns enable automated discovery of Amazon AWS Cloud components during horizontal discovery. It covers prerequisites, configuration steps, data collected, and the relationships established between discovered Configuration Items (CIs). The patterns support comprehensive AWS infrastructure discovery, optimize discovery performance, and improve CMDB data accuracy for ServiceNow customers managing AWS environments.

    Show full answer Show less

    Key Capabilities and Configuration

    • Update and Activation: Ensure the latest Discovery and Service Mapping Patterns app is installed and activate cloud-related CI relationships to integrate discovered components into service maps.
    • AWS Service Accounts Setup: Configure AWS Management Console accounts, including management (parent) and member (child) accounts for AWS Organizations. Use either IAM user policies or configure the MID Server for AWS IAM roles to enable discovery with appropriate permissions.
    • Discovery Scheduling and Optimization: Create AWS discovery schedules via the Discovery Admin Workspace. Starting with version 1.29.0, optimize discovery by limiting it to datacenters that contain resources, significantly improving performance and reducing unnecessary scanning.
    • Support for AWS Regions: Discovery supports AWS services in standard regions and the China region with specific configuration for region URLs and credentials.
    • Enhanced Query Performance: From version 1.30.2, populate Service Account and Logical Datacenter fields directly in cloud CIs to improve query speed and data handling.
    • REST API Permissions: Reference the Cloud Discovery patterns spreadsheet to grant necessary user permissions for discovery operations, and verify API connectivity using tools like Postman.

    Data Collection and Discovered Components

    The patterns discover a wide range of AWS resources, mapping them to corresponding ServiceNow CI classes with detailed attributes. Key discovered components include:

    • Network ACLs, Endpoints, and Security Groups
    • Cloud Load Balancers (Application, Network, Classic), including pools, pool members, and services
    • Availability Zones, Subnets, VPC Networks, and IP Addresses
    • Hosts (EC2 instances), Internet Gateways, NAT Gateways, and VPN Gateways/Connections
    • Storage Volumes and Block Endpoints
    • AWS Organizational Units and Cloud Service Accounts
    • Web ACLs and AWS Systems Manager (SSM) Cloud Agents

    Each discovered CI includes key fields such as unique AWS object IDs, states, IP addresses, and descriptive metadata to enable precise identification and management within the CMDB.

    CI Relationships and Service Mapping Integration

    The discovery patterns establish detailed relationships between AWS components to reflect real-world dependencies and hosting structures. Examples include:

    • Network ACLs linked to subnets and VPCs
    • Load balancers hosting services and associated with subnets, availability zones, and security groups
    • Hosts running virtual machines and associated with datacenters
    • Gateways implementing endpoints connected to networks
    • Organizational Units containing AWS accounts and accounts belonging to organizations

    These relationships support Service Mapping’s tag-based discovery, enabling dynamic service instance maps that accurately represent AWS cloud environments.

    Practical Benefits for ServiceNow Customers

    • Comprehensive AWS Visibility: Automatically discover and maintain a CMDB with detailed AWS resource information and dependencies.
    • Optimized Discovery Performance: Focus discovery efforts on active datacenters with resources, reducing discovery time and resource consumption.
    • Improved Security and Access Control: Support for IAM roles and policies ensures discovery operates within AWS security best practices.
    • Seamless Integration with Service Mapping: CI relationships enable accurate service modeling and operational insights into AWS environments.
    • Support for Multi-Account Environments: Management of AWS Organizations and member accounts with dynamic credential acquisition simplifies large-scale cloud discovery.
    • Support for AWS Regions Including China: Extend discovery to AWS China regions with specific configuration, ensuring global coverage.

    Next Steps for Implementation

    • Verify and update to the latest Discovery and Service Mapping Patterns application from the ServiceNow Store.
    • Configure AWS service accounts with appropriate IAM policies or MID Server IAM roles.
    • Create and optimize discovery schedules, adjusting MID Server properties to limit discovery to active datacenters.
    • Review and grant necessary REST API permissions based on the Cloud Discovery patterns spreadsheet.
    • Leverage discovered CI data and relationships to build and maintain accurate service maps reflecting AWS cloud infrastructure.

    Discovery and Service Mapping Patterns uses patterns to discover components of the Amazon AWS Cloud deployment during horizontal discovery. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    Verify that the applications are up to date:
    • Discovery and Service Mapping Patterns
    • CMDB CI Class Models
    • Visibility Content
    Update the method used for pointed discovery for the AWS CloudFormation Template (CFT) stack
    If you use Cloud Provisioning and Governance, you must update the getOperationGR(type) method. This update enables the pointed discovery to list the resources correctly for the AWS CFT stack after provisioning. For further information about the steps required to update this method, see the Knowledge Base article KB0858437.
    Activate the cloud-related CI relationships
    To include discovered components into service instances, enable CI relationships used in tag-based discovery by Service Mapping. These CI relationships are available from the 1.0.68 release on the ServiceNow Store. For operational steps, see Tag-based discovery configuration.
    Set up service accounts on the AWS Management Console

    An AWS Organization is a collection of AWS accounts under a single account. In AWS Organizations, parent accounts are called management accounts. The sub-accounts that belong to a management account are called member accounts.

    Note:
    Cloud Discovery for AWS Organizations isn’t fully supported in a GovCloud isolated region.
    The advantages of using management accounts in Discovery are:
    Easy population of member accounts
    After you configure the management account and supply the necessary credentials, you can test the connection to the account. If the test succeeds, Discovery returns a list of the member accounts in that management account. From this list, you can choose one or more member account to include in the Discovery of the management account.
    (Optional) Discover member resources using dynamically acquired credentials

    When you run Discovery on your cloud resources, you don’t need separate credentials for each member account. The Cloud Discovery process handles credentials automatically by acquiring a temporary credential for each member via an AWS API. You can elect to use the default configuration or customize the MID Server to assume other roles for additional controls and security.

    For more information, see Set up AWS service accounts.
    Use IAM user policy on the AWS Management Console
    To use the IAM user policy instead of credentials during discovery, configure the MID Server for AWS IAM roles. For more information, see configure the MID Server for AWS IAM roles.
    To create the IAM user policy for provisioning AWS resources, see Control AWS access and permissions using policies. Ensure that the IAM user policy covers the following AWS resources:
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
        "elasticloadbalancing:DescribeLoadBalancerPolicyTypes",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeLoadBalancerPolicies",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeLoadBalancerAttributes",
        "account:ListRegions",
        "elasticloadbalancing:Describe*",
        "ec2:Describe*",
        "ec2:DescribeNetworkInterfaceAttribute",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeCustomerGateways",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeHosts",
        "ec2:DescribeImages",
        "ec2:DescribeVpcs",
        "ec2:DescribeAccountAttributes",
        "ec2:DescribeInstanceAttribute",
        "ec2:DescribeInstanceCreditSpecifications",
       
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}
    Configure access to the AWS resources

    To discover a single account, create an IAM account in the AWS Management Console, and ensure that it has the "ReadOnlyAccess" policy applied. To discover several member or child accounts, configure the credentials as described in Access setup for AWS service accounts.

    Configure a discovery schedule
    Create an AWS Discovery schedule in Discovery Admin Workspace.
    Optimize discovery by including only datacenters with resources
    Starting with Discovery and Service Mapping Patterns version 1.29.0, you can optimize discovery by limiting it to only AWS datacenters with resources.
    • Verify your service account has the following role permissions to access Config API:
      • config:GetDiscoveredResourceCounts
      • config:DescribeConfigurationRecorderStatus
    • Verify AWS Config recorder is enabled and configured to record the all resource types.

      For instructions on configuring AWS Config recorder, go to the AWS Documentation and search for the "Recording resources in the AWS Config console" article.

    • Enable discovery of only datacenters with resources by setting the mid.cloud.discovery.sonar.discover_all_aws_datacenters MID Server property to false. For more information, see Limit AWS discovery to datacenters with resources.
    For more information, see the AWS resources discovery by datacenters section.
    (Optional) Populate Service Account and Logical Datacenter fields in cloud CIs
    Starting with Discovery and Service Mapping Patterns version 1.30.2, you can improve query performance by populating Service Account and Logical Datacenter fields directly in cloud CIs. For more information, see Improved query performance with direct field population in CI tables.

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    Note:
    You can test the AWS REST APIs using Postman API platform. For more information, see the How to test AWS REST API using POSTMAN [KB0782183] article in the Now Support Knowledge Base.

    Support for AWS services in the China region

    The latest version of Discovery and Service Mapping Patterns supports discovering AWS services in the China region. You can discover these services on the ServiceNow AI Platform, starting from Xanadu Patch 3 and Washington DC Patch 9 instances.

    Discovering AWS services in the China region requires using a datacenter URL when setting up an AWS service account. For example: https://organizations.cn-northwest-1.amazonaws.com.cn.

    • To learn more about AWS master account and sub-account support in the China region, see KB1704526.
    • To identify AWS patterns supported in the China region, refer to the Cloud Discovery patterns spreadsheet. The AWS China Region Support column has a Yes value for supported patterns.

    AWS resources discovery by datacenters

    Starting with version 1.29.0, Discovery and Service Mapping Patterns introduces a new AWS datacenter discovery model. The previous model discovered all datacenters, regardless of whether they contained relevant resources. The new model improves the AWS discovery performance by focusing on only datacenters that contain resources.

    AWS has multiple datacenters around the world, but resources like load balancers and virtual machines are typically deployed in only some of them. The Amazon AWS Datacenter Discovery pattern runs before all other AWS patterns to identify datacenters with resources related to your service account ("active") and those without ("passive"). A datacenter can also be classified as "empty" due to API call errors, AWS Config service not being enabled, or permission issues. You can check the discovery log for the exact cause of the error. For more information, see Logs for horizontal discovery.

    After identifying "active", "passive", or "empty" datacenters, the discovery schedule continues to execute all AWS patterns only for "active" or "empty" datacenters, to discover your AWS cloud resources. "Passive" datacenters are ignored during the schedule. The Refresh Datacenters flow continues to display all regions, not just active ones. You don’t need to create another schedule when a resource is added or a datacenter switches from passive to active.

    You might notice differences in the AWS discovery log, in discovery time and in the CMDB, depending on the service account and MID Server property settings.

    Datacenters that have already been discovered before upgrading to Discovery and Service Mapping Patterns version 1.29.0 remain in the Amazon AWS Datacenters table. The mid.cloud.discovery.sonar.discover_all_aws_datacenters MID Server property is set to true by default, which discovers all datacenters. To limit discovery to the "active" or "empty" datacenters, set this property to false. For information on setting up active datacenter discovery, see the (optional) Optimize discovery by including only datacenters with resources prerequisite.

    Table 1. Differences in datacenter discovery by mid.cloud.discovery.sonar.discover_all_aws_datacenters MID Server property setting
    MID Server property setting Flow Discovered/displayed datacenters
    False New schedule All datacenters except passive
    False Refresh Datacenters All datacenters
    True (default) New schedule All datacenters
    True (default) Refresh Datacenters All datacenters
    Figure 1. AWS datacenter model flow by mid.cloud.discovery.sonar.discover_all_aws_datacenters MID Server property setting
    Comparing MID Server property settings and discovered datacenters in schedule and refresh datacenter flows

    Data collected by Discovery during horizontal discovery

    Resources discovered using the Amazon AWS - ACL (LP) pattern
    Table 2. Network ACL [cmdb_ci_network_acl]
    Field Description
    Name [name] Name of the network access control list (ACL).
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Table 3. ACL Endpoint [cmdb_ci_endpoint_acl]
    Field Description
    Name [name] Name of the endpoint.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Resources discovered using the Amazon AWS - Application and Network LB (LP) pattern
    Table 4. Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Field Description
    Name [name] Name of the load balancer.
    Fully Qualified Domain Name [fqdn] IP address of the fully qualified domain name of the load balancer.
    Object ID [object_id] The Amazon Resource Name (ARN) of the load balancer.
    DNS Name [dns_name] The public DNS name of the load balancer.
    Canonical Hosted Zone Name [canonical_hosted_zone_name] The name of the Amazon Route 53 hosted zone associated with the load balancer.
    Canonical Hosted Zone ID [canonical_hosted_zone_id] The ID of the Amazon Route 53 hosted zone associated with the load balancer.
    State [state] The state of the load balancer.
    Short Description [short_description] A concatenation of the series of attributes for the load balancers like LB ARN, VPC ID, Type, and Zone.
    Comments [comments] Identifier for internal usage (deletion strategy).
    Table 5. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Name of the Domain Name System (DNS).
    Object ID [object_id] Name of the DNS.
    IP Address [ip_address] IP address of the DNS.
    Comments [comments] Identifier for internal usage (deletion strategy).
    Resources discovered using the Amazon AWS - Availability Zone (LP) pattern
    Table 6. Availability Zone [cmdb_ci_availability_zone]
    Field Description
    Name [name] Name of the Availability Zone.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    State [state] The state of the Availability Zone. The possible values are: available, information, impaired, and unavailable.
    Resources discovered using the Amazon AWS - Classic LB (LP) pattern
    Table 7. Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Field Description
    Name [name] The name of the load balancer.
    Fully Qualified Domain Name [fqdn] The DNS name of the load balancer.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    DNS Name [dns_name] The DNS name of the load balancer.
    Canonical Hosted Zone Name [canonical_hosted_zone_name] The DNS name of the load balancer.
    Canonical Hosted Zone ID [canonical_hosted_zone_id] The ID of the Amazon Route 53 hosted zone for the load balancer.
    Table 8. Cloud LB IPAddress [cmdb_ci_cloud_lb_ipaddress]
    Field Description
    Name [name] IP address of the Load Balancer.
    Object ID [object_id] IP address of the Load Balancer.
    IP Address [ip_address] IP address of the Load Balancer.
    Comments [comments] Comments related to the Configuration Item (CI).
    Table 9. DNS Name [cmdb_ci_dns_name]
    Field Description
    Name [name] Name of the Domain Name System (DNS).
    IP Address [ip_address] IP address of the DNS.
    Comments [comments] Comments related to the CI.
    Table 10. Load Balancer Pool [cmdb_ci_lb_pool]
    Field Description
    Name [name] The name of the load balancer pool.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Comments [comments] Comments related to the CI.
    Table 11. Load Balancer Pool Member [cmdb_ci_lb_pool_member]
    Field Description
    Name [name] The name of the load balancer pool member (known in AWS as a target).
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Table 12. Load Balancer Service [cmdb_ci_lb_service]
    Field Description
    Name [name] Name of the load balancer service.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Port [port] The port on which the load balancer is listening.
    Service Port [service_port] The port on which the instance is listening.
    Server Protocol [service_protocol] The protocol to use for routing traffic to instances: HTTP, HTTPS, TCP, or SSL.
    Listener Protocol [service_protocol] The load balancer transport protocol to use for routing: HTTP, HTTPS, TCP, or SSL.
    Comments [comments] Comments related to the CI.
    Resources discovered using the Amazon AWS - LB Pool Member(LP) pattern
    Table 13. Load Balancer Pool Member [cmdb_ci_lb_pool_member]
    Field Description
    Name [name] Target ID, depending on the target type.

    For example: Instance ID, IP address, Lambda ARN, or Application Load Balancer ARN.
    Service port [service_port] The port on which the target is listening, if available.
    Object ID [object_id] Possible values are:
    • Target ID
    • Target ID and target port, if available, in the following format: <target ID>#<target port>.

      For example: i-0123456789abcdef0#8080
    Comments [comments] Comments related to the CI.
    Operational status [operational_status] Operational status of the target.

    Possible values are Operational or Non-Operational.
    Install Status [install_status] Installation status of the target.

    Possible values are Installed or Retired.
    Pool [pool] References the Load Balancer Pool [cmdb_ci_lb_pool] table.
    Note:
    By default, the Amazon AWS - LB Pool Member(LP) pattern doesn't execute discovery. To enable the discovery of AWS Application Load Balancer targets, set the sn_itom_pattern.discover_aws_app_pool_members MID Server property to true. For more information, see Enable AWS Application Load Balancer target discovery.
    Resources discovered using the Amazon AWS - Customer Gateway (LP) pattern
    Table 14. Customer Gateway [cmdb_ci_customer_gateway]
    Field Description
    Name [name] Name or ID if no Name is specified of the customer gateway.
    Object ID [object_id] ID of the customer gateway.
    Connection Type [connection_type] Type of VPN connection the customer gateway supports.
    Table 15. Customer Gateway Endpoint [cmdb_ci_endpoint_cust_gateway]
    Field Description
    Name [name] Name or ID if no Name is specified of the customer gateway.
    Object ID [object_id] ID of the customer gateway.
    Resources discovered using the Amazon AWS - discover Organization pattern
    Table 16. Cloud Organizations [cmdb_ci_cloud_org]
    Field Description
    Name [name] The unique identifier (ID) of the management account of an organization.
    Object ID [object_id] The unique identifier (ID) of the management account of an organization.
    Root ID [root_id] The unique identifier (ID) of an organization.
    Master Email [master_email] The email address associated with the AWS account that is designated as the management account for the organization.
    Install Status [install_status] The install status of the Organization based on the AvailablePolicyTypes status.
    Operational status [operational_status] The operational status of the Organization based on the AvailablePolicyTypes status.
    Resources discovered the using the Amazon AWS - Host (LP) pattern
    Table 17. Cloud Host [cmdb_ci_cloud_host]
    Field Description
    Name [name] Name of this host.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    CPU Core Count [cpu_core_count] The number of host cores.
    State [state] The current state of the host.
    Host Type [host_type] The host type (instanceFamily).
    Cloud Vendor [cloud_vendor] The cloud vendor: AWS.
    Virtual [virtual] Virtual host: False.
    Resources discovered using the Amazon AWS - Internet Gateway (LP) pattern
    Table 18. Internet Gateway [cmdb_ci_internet_gateway]
    Field Description
    Name [name] Name or ID if no Name is specified for the internet gateway.
    Object ID [object_id] ID of the internet gateway.
    Table 19. Internet Gateway Endpoint [cmdb_ci_endpoint_intgateway]
    Field Description
    Name [name] Name or ID if no Name is specified for the internet gateway.
    Object ID [object_id] ID of the internet gateway.
    Resources discovered using the Amazon AWS - IP Address (LP) pattern
    Table 20. IP Address [cmdb_ci_cloud_ip_address]
    Field Description
    Name [name] The name or ID if no Name is specified for the Network Interface.
    IP Address [ip_address] If available, the address of the Elastic IP address bound to the network interface. If not available, the Private IP.
    Object ID [object_id] The ID of the Network Interface.
    Public DNS [public_dns] The public DNS name if available.
    Private IP Address [private_ip] The IPv4 address of the network interface within the subnet.
    Instance ID [instance_id] The ID of the instance.
    Resources discovered the using the Amazon AWS - Key Pair (LP) pattern
    Table 21. Cloud Key Pair [cmdb_ci_cloud_key_pair]
    Field Description
    Name [name] The name of the key pair.
    Object ID [object_id] The ID of the key pair.
    Finger Print [finger_print] If you used CreateKeyPair to create the key pair, this value is the SHA-1 digest of the DER encoded private key. If you used ImportKeyPair to provide AWS the public key, this value is the MD5 public key fingerprint as specified in section 4 of RFC 4716.
    Resources discovered using the Amazon AWS - LB Pool (LP) pattern
    Table 22. Load Balancer Pool [cmdb_ci_lb_pool]
    Field Description
    Name [name] The name of the load balancer pool.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Comments [comments] Comments related to the CI.
    Resources discovered using the Amazon AWS - LB Service (LP) pattern
    Table 23. Load Balancer Service [cmdb_ci_lb_service]
    Field Description
    Name [name] Name of the load balancer service.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Port [port] The port on which the load balancer is listening.
    Service Port [service_port] The port on which the instance is listening.
    Server Protocol [service_protocol] The protocol to use for routing traffic to instances: HTTP, HTTPS, TCP, or SSL.
    Listener Protocol [service_protocol] The load balancer transport protocol to use for routing: HTTP, HTTPS, TCP, or SSL.
    Comments [comments] Comments related to the CI.
    Resources discovered using the Amazon AWS - NAT Gateway (LP) pattern
    Table 24. NAT Gateway [cmdb_ci_nat_gateway]
    Field Description
    Name [name] Name of the NAT gateway.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Install Status [install_status] Provisioning status of the NAT gateway.
    Table 25. NAT Endpoint [cmdb_ci_endpoint_nat]
    Field Description
    Name [name] The name of the NAT endpoint.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    Resources discovered using the Amazon AWS - Network (LP) pattern
    Table 26. Cloud Network [cmdb_ci_network]
    Field Description
    Name [name] Name of the Virtual Private Cloud (VPC) network.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    State [state] The current state of the VPC: pending or available.
    CIDR [cidr] CIDR representation of the subnet. For example, 10.0.0.0/24.
    Install Status [install_status] Resource provisioning status.
    Resources discovered using the Amazon AWS - NIC (LP) pattern
    Table 27. Cloud Mgmt Network Interface [cmdb_ci_nic]
    Field Description
    Name [name] The Name or ID if no Name is specified for the Network Interface.
    Object ID [object_id] The ID of the network interface.
    State [state] The status of the network interface. The valid values are as follows: available, associated, attaching, in-use, or detaching.
    Private IP [private_ip] The IPv4 address of the network interface within the subnet.
    IP Address [ip_address] If available, the address of the Elastic IP address bound to the network interface. If not available, the Private IP.
    Public IP [public_ip] The address of the Elastic IP address bound to the network interface.
    Table 28. Cloud LB IPAddress [cmdb_ci_cloud_lb_ipaddress]
    Field Description
    Name [name] IP address of the Load Balancer.
    Object ID [object_id] If available, the address of the Elastic IP address bound to the network. If not available, the Private IP.
    IP Address [ip_address] If available, the address of the Elastic IP address bound to the network interface. If not available, the Private IP.
    Comments [comments] Comments related to the CI.
    Table 29. VNIC Endpoint [cmdb_ci_endpoint_vnic]
    Field Description
    Name [name] The name of the virtual network machine interface (VNIC) endpoint.
    Object ID [object_id] Unique identifier, allocated by Amazon AWS Cloud for this resource.
    IP Address [ip_address] If available, the address of the Elastic IP address bound to the network interface. If not available, the Private IP.
    Host [host] The ID of the instance.
    Resources discovered using the Amazon AWS - Organizational Units (LP) pattern
    Table 30. AWS Organizational Unit [cmdb_ci_aws_org_unit]
    Field Description
    Name [name] The user-friendly name of the Organizational Unit (OU).
    Object ID [object_id] The unique identifier (ID) associated with this OU. The ID is unique to the organization.
    Organizational ID [aws_org_id] The unique identifier (ID) associated with this OU. The ID is unique to the organization.
    Org Unit Parent ID [org_unit_parent_id] The ID of the root or the immediate parent OU.
    Resources discovered using the Amazon AWS - Public IP Address (LP) pattern
    Table 31. Cloud Public IP Address [cmdb_ci_cloud_public_ipaddress]
    Field Description
    Name [name] The name or allocation ID, if no name is specified for the public IP address.
    Object ID [object_id] The ID representing the allocation of the address for the use with EC2-VPC.
    Public ID Address [public_ip] The elastic IP address.
    Resources discovered using the Amazon AWS - Route Table (LP) pattern
    Table 32. Route Table [cmdb_ci_route_table]
    Field Description
    Name [name] The ID of the route table.
    State [state] If the route table is discoverable, the value is available.
    Object ID [object_id] The name or ID, if no name is specified for the route table.
    Table 33. Route Table Endpoint [cmdb_ci_endpoint_route_table]
    Field Description
    Name [name] The name or ID, if no name is specified for the route table.
    Object ID [object_id] The ID of the route table.
    Resources discovered using the Amazon AWS - Security Group (LP) pattern
    Table 34. Compute Security Group [cmdb_ci_compute_security_group]
    Field Description
    Name [name] The name of the security group.
    Object ID [object_id] The ID of the security group.
    Resources discovered using the Amazon AWS - SSM Cloud Agents (LP) pattern

    The Amazon AWS - SSM Cloud Agents (LP) pattern introduces the following CI class that extends an existing CMDB class.

    Table 35. CI class introduced by this pattern
    CI class Extends from
    Cloud System Management Agent [cmdb_ci_cloud_system_management_agent] Virtual Machine Object [cmdb_ci_vm_object]
    Table 36. Cloud System Management Agent [cmdb_ci_cloud_system_management_agent]
    Field Description
    Cloud Agent Type [cloud_agent_type] Type of cloud agent: AWS SSM.
    Install Status [install_status] Install status of the AWS Systems Manager (SSM) agent:
    • Installed: The agent is currently running.
    • Absent: The agent is not currently running.
    IP Address [ip_address] Address of the VM instance.
    Name [name] Name of the VM instance that the SSM agent is running on.
    Object ID [object_id] ID of the VM instance.
    Operational status [operational_status] Operational status of the agent service.

    Possible values are Operational or Non-Operational.
    Operating System Platform [operating_system_platform] Operating system type of the VM instance.
    Resource Type [resource_type] Type of resource managed by SSM.

    Possible values are EC2Instance or ManagedInstance.
    Version [version] Version of the SSM agent.
    Resources discovered using the Amazon AWS - Storage (LP) pattern
    Table 37. Storage Volume [cmdb_ci_storage_volume]
    Field Description
    State [state] The volume state. The following values are valid: creating, available, in-use, deleting, deleted, or error.
    Storage Type [storage_type] For example, hard-coded value: block.
    Volume ID [volume_id] The volume type. For example, gp2 for General Purpose SSD, io1 for Provisioned IOPS SSD, st1 for Throughput Optimized HDD, sc1 for Cold HDD, or standard for Magnetic volumes.
    Name [name] The name or ID, if no name is specified for the volume.
    Size Bytes [size_bytes] The size of the volume, in bytes.
    Object ID [object_id] The ID of the volume.
    Table 38. Block Endpoint [cmdb_ci_endpoint_block]
    Field Description
    Name [name] The name or ID, if no name is specified for the volume.
    Object ID [object_id] The ID of the volume.
    Resources discovered using the Amazon AWS - Sub Account (LP) pattern
    Table 39. Cloud Service Account [cmdb_ci_cloud_service_account]
    Field Description
    Account ID [account_id] Unique identifier (ID) of the account.
    Object ID [object_id] Unique identifier (ID) of the account.
    Datacenter Type [datacenter_type] Hard-coded value: cmdb_ci_aws_datacenter.
    Name [name] User-friendly name of the account.
    Is Master Account [is_master_account] Boolean attribute indicating if this account is the management account or not.
    Account Email [account_email] Email address of the AWS service account.
    Resources discovered using the Amazon AWS - Subnet (LP) pattern
    Table 40. Cloud Subnet [cmdb_ci_cloud_subnet]
    Field Description
    Name [name] The name or ID, if no name is specified for the subnet.
    Object ID [object_id] The ID of the subnet.
    CIDR [cidr] The IPv4 CIDR block assigned to the subnet.
    Available IP Count [available_ip_count] The number of unused private IPv4 addresses in the subnet. The IPv4 addresses for any stopped instances are considered unavailable.
    State [state] The current state of the subnet. The following values are valid: pending or available.
    Resources discovered using the Amazon AWS - VPN Connections (LP) pattern
    Table 41. VPN Connection [cmdb_ci_vpn_connection]
    Field Description
    Name [name] Name of the project that is used for the discovery.
    Object ID [object_id] The name or ID, if no name is specified for the VPN connection.
    State [state] The current state of the VPN connection. The following values are valid: pending, available, deleting, or deleted.
    Resources discovered using the Amazon AWS - VPN Gateway (LP) pattern
    Table 42. Virtual Private Gateway [cmdb_ci_virtual_pvt_gateway]
    Field Description
    Name [name] The name or ID, if no name is specified for the VPN Gateway.
    Object ID [object_id] The ID of the virtual private gateway.
    Connection Type [connection_type] The type of VPN connection the virtual private gateway supports.
    Table 43. Virtual Private Gateway Endpoint [cmdb_ci_endpoint_vpg]
    Field Description
    Name [name] The name or ID, if no name is specified for the VPN Gateway.
    Object ID [object_id] The ID of the virtual private gateway.
    Connection Type [connection_type] The type of VPN connection the virtual private gateway supports.
    Resources discovered using the Amazon AWS - Web ACL (LP) pattern

    The Amazon AWS - Web ACL (LP) pattern introduces the following CI class that extends an existing CMDB class.

    Table 44. CI class introduced by this pattern
    CI class Extends from
    Web ACL [cmdb_ci_web_acl] Virtual Machine Object [cmdb_ci_vm_object]
    Table 45. Web ACL [cmdb_ci_web_acl]
    Field Description
    Name [name] Name of the web access control list (web ACL).
    Object ID [object_id] Unique ID for the web ACL from AWS.
    Default Action [defaul_action] Default action when no rules in the web ACL match.

    Possible values are Allow or Deny.
    Description [short_description] Description of web ACL provided by AWS.
    Operational status [operational_status] Whether the web ACL is enabled or disabled.

    Possible values are Operational or Retired.
    Note:
    Security Operations users can leverage the integration with Discovery to import web ACL rules and load balancers with attached web ACLs. For more information on setting ACL rules and using the Mitigation Controls Monitoring app, see Configure the AWS WAF integration for mitigation controls monitoring.

    Events discovered by Discovery during horizontal discovery

    Discovery uses patterns to find events created for Amazon AWS Cloud components. If there are events that indicate the change of state in one of the Amazon AWS Cloud components, it triggers discovery of Amazon AWS Cloud components using the patterns.

    Table 46. Patterns used for event discovery
    Pattern CI
    Amazon AWS Virtual Server Events Virtual Machine Instance [cmdb_ci_vm_instance]
    Amazon AWS Security Group Events Compute Security Group [cmdb_ci_compute_security_group]
    Amazon AWS Subnet Events Cloud Subnet [cmdb_ci_cloud_subnet]
    Amazon AWS Storage Events Storage Volume [cmdb_ci_storage_volume]
    Amazon AWS Network Events Cloud Network [cmdb_ci_network]
    Amazon AWS Classic LB Events Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Amazon AWS Application and Network LBs Events Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Figure 2. Dependency Views displaying the cloud load balancer and connected components

    Dependency Views displaying the cloud load balancer and connected components.
    Figure 3. Dependency Views displaying components connected to the cloud network in the AWS environment

    Dependency Views displaying components connected to the cloud network in the AWS environment.
    Figure 4. Dependency Views showing Virtual Machine and connected components in the AWS environment

    Dependency Views showing Virtual Machine and connected components in the AWS environment.

    CI relationships

    The AWS patterns create the following relationships and references to support AWS discovery. References link to records in other tables and don't appear in the CI Relationship [cmdb_rel_ci] table.

    Relationships discovered using the Amazon AWS - ACL (LP) pattern
    Table 47. CI relationships
    CI Relationship CI
    Network [cmdb_ci_network] Contains::Contained by Network ACL [cmdb_ci_network_acl]
    Network ACL [cmdb_ci_network_acl] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Network ACL [cmdb_ci_network_acl] Implement End Point To::Implement End Point From Network ACL [cmdb_ci_endpoint_acl]
    Cloud Subnet [cmdb_ci_cloud_subnet] Use End Point To::Use End Point From Network ACL [cmdb_ci_endpoint_acl]
    Relationships discovered using the Amazon AWS - Application and Network (LP) pattern
    Table 48. CI relationships
    CI Relationship CI
    Cloud Subnet [cmdb_ci_cloud_subnet] Contains::Contained by Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Availability Zone [cmdb_ci_availability_zone] Contains::Contained by Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Contains::Contained by DNS Name [cmdb_ci_dns_name]
    Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Contains::Contained by Compute Security Group [cmdb_ci_compute_security_group]
    Relationships discovered using the Amazon AWS - Availability Zone (LP) pattern
    Table 49. CI relationships
    CI Relationship CI
    AWS Datacenter [cmdb_ci_aws_datacenter] Contains::Contained by Availability Zone [cmdb_ci_availability_zone]
    Relationships discovered using the Amazon AWS - Classic LB (LP) pattern
    Table 50. CI relationships
    CI Relationship CI
    Load Balancer Service [cmdb_ci_lb_service] Hosted on::Hosts Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Cloud Subnet [cmdb_ci_cloud_subnet] Contains::Contained by Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Availability Zone [cmdb_ci_availability_zone] Contains::Contained by Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Load Balancer Pool [cmdb_ci_lb_pool] Hosted on::Hosts Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Load Balancer Pool [cmdb_ci_lb_pool] Owns::Owned by Load Balancer Pool Member [cmdb_ci_lb_pool_member]
    Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Contains::Contained by DNS Name [cmdb_ci_dns_name]
    Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Owns::Owned by Cloud LB IPAddress [cmdb_ci_cloud_lb_ipaddress]
    Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Contains::Contained by Compute Security Group [cmdb_ci_compute_security_group]
    Relationships discovered using the Amazon AWS - LB Pool Member(LP) pattern
    Table 51. CI relationships
    CI Relationship CI
    Load Balancer Pool [cmdb_ci_lb_pool] Owns::Owned by Load Balancer Pool Member [cmdb_ci_lb_pool_member]
    Table 52. CI references
    CI Field Referenced CI
    Load Balancer Pool Member [cmdb_ci_lb_pool_member] Pool [pool] Load Balancer Pool [cmdb_ci_lb_pool]
    Note:
    By default, the Amazon AWS - LB Pool Member(LP) pattern doesn't execute discovery. To enable the discovery of AWS Application Load Balancer targets, set the sn_itom_pattern.discover_aws_app_pool_members MID Server property to true. For more information, see Enable AWS Application Load Balancer target discovery.
    Relationships discovered using the Amazon AWS - Customer Gateway (LP) pattern
    Table 53. CI relationships
    CI Relationship CI
    Customer Gateway [cmdb_ci_customer_gateway] Hosted on::Hosts Virtual Machine Instance [cmdb_ci_instance]
    Customer Gateway [cmdb_ci_customer_gateway] Implement End Point To::Implement End Point From Customer Gateway [cmdb_ci_endpoint_cust_gateway]
    Relationships discovered using the Amazon AWS - Host (LP) pattern
    Table 54. CI relationships
    CI Relationship CI
    Host [cmdb_ci_cloud_host] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Virtual Machine Instance [cmdb_ci_vm_instance] Runs on::Runs Host [cmdb_ci_cloud_host]
    Relationships discovered using the Amazon AWS - Internet Gateway (LP) pattern
    Table 55. CI relationships
    CI Relationship CI
    Internet Gateway [cmdb_ci_internet_gateway] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Internet Gateway [cmdb_ci_internet_gateway] Implement End Point To::Implement End Point From Internet Gateway EP [cmdb_ci_endpoint_intgateway]
    Cloud Network [cmdb_ci_network] Use End Point To::Use End Point From Internet Gateway EP [cmdb_ci_endpoint_intgateway]
    Relationships discovered using the Amazon AWS - IP Address (LP) pattern
    Table 56. CI relationships
    CI Relationship CI
    Cloud Key Pair [cmdb_ci_cloud_key_pair] Contains::Contained by IP Address [cmdb_ci_cloud_ip_address]
    Relationships discovered using the Amazon AWS - Key Pair (LP) pattern
    Table 57. CI relationships
    CI Relationship CI
    Servers [cmdb_ci_server] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Relationships discovered using the Amazon AWS - LB Pool (LP) pattern
    Table 58. CI relationships
    CI Relationship CI
    Load Balancer Pool [cmdb_ci_lb_pool] Hosted on::Hosts Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Relationships discovered using the Amazon AWS - LB Service (LP) pattern
    Table 59. CI relationships
    CI Relationship CI
    Load Balancer Service [cmdb_ci_lb_service] Hosted on::Hosts Cloud Load Balancer [cmdb_ci_cloud_load_balancer]
    Relationships discovered using the Amazon AWS - NAT Gateway (LP) pattern
    Table 60. CI relationships
    CI Relationship CI
    NAT Gateway [cmdb_ci_nat_gateway] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    NAT Gateway [cmdb_ci_nat_gateway] Implement End Point To::Implement End Point From NAT EP [cmdb_ci_endpoint_nat]
    Network [cmdb_ci_network] Use End Point To::Use End Point From NAT EP [cmdb_ci_endpoint_nat]
    Relationships discovered using the Amazon AWS - Network (LP) pattern
    Table 61. CI relationships
    CI Relationship CI
    Network [cmdb_ci_network] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Relationships discovered using the Amazon AWS - NIC (LP) pattern
    Table 62. CI relationships
    CI Relationship CI
    Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Owns::Owned by Cloud LB IPAddress [cmdb_ci_cloud_lb_ipaddress]
    Virtual Machine Instance [cmdb_ci_vm_instance] Use End Point To::Use End Point From VNIC Endpoint [cmdb_ci_endpoint_vnic]
    Cloud Subnet [cmdb_ci_cloud_subnet] Contains::Contained by NIC [cmdb_ci_nic]
    VNIC Endpoint [cmdb_ci_endpoint_vnic] Implement End Point To::Implement End Point From NIC [cmdb_ci_nic]
    NIC [cmdb_ci_nic] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Relationships discovered using the Amazon AWS - Organizational Units (LP) pattern
    Table 63. CI relationships
    CI Relationship CI
    Cloud Organization [cmdb_ci_cloud_org] Contains::Contained by AWS Organizational Unit [cmdb_ci_aws_org_unit]
    AWS Organizational Unit [cmdb_ci_aws_org_unit] Contains::Contained by Cloud Service Account [cmdb_ci_cloud_service_account]
    Table 64. CI references
    CI Field Referenced CI
    Key Value [cmdb_key_value] Configuration item [configuration_item] AWS Organizational Unit [cmdb_ci_aws_org_unit]
    Relationships discovered using the Amazon AWS - Public IP Address (LP) pattern
    Table 65. CI relationships
    CI Relationship CI
    Cloud Public IP Address [cmdb_ci_cloud_public_ipaddress] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Relationships discovered using the Amazon AWS - Route Table (LP) pattern
    Table 66. CI relationships
    CI Relationship CI
    Network [cmdb_ci_network] Contains::Contained by Route Table [cmdb_ci_route_table]
    Cloud Subnet [cmdb_ci_cloud_subnet] Use End Point To::Use End Point From Route Table Endpoint [cmdb_ci_endpoint_route_table]
    Route Table [cmdb_ci_route_table] Implement End Point To::Implement End Point From Route Table Endpoint [cmdb_ci_endpoint_route_table]
    Relationships discovered using the Amazon AWS - Security Group (LP) pattern
    Table 67. CI relationships
    CI Relationship CI
    Network [cmdb_ci_network] Contains::Contained by Compute Security Group [cmdb_ci_compute_security_group]
    Compute Security Group [cmdb_ci_compute_security_group] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Relationships discovered using the Amazon AWS - SSM Cloud Agents (LP) pattern
    Table 68. CI relationships
    CI Relationship CI
    Cloud System Management Agent [cmdb_ci_cloud_system_management_agent] Runs on::Runs Virtual Machine Instance [cmdb_ci_vm_instance]
    Relationships discovered using the Amazon AWS - Storage (LP) pattern
    Table 69. CI relationships
    CI Relationship CI
    Virtual Machine Instance [cmdb_ci_instance] Use End Point To::Use End Point From Block Endpoint [cmdb_ci_endpoint_block]
    Block Endpoint [cmdb_ci_endpoint_block] Implement End Point To::Implement End Point From Storage Volume [cmdb_ci_storage_volume]
    Availability Zone [cmdb_ci_availability_zone] Contains::Contained by Storage Volume [cmdb_ci_storage_volume]
    Storage Volume [cmdb_ci_storage_volume] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Relationships discovered using the Amazon AWS - Subnet (LP) pattern
    Table 70. CI relationships
    CI Relationship CI
    Network [cmdb_ci_network] Contains::Contained by Cloud Subnet [cmdb_ci_cloud_subnet]
    Availability Zone [cmdb_ci_availability_zone] Contains::Contained by Cloud Subnet [cmdb_ci_cloud_subnet]
    Relationships discovered using the Amazon AWS - VPN Connections (LP) pattern
    Table 71. CI relationships
    CI Relationship CI
    Customer Gateway [cmdb_ci_customer_gateway] Contains::Contained by VPN Connection [cmdb_ci_vpn_connection]
    Virtual Private Gateway [cmdb_ci_virtual_pvt_gateway] Contains::Contained by VPN Connection [cmdb_ci_vpn_connection]
    VPN Connection [cmdb_ci_vpn_connection] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Relationships discovered using the Amazon AWS - VPN Gateway (LP) pattern
    Table 72. CI relationships
    CI Relationship CI
    Virtual Private Gateway [cmdb_ci_virtual_pvt_gateway] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Virtual Private Gateway [cmdb_ci_virtual_pvt_gateway] Implement End Point To::Implement End Point From Virtual Private Gateway Endpoint [cmdb_ci_endpoint_vpg]
    Network [cmdb_ci_network] Use End Point To::Use End Point From Virtual Private Gateway Endpoint [cmdb_ci_endpoint_vpg]
    Relationships discovered using the Amazon AWS - Web ACL (LP) pattern
    Table 73. CI relationships
    CI Relationship CI
    Web ACL [cmdb_ci_web_acl] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Note:
    Security Operations users can leverage the integration with Discovery to import web ACL rules and load balancers with attached web ACLs. For more information on setting ACL rules and using the Mitigation Controls Monitoring app, see Configure the AWS WAF integration for mitigation controls monitoring.

    Services discovered by patterns

    Horizontal discovery finds EC2 and VPC services running on AWS resources.
    Table 74. Services discovered by Discovery using patterns
    Service name CI class Pattern
    AWS::EC2::SecurityGroup Compute Security Group [cmdb_ci_compute_security_group] Amazon AWS Security Group Events
    AWS::EC2::Subnet Cloud Subnet [cmdb_ci_cloud_subnet] Amazon AWS Subnet Events
    AWS::EC2::VPC Cloud Network [cmdb_ci_network] Amazon AWS Network Events
    AWS::EC2::Instance Virtual Machine Instance [cmdb_ci_vm_instance] Amazon AWS Virtual Server Events
    EQS::EC2::Volume Storage Volume [cmdb_ci_storage_volume] Amazon AWS Elastic Block Storage
    AWS::ElasticLoadBalancingV2::LoadBalancer Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Amazon AWS Application and Network LBs Events
    AWS::ElasticLoadBalancing::LoadBalancer Cloud Load Balancer [cmdb_ci_cloud_load_balancer] Amazon AWS Classic LBs Events

    Data collected by Service Mapping during tag-based discovery

    Service Mapping uses tag-based discovery to create service instance maps including the Cloud components. The Service Mapping application comes with the following preconfigured CI relationships used for tag-based discovery. These CI relationships are available from the 1.0.68 release on the ServiceNow Store.
    CI Relationship CI
    Configuration Item [cmdb_ci] Hosted on::Hosts Logical Datacenter [cmdb_ci_logical_datacenter]
    Logical Datacenter [cmdb_ci_logical_datacenter] Hosted on::Hosts Cloud Service Account [cmdb_ci_cloud_service_account]