AI Service Graph Connector for Amazon

  • Release version: Zurich
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Service Graph Connector for Amazon

    The AI Service Graph Connector for Amazon enables ServiceNow customers to discover and import AI assets from their AWS environment directly into ServiceNow AI Control Tower. This integration catalogs AI systems, agents, models, and prompts from AWS, while automatically collecting usage data. The imported data populates the AI Control Tower value dashboard, enhancing visibility and governance of AI operations.

    Show full answer Show less

    Supported Versions and Roles

    • The connector supports ServiceNow releases: Australia, Zurich, and Yokohama.
    • Required user roles include snaidisc.discoveryadmin and sncmdbintutil.sgcadmin.

    ServiceNow Prerequisites

    • Update Data Source Access: Grant create, update, and delete permissions on the Data Source table in the Global scope to enable data source creation by the connector.
    • Clear Cache: Run a background script to clear cached data on the Data Source and Tables to ensure fresh data loading. This step is required once per new instance setup.

    AWS Prerequisites and Permissions

    • Active AWS account with API access to Amazon Bedrock, SageMaker, CloudWatch, and Bedrock AgentCore.
    • IAM credentials (Access Key ID and Secret Access Key) with read permissions.
    • Required IAM permissions include comprehensive list and describe rights for Bedrock, SageMaker, CloudWatch logs, and AgentCore services.
    • AWS documentation is available for setting up IAM keys and enabling necessary services.

    Data Mapping and Import Process

    The connector uses specific data sources to import AI asset information into ServiceNow. Data flows through staging tables before populating target tables representing AI assets in the CMDB and other AI-specific classes:

    • AI Systems, Models, Tools, and Prompts are imported from AWS Bedrock and SageMaker into corresponding digital asset tables.
    • Usage data from AWS services and AgentCore is collected into AI usage tables.
    • Data sources are named systematically (e.g., SGawsBedrockAIAssetDSUtilSNC) and correspond to specific staging and target tables.

    Practical Benefits for ServiceNow Customers

    • Automates discovery and cataloging of AI assets from AWS, reducing manual effort.
    • Provides centralized governance and operational visibility of AI systems via AI Control Tower dashboards.
    • Supports multi-release compatibility for flexible deployment within existing ServiceNow environments.
    • Ensures secure and compliant access to AWS data through defined IAM roles and permissions.

    The AI Service Graph Connector for Amazon enables you to discover and import AI assets from your AWS environment into ServiceNow AI Control Tower.

    The connector integrates with your AWS account to catalog AI systems, agents, models, and prompts. Usage data is automatically collected and populated into the AI Control Tower value dashboard, providing comprehensive visibility and governance of your AI operations.

    Download apps from the Store

    Visit the  ServiceNow store website to download the AI Service Graph Connector for Amazon application.

    Supported ServiceNow versions

    This connector is supported on the following ServiceNow releases:

    Release Status
    Australia Supported
    Zurich Supported
    Yokohama Supported

    User Roles

    You must have one of the following roles assigned.

    Required Roles
    sn_ai_disc.discovery_admin
    sn_cmdb_int_util.sgc_admin

    ServiceNow Prerequisites

    Complete the following setup steps once when configuring the connector for the first time.

    Note:
    Updating data source access and clear cache is a prerequisite that needs to be completed only once, when setting up a new instance for the first time.
    Update Data Source Access

    The connector requires write permissions to the Data Source table to create data sources.

    To enable data source creation:
    1. Select Global from the application picker.
    2. Navigate to Application Access.
    3. Select the Can create, Can update, and Can delete checkboxes.
    4. Select Update.
    5. Switch to the connector application scope.
    Clear cache

    Clear the cached data for the Data Source and Tables.

    To clear the cache:
    1. Navigate to System Definition > Background Scripts
    2. Paste the following script into the Run Script text box:
      GlideTableManager.invalidateTable('sys_data_source');
GlideCacheManager.flushTable('sys_data_source');
GlideTableManager.invalidateTable('sys_db_object');
GlideCacheManager.flushTable('sys_db_object');
    3. Select Run Script.
      Note:
      The script may take several minutes to complete.
    4. After completion, switch to the connector application scope.

    AWS Prerequisites

    Role required: IAM user

    Before proceeding, confirm you have:

    • AWS Account- Active AWS account with access to the services you want to connect
    • IAM Credentials: AWS Access Key ID and Secret Access Key with read permissions for the services you plan to migrate
    • Service Access- API access enabled for Amazon Bedrock, Amazon SageMaker, Amazon CloudWatch, and Amazon Bedrock AgentCore
    Required IAM Permissions

    Your IAM user role or role needs these permissions.

    • Amazon Bedrock: bedrock:List*, bedrock:Get*
    • Amazon SageMaker: sagemaker:List*, sagemaker:Describe*
    • Amazon CloudWatch: logs:DescribeLogGroups, logs:DescribeLogStreams, cloudwatch:GetMetricData
    • Amazon Bedrock AgentCore: bedrock:ListAgents, bedrock:GetAgent
    AWS Setup documentation
    Use these AWS resources to set up credentials and enable services:

    Data Mapping

    The following table lists the data sources, the staging tables, and the target tables  CMDB CI classes and non-CMDB  classes where data is stored for a  AWS  project.

    Data Source Staging Table Target Table
    SGawsBedrockAIAssetDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_asset sn_ai_disc_aws_sgc_bedrock_ai_system (routes to other staging tables)
    SGawsBedrockAISystemDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_system alm_ai_system_digital_asset
    SGawsBedrockAIModelDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_model alm_ai_model_digital_asset
    SGawsBedrockAIToolDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_tool sn_ent_ai_tool
    SGawsBedrockAIPromptDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_prompt alm_ai_prompt_digital_asset
    SGawsBedrockAISbcompM2mDSUtilSNC sn_ai_disc_aws_sgc_bedrock_sbcomp_m2m sn_ent_ai_system_subcomponent_m2m
    SGawsBedrockAIUsageDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_usage sn_ai_disc_ai_usage
    SGAgentCoreDataSourceUtil (importAgentRuntimesByID) sn_ai_disc_aws_sgc_agentcore_ai_system alm_ai_system_digital_asset
    SGAgentCoreDataSourceUtil (importCodeInterpretersByID, importBrowsersByID, importTargetsByID) sn_ai_disc_aws_sgc_agentcore_ai_tool sn_ent_ai_tool
    SGAgentCoreDataSourceUtil (getAWSAgentCoreUsage) sn_ai_disc_aws_sgc_agentcore_ai_usage sn_ai_disc_ai_usage
    SGSageMakerAIModelDSUtilSNC sn_ai_disc_aws_sgc_sg_awssagemaker_model alm_ai_model_digital_asset
    SGSageMakerModelCardDSUtilSNC sn_ai_disc_aws_sgc_sg_awssagemaker_model alm_ai_model_digital_asset