Create an AI connection for Amazon

Zurich Enable AI

Release

zurich

ft:locale

en-US

ft:publication_title

Zurich Enable AI

ft:clusterId

platai

bundleId

platai

workflow

Platform

Create an AI connection for Amazon

Release version: Zurich

Updated March 12, 2026

2 minutes to read

Create an AI connection for Amazon in AI Control Tower using the AI Service Graph Connector for Amazon.

Before you begin

Role required: sn_ai_disc.discovery_admin and sn_cmdb_int_util.sgc_admin

Procedure

Navigate to Al Control Tower > Configurations > AI connections.
Click Add.
Select AWS from all the available connectors.
Click Create connection.

Note:
The Review the setup instructions page appears and verifies to follow all the prerequisites.
Select Download basic scripts.

Note:
Download the basic scripts and select the check box.
Select Continue.
Setup page appears.
Select Source systems.
Choose the AWS services that you want to integrate with ServiceNow.
- Amazon Bedrock
- Amazon Bedrock AgentCore
- Amazon SageMaker
Select Submit.
Configure Amazon Bedrock
1. Enter the Connection Name
2. Enter the Access Key ID
3. Enter the Secret Access Key
  The Access keys are long-term credentials for an IAM user or the AWS account root user. Access keys consist of two parts: an access key ID and a secret access key. For detailed information, see how to get access and secret key
4. Enter the AWS Region.
  
  Note:
  The region information is available in the navigation bar of the AWS management console.
5. Enter the Management Account ID
  Note:
  The Management Account ID applies in two scenarios:
  
  Your IAM user is created in a Designated Member account.
  
  You need Organizational-level access.
6. Enter the Standalone Account ID
  
  Note:
  This step is optional. Provide a single account ID to test discovery against that account before enabling full Organization discovery.
7. Enter the STS Assume Role
  The role assumed for discovery.
8. Select Update and test connection
9. Select Continue
Configure Bedrock import schedule
1. Open a parent schedule import
2. Select the Active check box
3. Select Run according to your preference
  
  Note:
  This is an optional step as the schedule imports run according to the schedule.
Configure CloudWatch logs forBedrock
1. Enter the Connection Name.
2. Enter the Access Key.
3. Enter the Secret Key.
4. Enter the AWS Region.
5. Enter the Log Group Names.
6. Select Create and test connection.
7. Select Continue.
Configure CloudWatch logs import schedule for Bedrock
1. Open a parent schedule import.
2. Select the Active check box.
3. Select Execute Now.
  
  Note:
  This is an optional step as the schedule imports run according to the schedule.
4. Select Continue.
Configure SageMaker
1. Enter the Connection Name
2. Enter the Access Key ID
3. Enter the Secret Access Key
4. Enter the AWS Region
5. Select Create and test connection
6. Select Continue
Configure SageMaker import schedule
1. Open a parent schedule import
2. Select the Active check box
3. Select Run according to your preference
4. Select Execute Now
  
  Note:
  This is an optional step as the schedule imports run according to the schedule
5. Select Continue
Configure CloudWatch monitoring for SageMaker
1. Enter the Connection Name
2. Enter the Access Key
3. Enter the Secret Key
4. Enter the AWS Region
5. Select Create and test connection
6. Select Continue
Configure CloudWatch monitoring import schedules for SageMaker
1. Open a parent schedule import
2. Select Active check box
3. Select Run according to your preference
4. Select Execute Now
  
  Note:
  This is an optional step as the schedule imports run according to the schedule
5. Select Continue.

Result

The AI connection for AWS is created and configured.