Amazon Bedrock pattern-based discovery

  • Release version: Zurich
  • Updated May 3, 2026
  • 9 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Amazon Bedrock pattern-based discovery

    The AI Agent Topology Mapping application in ServiceNow enables discovery of Amazon Bedrock AI services, agents, and foundation models via horizontal discovery patterns. This capability helps you automatically populate your Configuration Management Database (CMDB) with detailed information about Amazon Bedrock resources, their relationships, and tags. The discovery patterns facilitate comprehensive visibility into Bedrock AI components and support integration with Service Mapping and cloud service accounts.

    Show full answer Show less

    Key Features

    • Amazon Bedrock discovery patterns: Includes patterns for discovering Bedrock Agents and Foundation Models, collecting data on AI system digital assets, AI prompts, AI models, and related key-value tags.
    • Data model population: Populates both CMDB and non-CMDB tables with detailed records of Bedrock AI agents and models, including operational status, versions, ARNs, manufacturer info, and relationships.
    • Relationship mapping: Establishes CI relationships such as deployment, hosting, and usage between AI Functions, AI System Digital Assets, AI Model Deployments, and AWS Datacenters.
    • Integration with AWS accounts: Supports discovery of multiple AWS member accounts via a single management account, using either IAM user policies or temporary credentials managed by the MID Server.
    • Configuration guidance: Includes instructions to update discovery methods for AWS CloudFormation stacks, enable cloud-related CI relationships, configure AWS service accounts, IAM roles, and policies with necessary permissions, and optimize discovery schedules.
    • Discovery optimization: Options to limit discovery to datacenters with resources, discover only new member datacenters, and directly populate Service Account and Logical Datacenter fields in cloud CIs to improve query performance.

    Practical Application for ServiceNow Customers

    By implementing Amazon Bedrock pattern-based discovery, you can automate the identification and mapping of Bedrock AI infrastructure within your AWS environment directly into your CMDB. This ensures accurate asset tracking, enables effective impact analysis, and supports AI service management workflows.

    To leverage this capability effectively, ensure you:

    • Keep your AI Agent Topology Mapping and Discovery applications up to date from the ServiceNow Store.
    • Configure AWS service accounts with the correct IAM policies and roles, enabling secure, scalable discovery across multiple AWS accounts.
    • Activate required CI relationships to integrate discovered components into service instances and dependency views.
    • Set discovery schedules tailored to your environment, optionally optimizing for new or resource-containing datacenters.
    • Utilize the populated tables and Dependency Views map for detailed visibility into your Bedrock AI agents, prompts, and foundation models, supporting operational and governance needs.

    Data and Relationship Details

    The discovery populates a structured data model with these key entities:

    • AI System Digital Asset: Represents Bedrock agents with references to prompts and models.
    • AI Model Digital Asset: Represents foundation models with vendor and lifecycle details.
    • AI Function and AI Model Deployment (CMDB tables): Represent deployed AI agents and models with operational statuses.
    • Key Value tags: Extracted AWS tags linked to AI Functions for metadata enrichment.

    The relationships between these entities are captured in CI relationships and reference fields, enabling you to visualize and manage dependencies in the ServiceNow Dependency Views map.

    Benefits

    • Improved AI resource visibility and lifecycle management within your CMDB.
    • Automated, scalable discovery across AWS accounts and regions.
    • Enhanced service mapping and impact analysis through detailed relationship mapping.
    • Optimized discovery performance with configurable options for selective datacenter scanning.

    AI Agent Topology Mapping discovers Amazon Bedrock AI services, agents, and models during horizontal discovery.

    Request new or enhanced Patterns on the ServiceNow® Store

    Visit the ServiceNow Store to view all the available updates and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Amazon Bedrock data model

    The following diagram illustrates the tables and relationships that the AI Agent Topology Mapping application creates when discovering Amazon Bedrock resources.

    Figure 1. Tables and relationships populated during Amazon Bedrock discovery
    Amazon Bedrock data model
    Note:
    The following relationships are stored in the Asset-CI Relationship [cmdb_rel_asset_ci] table and aren't represented in the Dependency View map:
    • The Deployed as::Deployment of relationship between AI Function [cmdb_ci_function_ai] and AI System Digital Asset [alm_ai_system_digital_asset].
    • The Used by::Uses relationship between AI Model Deployment [cmdb_ci_ai_model_deployment] and AI Model Digital Asset [alm_ai_model_digital_asset].

    Discovery requirements

    Verify that the applications are up to date
    Discovering these resources may require updating to the latest version of the following applications from the ServiceNow Store:
    • AI Agent Topology Mapping
    • Discovery and Service Mapping Patterns
    • Visibility Content
    • CMDB CI Class Models
    Update the method used for pointed discovery for the AWS CloudFormation Template (CFT) stack
    If you use Cloud Provisioning and Governance, you must update the getOperationGR(type) method. This update enables the pointed discovery to list the resources correctly for the AWS CFT stack after provisioning. For further information about the steps required to update this method, see the Knowledge Base article KB0858437.
    Activate the cloud-related CI relationships
    To include discovered components into service instances, enable CI relationships used in tag-based discovery by Service Mapping. These CI relationships are available from the 1.0.68 release on the ServiceNow Store. For operational steps, see Tag-based discovery configuration.
    Set up service accounts on the AWS Management Console

    An AWS Organization is a collection of AWS accounts under a single account. In AWS Organizations, parent accounts are called management accounts. The sub-accounts that belong to a management account are called member accounts.

    The advantages of using management accounts in Discovery are:
    Easy population of member accounts
    After you configure the management account and supply the necessary credentials, you can test the connection to the account. If the test succeeds, Discovery returns a list of the member accounts in that management account. From this list, you can choose one or more member account to include in the Discovery of the management account.
    (Optional) Discover member resources using dynamically acquired credentials

    When you run Discovery on your cloud resources, you don’t need separate credentials for each member account. The Cloud Discovery process handles credentials automatically by acquiring a temporary credential for each member via an AWS API. You can elect to use the default configuration or customize the MID Server to assume other roles for additional controls and security.

    For more information, see Setting up AWS service accounts.
    Use IAM user policy on the AWS Management Console
    To use the IAM user policy instead of credentials during discovery, configure the MID Server for AWS IAM roles. For more information, see configure the MID Server for AWS IAM roles.
    To create the IAM user policy for provisioning AWS resources, see Control AWS access and permissions using policies. Ensure that the IAM user policy covers the following AWS resources:
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
        "elasticloadbalancing:DescribeLoadBalancerPolicyTypes",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeLoadBalancerPolicies",
        "elasticloadbalancing:DescribeInstanceHealth",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeLoadBalancerAttributes",
        "account:ListRegions",
        "elasticloadbalancing:Describe*",
        "ec2:Describe*",
        "ec2:DescribeNetworkInterfaceAttribute",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeCustomerGateways",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeHosts",
        "ec2:DescribeImages",
        "ec2:DescribeVpcs",
        "ec2:DescribeAccountAttributes",
        "ec2:DescribeInstanceAttribute",
        "ec2:DescribeInstanceCreditSpecifications",
       
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}
    Configure access to the AWS resources

    To discover a single account, create an IAM account in the AWS Management Console, and ensure that it has the "ReadOnlyAccess" policy applied. To discover several member or child accounts, configure the credentials as described in Access setup for AWS service accounts.

    Configure the Discovery schedule to support GovCloud
    Discovering AWS GovCloud (US) accounts requires using a datacenter URL when setting up an AWS service account. For more information, see Create AWS service accounts.
    Configure a discovery schedule
    Create an AWS Discovery schedule in Discovery Admin Workspace.
    (Optional) Discover datacenters only for new members
    Starting with Zurich Patch 2, you can discover datacenters only for new members added since the last discovery. For more information, see Discover datacenters only for new cloud accounts.
    Optimize discovery by including only datacenters with resources
    Starting with Discovery and Service Mapping Patterns version 1.29.0, you can optimize discovery by limiting it to only AWS datacenters with resources.
    • Verify your service account has the following role permissions to access Config API:
      • config:GetDiscoveredResourceCounts
      • config:DescribeConfigurationRecorderStatus
    • Verify AWS Config recorder is enabled and configured to record the all resource types.

      For instructions on configuring AWS Config recorder, go to the AWS Documentation and search for the "Recording resources in the AWS Config console" article.

    • Enable discovery of only datacenters with resources by setting the mid.cloud.discovery.sonar.discover_all_aws_datacenters MID Server property to false. For more information, see Limit AWS discovery to datacenters with resources.
    For more information, see the AWS resources discovery by datacenters section in AWS discovery using patterns.
    (Optional) Populate Service Account and Logical Datacenter fields in cloud CIs
    Starting with Discovery and Service Mapping Patterns version 1.30.2, you can improve query performance by populating Service Account and Logical Datacenter fields directly in cloud CIs. For more information, see Improved query performance with direct field population in CI tables.

    Verify the REST API Permissions

    Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.

    Data collection

    The AI Agent Topology Mapping application includes the following patterns for Amazon Bedrock discovery:
    • Amazon AWS - Bedrock Agents
    • Amazon AWS - Bedrock Foundation Model

    The Amazon AWS - Bedrock Agents pattern collects AI System Digital Assets, AI Prompt Digital Assets, and Key Value information. You can view this information in the Related Links section of the CI record by navigating to All > Configuration > AWS > AWS Bedrock Agents and selecting the relevant record.

    The Amazon AWS - Bedrock Foundation Model pattern collects AI Model Digital Assets. You can view this information in the Related Links section of the CI record by navigating to All > Configuration > AWS > AWS Bedrock Models and selecting the relevant record.

    AI Agent Topology Mapping application populates data in both CMDB and non-CMDB tables.

    Data stored in non-CMDB tables

    The AI Agent Topology Mapping application populates data in non-CMDB tables when running the Amazon Bedrock patterns.

    If you have the AI Control Tower application, you can view the information in the AI Control Tower Workspace.

    Table 1. AI System Digital Asset [alm_ai_system_digital_asset]
    Field Description
    Display name [display_name] Display name of the Bedrock agent.
    External record reference [external_ref_id] Amazon Resource Name (ARN) of the Bedrock agent.
    Model [model] References the AI System Component Product Model [cmdb_ai_system_component_product_model] table.
    Asset type [model_category] Asset type of the agent. Value is set to Agentic AI.
    State [install_status] State of the agent. Value is set to Deployed.
    AI prompts [ai_prompts] References the AI Prompt Digital Asset [alm_ai_prompt_digital_asset] table.
    AI models [ai_models] References the AI Model Digital Asset [alm_ai_model_digital_asset] table.
    Configuration Item [ci] References the AI Function [cmdb_ci_function_ai] table.
    Table 2. AI System Component Product Model [cmdb_ai_system_component_product_model]
    Field Description
    Name [name] Name of the Bedrock agent.
    Short description [short_description] Description of the Bedrock agent.
    Status [status] Operational status of the agent as returned by Bedrock.

    For example: PREPARED.
    Version [version] Version of the Bedrock agent.
    Manufacturer [manufacturer] Manufacturer of the agent model. Value is set to AWS.
    Model categories [cmdb_model_category] Model category. Value is set to Agentic AI.
    Table 3. AI Prompt Digital Asset [alm_ai_prompt_digital_asset]
    Field Description
    Prompt information [prompt_info] Instruction text defined for the Bedrock agent.
    Model [model] References the AI Prompt Product Model [cmdb_ai_prompt_product_model] table.
    Asset type [model_category] Asset type of the prompt. Value is set to AI prompt.
    Configuration Item [ci] References the AI Function [cmdb_ci_function_ai] table.
    Table 4. AI Prompt Product Model [cmdb_ai_prompt_product_model]
    Field Description
    Name [name] Name of the Bedrock agent, used to identify the associated prompt model.
    Manufacturer [manufacturer] Manufacturer of the prompt model. Value is set to AWS.
    Table 5. AI Model Digital Asset [alm_ai_model_digital_asset]
    Field Description
    Display name [display_name] Name of the foundation model.
    External record reference [external_ref_id] ARN of the foundation model.
    Model [model] References the AI Model Product Model [cmdb_ai_model_product_model] table.
    Asset type [model_category] Asset type of the model. Value is set to AI model.
    Vendor [vendor] Provider of the foundation model.
    Configuration Item [ci] References the AI Model Deployment [cmdb_ci_ai_model_deployment] table.
    Table 6. AI Model Product Model [cmdb_ai_model_product_model]
    Field Description
    Name [name] Name of the foundation model.
    Model number [model_number] Model ID assigned by Amazon Bedrock.
    Description [description] Description of the foundation model.
    Manufacturer [manufacturer] Provider of the foundation model.
    Model categories [cmdb_model_category] Model category. Value is set to AI model.

    Data stored in CMDB tables

    AI Agent Topology Mapping populates the data in the CMDB when running the Amazon Bedrock patterns.

    Table 7. AI Function [cmdb_ci_function_ai]
    Field Description
    Name [name] Name of the Bedrock agent.
    Object ID [object_id] ARN of the Bedrock agent.
    Description [short_description] Description of the Bedrock agent.
    Model number [model_number] Agent ID assigned by Amazon Bedrock.
    Operational status [operational_status] Operational status of the resource. Default value is set to Operational.
    Install Status [install_status] Install status of the resource. Default value is set to Installed.
    Product instance identifier [product_instance_id] Version of the Bedrock agent.
    Comments [comments] Resource type identifier. Value is set to AWS::Bedrock::Agent.
    Manufacturer [manufacturer] Manufacturer of the resource. Value is set to AWS.
    Table 8. AI Model Deployment [cmdb_ci_ai_model_deployment]
    Field Description
    Name [name] Name of the Amazon Bedrock foundation model.
    Object ID [object_id] ARN of the foundation model.
    Description [short_description] Description of the foundation model.
    Model number [model_number] Model ID assigned by Amazon Bedrock.
    Manufacturer [manufacturer] Provider of the foundation model.
    Attributes [attributes] Lifecycle status of the model as reported by the API.

    For example: ACTIVE or LEGACY.
    Comments [comments] Resource type identifier. Value is set to AWS::Bedrock::Foundation Model.
    Operational status [operational_status] Operational status of the resource. Default value is Operational.
    Install Status [install_status] Install status of the resource. Default value is Installed.

    Dependency Views map

    On the Dependency Views map, you can view discovered Amazon Bedrock resources and the relationships between them.

    Figure 2. Amazon Bedrock dependency view
    Amazon Bedrock CI and connection on a Dependency Views map

    CI relationships

    The Amazon Bedrock patterns create the following relationships and references to support Amazon Bedrock discovery. References link to records in other tables and don't appear in the CI Relationship [cmdb_rel_ci] table.

    Table 9. CI relationships
    CI/Table Relationship CI/Table
    AI Function [cmdb_ci_function_ai] Deployed as::Deployment of AI System Digital Asset [alm_ai_system_digital_asset]
    AI Function [cmdb_ci_function_ai] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    AI Function [cmdb_ci_function_ai] Depends on::Used by AI Model Deployment [cmdb_ci_ai_model_deployment]
    AI Model Deployment [cmdb_ci_ai_model_deployment] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    AI Model Deployment [cmdb_ci_ai_model_deployment] Used by::Uses AI Model Digital Asset [alm_ai_model_digital_asset]
    Table 10. CI references
    CI/Table Field Referenced CI/Table
    AI System Digital Asset [alm_ai_system_digital_asset] Model [model] AI System Component Product Model [cmdb_ai_system_component_product_model]
    AI System Digital Asset [alm_ai_system_digital_asset] AI prompts [ai_prompts] AI Prompt Digital Asset [alm_ai_prompt_digital_asset]
    AI System Digital Asset [alm_ai_system_digital_asset] AI models [ai_models] AI Model Digital Asset [alm_ai_model_digital_asset]
    AI System Digital Asset [alm_ai_system_digital_asset] Configuration Item [ci] AI Function [cmdb_ci_function_ai]
    AI Prompt Digital Asset [alm_ai_prompt_digital_asset] Model [model] AI Prompt Product Model [cmdb_ai_prompt_product_model]
    AI Prompt Digital Asset [alm_ai_prompt_digital_asset] Configuration Item [ci] AI Function [cmdb_ci_function_ai]
    AI Model Digital Asset [alm_ai_model_digital_asset] Model [model] AI Model Product Model [cmdb_ai_model_product_model]
    AI Model Digital Asset [alm_ai_model_digital_asset] Configuration Item [ci] AI Model Deployment [cmdb_ci_ai_model_deployment]
    Key Value [cmdb_key_value] Configuration item [configuration_item] AI Function [cmdb_ci_function_ai]

    AWS tag discovery

    The Amazon AWS - Bedrock Agents pattern collects tags and populates them in the Key Value [cmdb_key_value] table.

    Table 11. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.
    Configuration item [configuration_item] References the AI Function [cmdb_ci_function_ai] table.