Complete the following setup steps in your AWS Management Console environment before you install and configure the AWS Integration for Security Exposure Management Integration in your ServiceNow AI Platform® instance.
Before you begin
Role required: AWS account and credentials
Procedure
-
Navigate to the AWS Management Console and sign in.
-
Navigate to IAM (Identity and Access Management).
-
Create an IAM user or use an existing IAM user with programmatic access.
-
Attach the
AmazonInspector2ReadOnlyAccess policy to the user or role to provide access to the Inspector List Findings v2 API.
-
If you're using cross-account access, create an IAM role with a trust policy and note the Role ARN.
-
Generate and securely store the Access Key ID and Secret Access Key.
These credentials are required when you configure the AWS Integration for Security Exposure Management Integration in your ServiceNow AI Platform® instance.
Table 1. AWS Credential fields
| Field |
Description |
| Access key |
AWS access key ID for the IAM user. |
| Secret Key |
AWS secret access key (encrypted). |
| Role ARN |
ARN of the IAM role for STS AssumeRole. |
| Region |
AWS region(s) you want to import findings from. |
Note:
The integration uses AWS Signature Version 4 (SigV4) for request signing. When using Role ARN, the integration first calls AWS STS AssumeRole to obtain temporary security credentials (valid for
3600 seconds).