Executing scripts required for setting up AWS

  • Release version: Zurich
  • Updated July 31, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Executing scripts required for setting up AWS

    To set up your AWS environment for importing data into the ServiceNow CMDB using the Service Graph Connector for AWS, you must execute a series of AWS scripts. These scripts configure AWS resources, enabling data collection and discovery of AWS infrastructure components. Before running any scripts, ensure that you complete all prerequisites to avoid setup issues.

    Show full answer Show less

    Script Categories and Their Purpose

    • Basic scripts: Configure essential AWS environment settings to enable data import.
    • Deep discovery scripts: Set up discovery on Amazon EC2 instances to collect detailed middleware and instance data.
    • Amazon EKS scripts: Configure discovery of Kubernetes clusters running on Amazon Elastic Kubernetes Service (EKS).

    Basic Scripts

    These scripts establish foundational AWS configurations, including enabling AWS Config, creating necessary ServiceNow IAM users and roles, and provisioning roles for AWS Systems Manager Automation. Execution typically involves creating CloudFormation stacks or StackSets in the management or member AWS accounts as appropriate. Key outcomes include:

    • Enabling AWS Config recorder across accounts and regions.
    • Creating ServiceNow IAM users and assigning read-only policies.
    • Provisioning execution and administration roles for Systems Manager Automation.

    Deep Discovery Scripts

    Executed only when deep discovery on EC2 instances is needed, these scripts create IAM roles and AWS Systems Manager (SSM) documents to retrieve detailed application and middleware information from Linux and Windows EC2 instances. Key points include:

    • Creating an IAM instance profile role for EC2 instances to allow SSM access.
    • Deploying SSM documents that collect middleware versions and system details from EC2 instances.
    • Execution uses CloudFormation StackSets across all relevant AWS accounts and regions.

    Amazon EKS Scripts

    When Kubernetes cluster discovery is required, these scripts set up SSM documents to identify EKS clusters and fetch related CI data such as pods, services, and deployments. These scripts should be executed in all AWS accounts and regions hosting EC2 Bastion hosts. Highlights include:

    • Creating SSM documents to discover EKS clusters linked to Bastion hosts.
    • Fetching Kubernetes component data from EKS clusters.
    • AWS Cloud administrators can customize these SSM documents if needed.

    Practical Considerations

    Execution of these scripts requires familiarity with AWS CloudFormation and StackSets, appropriate permissions in AWS accounts, and adherence to the documented prerequisites. Following these steps enables seamless integration and automated data import of AWS environment details into ServiceNow’s CMDB, supporting comprehensive asset and configuration management.

    You must execute scripts provided with the Service Graph Connector for AWS to set up the AWS environment for importing data.

    Important:
    Before executing an AWS script, ensure that you have completed the prerequisites. See Prerequisites for executing scripts.

    The AWS scripts provided with the connector configure AWS resources to import the configuration items (CIs) data into the CMDB. To learn more, see AWS resources used by the Service Graph Connector for AWS.

    Based on the AWS environment requirements, the scripts provided with the Service Graph Connector for AWS are categorized as described in the following table.

    Basic scripts

    Use the basic scripts to configure the AWS environment for importing data using the Service Graph Connector for AWS.

    The following table describes the basic AWS scripts available with the connector, the input parameters entered when executing a script, the conditions to execute the scripts, and the script execution results.

    Table 1. Basic script details
    Script Input parameters Execution condition Result

    EnableAWSConfig.yml

    None

    Execute the script in all the AWS accounts and AWS regions by creating a CloudFormation StackSet in the management account.

    See Create a stack set on the AWS documentation site.

    Enables the AWS Config recorder.

    CreateServiceNowUser.yml
    SNUserName
    Name of the ServiceNow IAM user that was created as part of the setup. See Prerequisites for executing scripts.

    Default value: NOWSGCUser

    MbrActRoleName
    Name of the ServiceNow IAM role that was created as part of the setup. See Prerequisites for executing scripts.

    Default value: SnowOrganizationAccountAccessRole

    Execute the script by creating a stack either in the management account or in a designated member account.

    See Creating a stack on the AWS CloudFormation console on the AWS documentation site.

    Creates the ServiceNow IAM user.

    CreateSnowOrganizationAccountAccessRoleInMemberAccount.yml
    ACNNBR
    Management account ID when the ServiceNow IAM user is in a management account

    Or

    Designated member account ID when the ServiceNow IAM user is in a designated member account.

    S3Bucket
    Amazon S3 bucket name to get the SendCommand output.
    ServiceNowUserName
    Name of the ServiceNow IAM user that was created as part of the setup. See Prerequisites for executing scripts.

    Default value: NOWSGCUser

    Execute the script in all the AWS accounts by creating a CloudFormation StackSet in the management account.

    See Create a stack set on the AWS documentation site.

    Enables read-only IAM policies, roles, and groups for the ServiceNow IAM user.

    SnowDesignatedAccountAccessRoleInManagementAccount.yml
    MEMBERACTNBR
    Member account ID where the ServiceNow IAM user was created.

    Execute the script by creating a stack in the management account.

    See Creating a stack on the AWS CloudFormation console on the AWS documentation site.

    Note:
    Use the SnowDesignatedAccountAccessRoleInManagementAccount.yml script only when the ServiceNow IAM user was created in a member account.

    Creates the ServiceNow IAM role in the management account.

    AWS-SystemsManager-AutomationExecutionRole.yml

    None

    Execute the script in all the AWS accounts by creating a CloudFormation StackSet in the management account.

    See Create a stack set on the AWS documentation site.

    Provisions the execution role necessary to run automations in member accounts. A prerequisite for configuring Systems Manager Automation.

    AWS-SystemsManager-AutomationAdministrationRole.yml

    None

    Execute the script by creating a stack in the management account.

    See Creating a stack on the AWS CloudFormation console on the AWS documentation site.

    Provisions the administrator role in the management account necessary to run cross-account automation across multiple accounts. A prerequisite for configuring Systems Manager Automation.

    Deep discovery scripts

    Use the deep discovery scripts to set up deep discovery on Amazon EC2 instances.
    Note:
    Execute the deep discovery scripts only when you want to perform deep discovery on EC2 instances.
    The following table describes the deep discovery scripts, the input parameters entered when executing a script, the conditions to execute the scripts, and the script execution results.
    Table 2. Deep discovery script details
    Script Input parameters Execution condition Result

    AmazonSSMForInstancesRoleSetup.yml
    S3Bucket
    S3 bucket name that collects the details from EC2 instances. See Prerequisites for executing scripts.

    Execute the script in all the AWS accounts by creating a CloudFormation StackSet in the management account.

    See Create a stack set on the AWS documentation site.

    Creates the AmazonSSMForInstancesRole IAM instance profile role to be attached to the EC2 instances.

    SG-AWS-RunShellScript-Setup.yml

    None

    Execute the script in all the AWS accounts and the AWS regions by creating a CloudFormation StackSet in the management account.

    AWS administrators must update SSM documents and verify that EC2 instances can execute relevant commands for proper integration.

    See Create a stack set on the AWS documentation site.

    Creates AWS Systems Manager (SSM) documents to fetch deep discovery data from a Linux EC2 instance. Retrieves version details for middleware applications, including Apache HTTP server, Nginx server, Apache Tomcat server, and MySQL instance.

    SG-AWS-RunPowerShellScript-Setup.yml

    None

    Execute the script in all the AWS accounts and the AWS regions by creating a CloudFormation StackSet in the management account.

    See Create a stack set on the AWS documentation site.

    Creates AWS SSM documents to fetch deep discovery data from a Windows EC2 instance.

    Amazon EKS scripts

    Use the Amazon EKS scripts to set up Amazon Elastic Kubernetes Service (EKS) clusters.
    Note:
    Execute the Amazon EKS scripts only when the Amazon EKS service for Kubernetes clusters is required.

    The following table describes the Amazon EKS scripts, the conditions to execute the scripts, and the script execution results.

    Table 3. Amazon EKS script details
    Script Execution condition Result

    SG-AWS-RunKubeCtlEKSNamesShellScript.yml

    Execute the script in all the AWS accounts and the AWS regions where the EC2 Bastion hosts are located by creating a CloudFormation StackSet in the management account.

    See Create a stack set on the AWS documentation site.

    Creates an AWS SSM document to discover EKS clusters associated with EC2 Bastion hosts.

    Note:
    An AWS Cloud administrator can update the SSM document in their AWS setup.

    SG-AWS-RunKubeCtlShellScript.yml

    Execute the script in all the AWS accounts and the AWS regions where the EC2 Bastion hosts are located by creating a CloudFormation StackSet in the management account.

    See Create a stack set on the AWS documentation site.

    Creates an AWS SSM document to fetch CIs related to Kubernetes components, such as pods, services, and deployments, from EKS clusters.

    Note:
    An AWS Cloud administrator can update the SSM document in their AWS setup.