AWS Service Management Connector for ServiceNow

To help customers integrate provisioning secure, compliant, and pre-approved AWS products into their ServiceNow portal, AWS created the AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector).

The AWS Service Management Connector for ServiceNow enables ServiceNow end users to provision, manage, and operate AWS resources natively through ServiceNow.

ServiceNow administrators can:

• Provide pre-approved, secured and governed AWS resources to end users through AWS Service Catalog.

• Execute automation playbooks through AWS Systems Manager.

• Track resources in the CMDB powered by AWS Config seamlessly on ServiceNow with the AWS Service Management Connector.

• Define new resource types based on ServiceNow CMDB tables and synchronize these with AWS Config custom resources.

• Configure syncing AWS Security Hub findings to ServiceNow incidents or problems.

ServiceNow end users can:

• Browse and request and provision pre-secured AWS solutions.

• View configuration item details.

• Execute workflows in ServiceNow on AWS resources.

• View, update and resolve ServiceNow incidents or problems through AWS Security Hub findings.

These features simplify AWS product request actions for ServiceNow users and provides ServiceNow governance and oversight over AWS products.

The AWS-supplied connector is available at no charge in the ServiceNow store and supports ServiceNow platform releases Paris (P), Orlando (O), and New York (N). These new features are generally available in all AWS Regions where AWS Service Catalog, AWS Config, and AWS Systems Manager services are available.

Topics

• Background
• Getting Started
• Release Notes
• Baseline Permissions
• Configuring AWS Service Catalog
• Configuring AWS Config
• Configuring AWS Security Hub
• Configuring ServiceNow
• Validating Configurations
• ServiceNow Additional Features
• Version 2.3.4 Release Transition Instructions

Background

AWS Service Catalog allows you to centrally manage commonly deployed AWS services and provisioned software products. It helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need.

AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface to view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub, customers have a single place that aggregates, organizes, and prioritizes your security alerts, or findings.

ServiceNow is an enterprise service management platform that places a service‑oriented lens on the activities, tasks, and processes that enables day‑to‑day work life and a modern work environment. ServiceNow Service Catalog is a self-service application that end users can use to order IT services based on request fulfillment approvals and workflows. The ServiceNow CMDB provides resource transparency and relationships for the logical components of a service.

Getting Started

Before installing the AWS Service Management Connector for ServiceNow, verify that you have the necessary permissions in your AWS account and ServiceNow instance.

AWS prerequisites

To start, use the following services:

• AWS Service Catalog with the Connector

  You need an AWS account to configure your AWS portfolios and products. For details, see Setting up for AWS Service Catalog.

• AWS Config details

  The service settings need to be configured to record data for the resource types of interest. We recommend you include provisioned products and AWS CloudFormation stacks in addition to the major resource types used by your team. For details, see Setting up AWS Config with the console. This version of the Connector enables the import of aggregated Config data in a single AWS account from more than one AWS region or account. To use this feature an aggregator must be configured in AWS. For details see Setting up an Aggregator using the console.

• AWS Systems Manager Automation with the Connector

  No AWS-side set up is required. As standard, AWS provides a number of automation documents. If you have additional automation documents you wish to use, they will be available in the Connector. For details, see Working with Automation Documents (Playbooks).

• AWS Security Hub with the Connector

  The service must be enabled in all regions and accounts where you want to sync Findings. For details see Setting up Security Hub. We recommend you connect ServiceNow with the primary (master) AWS account designated for AWS Security Hub. For details see Managing master and member accounts.

ServiceNow Prerequisites

In addition to the AWS account, you need a ServiceNow instance to install the ServiceNow Connector scoped application. The initial installation should occur in either an enterprise sandbox or a ServiceNow Personal Developer Instance (PDI), depending on your organization’s technology governance requirements.

The ServiceNow administrator needs the admin role to install the Connector for ServiceNow scoped application.

Release Notes

Version 3.5.2 of the AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector) includes:

AWS ServiceNow Connector core features

• Enables synchronization of key(s) rotated for AWS account credentials opted into Connector.

• Optimizes AWS API calls from the ServiceNow Connector scoped app.

• Supports mulitple AWS accounts.

• Supports FIPS endpoints and usage in the AWS GovCloud West and East regions.

• Supports the latest ServiceNow platform releases for Paris (P), Orlando (O), and New York (N).

  AWS Service Catalog integration features

• Ability for end users to view AWS specific parameters (single and list) on EC2 resources such as Availability Zones, Instance Id, KeyPair, Security Group, VPC, Subnet, Volume, and Hosted Zone (Route53).

• Ability for system admins to create AWS Tags for provisioned products from any ServiceNow table. These tags are then selectable by end users to provide the appropriate value in the provision product request. Examples are Department, Cost Center, and so on.

  AWS Config integration features

• Rendering of two additional AWS Config configuration item details for Lambda and DynamoDB into the ServiceNow CMDB.

• Ability to map streamlined cloud resources details across AWS account(s) or region(s) into the ServiceNow CMDB through AWS Config Aggregator.

• Ability to sync select ServiceNow CMDB tables as customer resources into AWS Config.

• Ability to view OS level resources details from AWS Config in the ServiceNow CMDB based on AWS Systems Manager Inventory.

• Optimization of Config API calls within the Connector.

  AWS Security Hub integration features

• Ability to configure synchronization of AWS Security Hub Findings within ServiceNow.

• Ability to view, investigate and resolve AWS Security Hub Findings as either incidents or problems.

• Ability to view updates from synced incidents or problems on Security Findings within AWS Security Hub.

  AWS Systems Manager integration features

• Rendering of AWS Systems Manager automation documents in the ServiceNow Service Portal and Fulfiller (Standard User Interface) views.

• The ability for ServiceNow administrators to associate AWS Systems Manager automation for AWS accounts opted into the Connector for ServiceNow scoped app.

• The ability for ServiceNow users to request and execute AWS Systems Manager automation documents through ServiceNow.