AWS Service Management Connector for ServiceNow

The AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector) enables ServiceNow end users to provision, manage, and operate AWS resources natively through ServiceNow.

ServiceNow administrators can:

• Provide pre-approved, secured, and governed AWS resources to end users through AWS Service Catalog.

• Execute automation playbooks through AWS Systems Manager.

• View and manage operational items as incidents through AWS Systems Manager OpsCenter

• Track resources in the CMDB, powered by AWS Config, seamlessly on ServiceNow with the AWS Service Management Connector.

• Define new resource types based on ServiceNow CMDB tables and synchronize these with AWS Config custom resources.

• Configure syncing AWS Security Hub findings to ServiceNow incidents or problems.

ServiceNow end users can:

• Browse, request, and provision pre-secured AWS solutions.

• View, update and resolve incidents from AWS Systems Manager OpsItems

• View configuration item details.

• Execute workflows in ServiceNow on AWS resources.

• View, update, and resolve ServiceNow incidents or problems through AWS Security Hub findings.

These features simplify AWS product request actions for ServiceNow users, and provide ServiceNow governance and oversight over AWS products.

The AWS-supplied connector is available at no charge in the ServiceNow store. It supports ServiceNow platform releases Quebec (Q), Paris (P) and Orlando (O). These new features are generally available in all AWS Regions where AWS Service Catalog, AWS Config, and AWS Systems Manager services are available.

Topics

• Background
• Getting started
• Release notes
• Baseline permissions
• Configuring AWS Service Catalog
• Configuring AWS Config
• Configuring AWS Security Hub
• Configuring AWS Systems Manager OpsCenter
• Configuring ServiceNow
• Configuring AWS Config integration in ServiceNow
• Configuring AWS Systems Manager OpsCenter integration in ServiceNow
• Validating configurations
• ServiceNow additional features
• Version 2.3.4 release transition instructions

Background

AWS Service Catalog allows you to centrally manage commonly deployed AWS services and provisioned software products. It helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need.

AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services, investigate and resolve operational issues through the OpsCenter, and automate operational tasks across your AWS resources.

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub, there is a single place that aggregates, organizes, and prioritizes your security alerts, or findings.

ServiceNow is an enterprise service management platform that places a service-oriented lens on the activities, tasks, and processes that enables day-to-day work life and a modern work environment. ServiceNow Service Catalog is a self-service application that end users can use to order IT services based on request fulfillment approvals and workflows. The ServiceNow CMDB provides resource transparency and relationships for the logical components of a service.

Getting started

Before installing the AWS Service Management Connector for ServiceNow, verify that you have the necessary permissions in your AWS account and ServiceNow instance.

AWS prerequisites

To start, use the following services:

• AWS Service Catalog with the Connector

  You need an AWS account to configure your AWS portfolios and products. For details, see Setting up for AWS Service Catalog.

• AWS Config details

  Configure the service settings to record data for the resource types of interest. We recommend you include provisioned products and AWS CloudFormation stacks, in addition to the major resource types that your team uses. For more information, see Setting up AWS Config with the console. This version of the Connector enables the import of aggregated Config data in a single AWS account from more than one AWS Region or account. To use this feature, you must configure an aggregator in AWS. For more information, see Setting up an Aggregator using the console.

• AWS Systems Manager Automation with the Connector

  This feature requires no AWS-side set up. As standard, AWS provides a number of automation documents (runbooks). If you want additional automation documents (runbook), retrieve them in the Connector. For more information, see Working with Automation Runbooks.

• AWS Systems Manager OpsCenter with the Connector

  You must enable the service in all Regions and accounts where you want to sync OpsItems. For more information, see Getting started with OpsCenter

• AWS Security Hub with the Connector

  You must enable the service in all Regions and accounts where you want to sync Findings. For details see Setting up Security Hub. We recommend you connect ServiceNow with the primary (master) AWS account for AWS Security Hub. For more information, see Managing master and member accounts.

ServiceNow prerequisites

In addition to the AWS account, you need a ServiceNow instance to install the ServiceNow Connector scoped application. The initial installation should occur in either an enterprise sandbox or a ServiceNow Personal Developer Instance (PDI), depending on your organization’s technology governance requirements.

The ServiceNow administrator needs the admin role to install the Connector for ServiceNow scoped application.

Release notes

Version 3.7.1 of the AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector) includes:

AWS ServiceNow Connector core features	AWS Systems Manager OpsCenter integration features	AWS Config integration features
Enables synchronization of key(s) rotated for AWS account credentials opted into the Connector.	Views operational item (OpsItem) from AWS Systems Manager OpsCenter in ServiceNow.	Optimizes memory utilization during sync.
Optimizes AWS API calls from the ServiceNow Connector scoped app.	Creates ServiceNow incident(s) from AWS OpsItem(s).	Identifies and sets install status of stale records when synchronizing with Config Aggregators.
Supports multiple AWS accounts.	Updates and resolves correlated OpsItem(s) and incident(s) in AWS and ServiceNow respectively.	Identifies AWS resources details, such as the Account, Region, ResourceType, and ResourceId (default ServiceNow field Correlation ID).
Supports FIPS endpoints and usage in the AWS GovCloud West and East Regions.	Views related resource details associated in AWS Systems Manager OpsCenter in ServiceNow
Supports the latest ServiceNow platform releases for Quebec (Q), Paris (P), and Orlando (O).	Views and executes automation documents (runbook) to resolve OpsItems in the ServiceNow incident and view execution results through ServiceNow Service Catalog.

This version also includes prior AWS Service Management Connector for ServiceNow feature integrations to AWS services, such as AWS Security Hub, AWS Config, and AWS Systems Manager Automation.