AWS Service Management Connector for ServiceNow
To help customers integrate provisioning secure, compliant, and pre-approved AWS products into their ServiceNow portal, AWS created the AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector).
The AWS Service Management Connector for ServiceNow enables ServiceNow end users to provision, manage, and operate AWS resources natively through ServiceNow.
ServiceNow administrators can:
-
Provide pre-approved, secured and governed AWS resources to end users through AWS Service Catalog.
-
Execute automation playbooks through AWS Systems Manager.
-
Track resources in the CMDB powered by AWS Config seamlessly on ServiceNow with the AWS Service Management Connector.
-
Define new resource types based on ServiceNow CMDB tables and synchronize these with AWS Config custom resources.
-
Configure syncing AWS Security Hub findings to ServiceNow incidents or problems.
ServiceNow end users can:
-
Browse and request and provision pre-secured AWS solutions.
-
View configuration item details.
-
Execute workflows in ServiceNow on AWS resources.
-
View, update and resolve ServiceNow incidents or problems through AWS Security Hub findings.
These features simplify AWS product request actions for ServiceNow users and provides ServiceNow governance and oversight over AWS products.
The AWS-supplied connector is available at no charge in the ServiceNow store and supports ServiceNow platform releases Paris (P), Orlando (O), and New York (N). These new features are generally available in all AWS Regions where AWS Service Catalog, AWS Config, and AWS Systems Manager services are available.
Topics
Background
AWS Service Catalog
AWS Config
AWS Systems Manager
AWS Security Hub
ServiceNow
Getting Started
Before installing the AWS Service Management Connector for ServiceNow, verify that you have the necessary permissions in your AWS account and ServiceNow instance.
AWS prerequisites
To start, use the following services:
-
AWS Service Catalog with the Connector
You need an AWS account to configure your AWS portfolios and products. For details, see Setting up for AWS Service Catalog.
-
AWS Config details
The service settings need to be configured to record data for the resource types of interest. We recommend you include provisioned products and AWS CloudFormation stacks in addition to the major resource types used by your team. For details, see Setting up AWS Config with the console. This version of the Connector enables the import of aggregated Config data in a single AWS account from more than one AWS region or account. To use this feature an aggregator must be configured in AWS. For details see Setting up an Aggregator using the console.
-
AWS Systems Manager Automation with the Connector
No AWS-side set up is required. As standard, AWS provides a number of automation documents. If you have additional automation documents you wish to use, they will be available in the Connector. For details, see Working with Automation Documents (Playbooks).
-
AWS Security Hub with the Connector
The service must be enabled in all regions and accounts where you want to sync Findings. For details see Setting up Security Hub. We recommend you connect ServiceNow with the primary (master) AWS account designated for AWS Security Hub. For details see Managing master and member accounts.
ServiceNow Prerequisites
In addition to the AWS account, you need a ServiceNow instance to install the
ServiceNow Connector scoped application. The initial installation should occur in
either an enterprise sandbox or a ServiceNow Personal Developer Instance
The ServiceNow administrator needs the admin role to install the Connector for ServiceNow scoped application.
Release Notes
Version 3.5.2 of the AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector) includes:
AWS ServiceNow Connector core features
-
Enables synchronization of key(s) rotated for AWS account credentials opted into Connector.
-
Optimizes AWS API calls from the ServiceNow Connector scoped app.
-
Supports mulitple AWS accounts.
-
Supports FIPS endpoints and usage in the AWS GovCloud West and East regions.
-
Supports the latest ServiceNow platform releases for Paris (P), Orlando (O), and New York (N).
AWS Service Catalog integration features
-
Ability for end users to view AWS specific parameters (single and list) on EC2 resources such as Availability Zones, Instance Id, KeyPair, Security Group, VPC, Subnet, Volume, and Hosted Zone (Route53).
-
Ability for system admins to create AWS Tags for provisioned products from any ServiceNow table. These tags are then selectable by end users to provide the appropriate value in the provision product request. Examples are Department, Cost Center, and so on.
AWS Config integration features
-
Rendering of two additional AWS Config configuration item details for Lambda and DynamoDB into the ServiceNow CMDB.
-
Ability to map streamlined cloud resources details across AWS account(s) or region(s) into the ServiceNow CMDB through AWS Config Aggregator.
-
Ability to sync select ServiceNow CMDB tables as customer resources into AWS Config.
-
Ability to view OS level resources details from AWS Config in the ServiceNow CMDB based on AWS Systems Manager Inventory.
-
Optimization of Config API calls within the Connector.
AWS Security Hub integration features
-
Ability to configure synchronization of AWS Security Hub Findings within ServiceNow.
-
Ability to view, investigate and resolve AWS Security Hub Findings as either incidents or problems.
-
Ability to view updates from synced incidents or problems on Security Findings within AWS Security Hub.
AWS Systems Manager integration features
-
Rendering of AWS Systems Manager automation documents in the ServiceNow Service Portal and Fulfiller (Standard User Interface) views.
-
The ability for ServiceNow administrators to associate AWS Systems Manager automation for AWS accounts opted into the Connector for ServiceNow scoped app.
-
The ability for ServiceNow users to request and execute AWS Systems Manager automation documents through ServiceNow.