AWS Service Management Connector for ServiceNow

The AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector) enables ServiceNow end users to provision, manage, and operate AWS resources natively through ServiceNow.

ServiceNow administrators can:

• Provide pre-approved, secured, and governed AWS resources to end users through AWS Service Catalog.

• Execute automation playbooks through AWS Systems Manager.

• View and manage operational items as incidents through AWS Systems Manager OpsCenter.

• Use AWS Config to track resources in the CMDB seamlessly on ServiceNow with the AWS Service Management Connector.

• Define new resource types based on ServiceNow CMDB tables and synchronize these with AWS Config custom resources.

• Sync AWS Security Hub findings to ServiceNow incidents or problems.

ServiceNow end users can:

• Browse, request, and provision pre-secured AWS solutions.

• View AppRegistry applications, attribute groups, and related resource details with AWS Service Catalog - AppRegistry.

• View, update, and resolve incidents from AWS Systems Manager OpsItems.

• View configuration item details.

• Execute workflows in ServiceNow on AWS resources.

• View, update, and resolve ServiceNow incidents or problems through AWS Security Hub findings.

• View, create, add correspondence and resolve AWS Support cases from ServiceNow (including AMS Accelerate support cases).

• View and execute AWS Systems Manager Change Requests from a curated list of pre-approved AWS Change templates.

These features minimize direct AWS platform access, simplify AWS product request and operational actions for ServiceNow users. They also provide streamlined Service Management governance and oversight over AWS resources and services.

The AWS-supplied connector is available at no charge in the ServiceNow store. It supports ServiceNow platform releases Rome (R), and Quebec (Q - Patch 5 going forward). These new features are generally available in all AWS Regions where AWS Service Catalog, AWS Config, and AWS Systems Manager services are available.

Note

For the ServiceNow Quebec release, we only support Quebec Patch 5 going forward due to a deprecated ServiceNow REST API call, getDeprecatedValue(), which inhibited end users’ ability to request AWS Service Catalog products and AWS Systems Manager automation documents in the Connector. ServiceNow resolved the issue in Quebec Patch 5, so we now support only Patch 5 going forward.

Topics

• Service management alignment
• Background
• Getting started
• Release notes
• Configuring AWS
• Configuring ServiceNow
• Validating configurations
• ServiceNow additional features
• Version 2.3.4 release transition instructions

Service management alignment

This Connector aligns to industry best practices such as ITIL®’s service management areas by enabling tools (services) with the intersection of people, processes and partners. The Connector also addresses a baseline set of service management practices customers use within existing operational tooling:

Service Management Area	AWS service(s) integration
Service Catalog Management Deployment Management (Provisioning)	AWS Service Catalog/AWS CloudFormation (requesting and provisioning vetted/predictable products and performing post-provision actions)
Incident Management (ticketing)	AWS Support (AWS services/platform incidents) AWS Systems Manager OpsCenter (operational incidents derived/detected for solutions built on AWS platform) AWS Security Hub (incidents derived from security findings)
Service Configuration Management (CMDB)	AWS Config (AWS resource/configuration items tracking and detective control compliance)
Change Enablement (management)	AWS Systems Manager Change Manager (standard changes/with automated runbooks as implementation task(s))

Background

AWS has a suite of products for management and governance, as well as security.These products allows you to enable, secure, provision, and operate cloud resources. These services are critical to establish the right level of control over your environment, without slowing down innovation. The following AWS services integrate into this Connector:

AWS Service Catalog allows you to centrally manage commonly deployed AWS services and provisioned software products. It helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need. It also offers AWS Service Catalog-AppRegistry, which creates a repository of your applications and associated resources.

AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations. It also lets you automate the evaluation of recorded configurations against desired configurations.

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services, investigate and resolve operational issues through the OpsCenter, and automate operational tasks across your AWS resources.

AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub, there is a single place that aggregates, organizes, and prioritizes your security alerts, or findings.

ServiceNow is an enterprise service management platform that places a service-oriented lens on the activities, tasks, and processes that enable day-to-day work life and a modern work environment. ServiceNow Service Catalog is a self-service application that end users can use to order IT services based on request fulfillment approvals and workflows. The ServiceNow CMDB provides resource transparency and relationships for the logical components of a service.

AWS Support provides multiple tooling mechanisms, people, and programs designed to proactively help you optimize performance, lower costs, and innovate faster. AWS Support enables customers to be successful on their cloud journey and address requests that range from answering best practices questions, guidance on configuration, all the way to break-fix and problem resolution.

Getting started

Before installing the AWS Service Management Connector for ServiceNow, verify that you have the necessary permissions in your AWS account and ServiceNow instance.

AWS prerequisites

To start, use the following services:

• AWS Service Catalog with the Connector

  You need an AWS account to configure your AWS portfolios and products. For details, see Setting up for AWS Service Catalog and Using AWS Service Catalog-AppRegistry.

• AWS Config details

  Configure the service settings to record data for the resource types of interest. We recommend you include provisioned products and AWS CloudFormation stacks, in addition to the major resource types that your team uses. For more information, see Setting up AWS Config with the console. This version of the Connector enables the import of aggregated Config data in a single AWS account from more than one AWS Region or account. To use this feature, you must configure an aggregator in AWS. For more information, see Setting up an Aggregator using the console.

• AWS Systems Manager Automation with the Connector

  This feature requires no AWS-side set up. As standard, AWS provides a number of automation documents (runbooks). If you want additional automation documents (runbook), retrieve them in the Connector. For more information, see Working with Automation Runbooks.

• AWS Systems Manager OpsCenter with the Connector

  You must enable the service in all Regions and accounts where you want to sync OpsItems. For more information, see Getting started with OpsCenter

• AWS Security Hub with the Connector

  You must enable the service in all Regions and accounts where you want to sync Findings. For details, see Setting up Security Hub. We recommend you connect ServiceNow with the primary (main) AWS account for AWS Security Hub. For more information, see Managing administrator and member accounts.

• AWS Support with the Connector

  Your account must have a Business or Enterprise Support plan to use support integration with the Connector.

• AWS Systems Manager Change Manager with the Connector

  You must enable the service in all Regions and accounts where you want to sync change templates. The AWS Systems Manager Change Manager integration of AWS Service Management Connector introduces a curated version of the integration. It allows customers to execute pre-approved change templates that contain at least one Automation Runbook and does not require approvals during execution from ServiceNow. For more information, see Setting up Change Manager.

ServiceNow prerequisites

In addition to the AWS account, you need a ServiceNow instance to install the ServiceNow Connector scoped application. The initial installation should occur in either an enterprise sandbox or a ServiceNow Personal Developer Instance (PDI), depending on your organization’s technology governance requirements.

The ServiceNow administrator needs the admin role to install the Connector for ServiceNow scoped application.

Release notes

Version 4.0.0 of the AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector) includes:

AWS ServiceNow Connector core features	AWS Support integration features	AWS Systems Manager automation integration	AWS Systems Manager Change Manager integration features
A guided setup to configure and mark complete ServiceNow install components for the AWS Service Management Connector.	The ability to view, create, update, add correspondence, and resolve support cases from ServiceNow	Updated mappings to accurately display status values of Automation document execution in ServiceNow	The ability to create change requests from a curated list of preapproved change templates that require no further approvals during execution

This version also includes prior AWS Service Management Connector for ServiceNow feature integrations to AWS services, such as AWS Systems Manager OpsCenter and AWS Systems Manager Automation.