Baseline permissions
This section describes how to configure AWS Identity and Access Management (IAM) permissions, AWS Service Catalog, and other AWS services to use AWS Service Management Connector for ServiceNow.
Available template for baseline permissions
This section describes how to configure Identity and Access Management (IAM) permissions, AWS Service Catalog, and other AWS services to use AWS Service Management Connector for ServiceNow.
To use an AWS CloudFormation template to set up the AWS configurations of the Connector for
ServiceNow, refer to the AWS configurations for Connector for ServiceNow
AWS commercial Regions
Note
The AWS CloudFormation template creates IAM users with permissions to all existing integrations, and is intended to enable all supported integrations in a sandbox or developer ServiceNow instance. For quality-assurance and production, you must apply least-privilege permissions based on the integrations enabled through the connector. Review the sync user and end user permissions for additional information.
Note
If you choose to use the Connector for ServiceNow AWS Configuration template, skip to Configuring AWS Service Catalog.
For each AWS account, the Connector for ServiceNow requires two users:
-
AWS Sync User: A user to sync AWS resources (such as portfolios, products, automation documents (runbook), Ops Items, Incident Manager incidents, change templates and requests, configuration items, and security Findings), sync AWS support cases, and AWS Health events and resources to ServiceNow .
-
AWS End User: A user who can provision products as an end user, execute requests, and view resources that ServiceNow exposes. This role includes any required roles to provision and execute.
Note
To align with best practices, AWS recommends periodically rotating IAM user access keys. For more information, refer to Manage IAM user access keys properly.
