Configuring AWS - AWS Service Management Connector

Configuring AWS

AWS Systems Manager uses the service-linked role named AWSServiceRoleForAmazonSSM. AWS Systems Manager uses this IAM service role to manage AWS resources on your behalf. For more information, see Using service-linked roles for AWS Systems Manager.

To create a service-linked role for AWS Systems Manager

  1. Follow the instructions in Creating a service-linked role (console) to create the role.

  2. Choose AWS Service as Systems Manager and the use case as Systems Manager – Inventory and Maintenance Window.

  3. Review the details and be sure to attach AmazonSSMServiceRolePolicy. Then choose Create Role.

To create AutomationAssumeRole

  1. Follow the instructions in Creating an IAM role in your AWS account to create a role, ServiceNowChangeManagerRole.

  2. Add permissions for ServiceNowChangeManagerRole. Choose the use case as Systems Manager and choose AmazonSSMAutomationRole (AWS managed policy).

Note

The Connector for ServiceNow 4.5.0 - AWS Commercial Regions and Connector for ServiceNow 4.5.0 - AWS GovCloudRegions templates are available to create ServiceNowChangeManagerRole.

Note

ServiceNowChangeManagerRole contains the minimum baseline permissions to execute change templates that contain automation runbooks on EC2 instances. To invoke automation runbooks on other services, you need to attach additional policies. For more information, see Create a service role for Automation.

Creating an event data store

Note

Creating an event data store is optional.

To create AWS CloudTrail Lake, follow the instructions outlined in Create an event data store in your AWS account to create the event data store.