External credential storage for AWS

You can store credentials used for AWS discovery and operation in an external credential repository, instead of directly in a credentials record on your ServiceNow instance. The instance maintains a unique identifier for each credential.

The MID Server obtains the credential identifier from the instance, and then uses a customer-provided JAR file to resolve the identifier from the repository into a usable credential. Currently, the instance supports the use of the CyberArk vault for external credential storage.

To start out, configure access to external credential storage for AWS and then configure AWS credentials on a CyberArk vault.

Note: When AWS credentials are configured on an external credential storage site, AWS billing download is not supported. To download billing data, credentials must be configured on an instance. AWS discovery, AWS EC2 life cycle operations, CloudFormation, and resource optimization download will work with external credential storage.