Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Cloud Management setup guide for Amazon Web Services (AWS)

Log in to subscribe to topics and get notified when content changes.

Cloud Management setup guide for Amazon Web Services (AWS)

To set up Cloud Management, perform the procedures in this setup guide. Be sure to perform the procedures in order.

Subscribe to Cloud Management and request plugin activation

The Cloud Management application is available as a separate subscription and requires the Cloud Management plugin (com.snc.cloud.mgmt). See Subscribe to Cloud Management and request plugin activation.

Roles required to set up Cloud Management

  • Operations in the AWS Management Console require the administrator role.
  • Operations in Cloud Management require the sn_cmp.cloud_admin role.

About terms that Cloud Management uses

Cloud providers often use proprietary names for account and credential settings. Because the Cloud Management application supports several cloud providers, Cloud Management uses general-purpose names for the settings (this documentation calls your attention to such names). In AWS, the region-specific containers for virtual resources are called regions. In Cloud Management, regions are called logical datacenters (LDCs or datacenters). All infrastructure or applications that are deployed using Cloud Management are associated with an LDC.

Quick overview of the setup process

Your setup process includes these tasks:
  • Assign appropriate roles to cloud users.
  • Set up the MID Servers that will handle secure communications with the provider API endpoints.
  • On the provider portal, collect your account settings and the credentials that the Discovery process will use (through a MID Server) to access your provider accounts. Securely save the account settings and credentials in Cloud Management.
  • Specify policies and update quotas for users and groups to constrain resource allocation, usage, and costs.
  • The AWS Config, Azure Alert, and VMware Events services integrate directly with Cloud Management. Configure the provider service to auto-update the CMDB whenever Cloud Management makes a configuration or create/modify/terminate life cycle change to a resource.
  • Cloud Management uses CMDB data to help users request and manage cloud resources and to help you manage your cloud environment. To populate the CMDB with resource data for all datacenters, you manually run the Discovery process. Then, to ensure that the data continues to be updated, you configure Discovery to run on a regular schedule.

What you will do to integrate Cloud Management with your AWS accounts

Detailed instructions for each procedure follow this overview.

1. Assign roles to AWS users in Cloud Management
You assign Cloud Management roles to user groups and to individual users based on user activity and responsibility.
2. Set up MID Servers to connect Cloud Management to an AWS account
To ensure secure and reliable communications, the Discovery process communicates with your cloud provider accounts and cloud resources through one or more MID Servers. You can set up the MID Servers on your network or in one of your cloud networks.You can configure the MID Server for Cloud Management to use a proxy server. Using a proxy server supports all cloud-based activities such as running Discovery, billing downloads, provisioning virtual machines, and running life-cycle operations on virtual machines.
Note: Data is encrypted to the MID Server and from the MID Server to the API endpoint. To ensure high performance and security, you should configure one or more MID Servers for each LDC under management. Configure the MID Servers even if you have already configured other MID Servers while setting up Cloud Management for another cloud provider.
3. Create the credentials that enable Cloud Management to access your AWS data
To securely access resource and billing data on your Amazon account, the Discovery process must present appropriate AWS user credentials. To make the credentials available to Discovery, you first create a programmatic user in the AWS Management Console and then securely store the credentials in your instance.
4. Create AWS GovCloud (US) credentials for Cloud Management
Note: Skip this procedure if your organization does not use AWS GovCloud (US).
An AWS GovCloud (US) region is an isolated AWS region that meets stringent US government security and compliance requirements to host sensitive workloads. Cloud Management supports all AWS GovCloud (US) services.
5. Create a cloud service account for AWS GovCloud (US)
Note: Skip this procedure if your organization does not use AWS GovCloud (US).
If your organization uses AWS GovCloud (US) regions, you create a cloud service account for each region.
6. Create a cloud service account for AWS
A cloud service account holds the credential and account information that you created in your provider account. Discovery uses the information to access your provider account to obtain information on each logical datacenter (LDC) that is associated with the account.
7. Run Discovery on an AWS cloud service account
Discovery uses the information in the cloud service account to identify all logical datacenters (LDCs) associated with the provider account.
8. Set up Cloud Management cloud accounts for AWS
A Cloud Management cloud account is a logical representation in Cloud Management of your managed cloud infrastructure. You can associate a Cloud Management cloud account with one or more logical datacenters (LDCs) at one or more provider accounts — even including LDCs from disparate provider.
9. Set capacity limits on AWS cloud resources
Capacity limits place restrictions for a logical datacenter on the attributes of cloud resources such as the number of virtual machines, virtual CPUs, or aggregate storage. You can set limits on resources separately for each logical datacenter (LDC) in a Cloud Management cloud account.
10. Configure the Amazon AWS Config service to auto-update the CMDB
The AWS Config service can auto-update the CMDB whenever Cloud Management makes a life cycle state or configuration change to an Amazon resource. As a result, the CMDB updates without having to wait for Discovery to run.
11. Define the schedule for downloading AWS billing data
Define the scheduled job that regularly uses a MID Server to download billing data from the provider. Cloud Management saves the data in a cost table and uses the information to generate reports.

Next steps

When you have finished all procedures in this setup guide, see the Cloud Management administration guide for information on using Cloud Management in your organization.

Feedback