Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • IT Operations Management
Table of Contents
Choose your release version
    Home Orlando IT Operations Management IT Operations Management ITOM Visibility Discovery Cloud Discovery Amazon AWS Cloud Discovery

    Amazon AWS Cloud Discovery

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    Amazon AWS Cloud Discovery

    Use Cloud Discovery to discover virtual resources in your AWS organizations (master accounts) and sub-accounts.

    AWS master accounts for AWS Organizations

    An AWS organization is a collection of AWS accounts under a single account. Cloud Discovery refers to AWS Organizations in the wizard as master accounts. The member accounts that belong to a master account are called sub-accounts.

    Note: Cloud Discovery for AWS Organizations is not fully supported in a GovCloud isolated region.
    The advantages of using master accounts are:
    Easy population of sub-accounts
    After you configure the master account and supply the necessary credentials, you can test the connection to the account. If the test succeeds, Discovery returns a list of the member accounts in that master account. From this list, you can choose one or more sub-accounts to include in the Discovery of the master account.
    Discovery of sub-account resources using dynamically acquired credentials

    When you run Discovery on your cloud resources, you do not need separate credentials for each sub-account. The Cloud Discovery process handles credentials automatically by acquiring a temporary credential for each sub-account via an AWS API. You can elect to use the default configuration or customize the MID Server to assume other roles for additional controls and security.

    AWS Credentials

    To discover a single account, create an IAM account in AWS console, and ensure it has "ReadOnlyAccess" policy applied. If you would like to discover a number of member/child accounts you do not need to configure separate credentials for accounts that are member accounts. You can configure IAM roles in an IAM Instance Profile to receive temporary credentials to your master account without requiring credentials in the instance. To receive temporary AWS credentials for one or more member accounts, you can assume an AWS member role. If a service account is a member account, the Discovery process automatically generates a temporary credential for the account through AWS.

    Note: To discover AWS resources, ensure that the configured credential in the AWS console, has the "ReadOnlyAccess" policy applied.
    Table 1. AWS Credentials form
    Field Input value
    Name A unique and descriptive name for the AWS credentials.
    Active Option to use the credential.
    Access Key ID The Access Key ID that you generated on the AWS Management Console. For example, APIAIOSFODNN7EXAMPLE.
    Secret Access Key The Secret Access key that you generated on the AWS Management Console, for example, wPalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY.

    How Discovery finds AWS resources

    Discovery uses the Cloud API (CAPI) and patterns to find cloud resources.

    Table 2. Default patterns
    Pattern Description
    Amazon AWS Elastic Load Balancer Service Retrieves AWS load balancers and populates the Load Balancer Services [cmdb_ci_lb_service] table. Application load balancers, network load balancers, and classic load balancers are supported.
    Amazon AWS Relational Database Service Retrieves RDS instances and populates the Cloud Database [cmdb_ci_cloud_database] table.
    Amazon AWS Route53 HD Resolves DNS names and aliases for the AWS cloud.
    Note: Amazon Route 53 is supported.

    Prerequisites

    Amazon AWS LDC discovery
    Discovery uses the Amazon AWS Logical Datacenter (LDC) discovery pattern to run horizontal discovery. The pattern requires these prerequisites:
    • On the Now Platform, configure AWS credentials, using a secret key and an access key.
    • Create a service account. Set the Account ID to the Amazon account ID to which RDS belongs. Use the Account ID as it appears in the AWS Management Console.
    • Set read-only permissions for the following REST API:
      • https://ec2.amazonaws.com/?Action=DescribeRegions&Version=2016-11-15
    • For Cloud Discovery, download the Discovery and Service Mapping pattern from the ServiceNow Store.
    • When installing the MID Server, ensure that the host machine meets or exceeds the MID Server system requirements published on the ServiceNow documentation site.
    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store.

    Data collected for AWS Cloud Discovery

    Table 3. AWS Datacenter [cmdb_ci_aws_datacenter]
    Label Field Name
    Name name
    Region region
    Object ID object_id

    Table 4. Availability Zone [cmdb_ci_availability_zone]
    Label Field Name
    Name name

    Table 5. Virtual Machine Instance [cmdb_ci_vm_instance]
    Label Field Name
    Name name
    State state
    Object ID object_id
    CPUs cpus
    Disks disks
    Disks size (GB) disks_size
    Memory memory
    Network adapters nics
    VM Instance ID vm_inst_id

    Table 6. Compute Security Groups [cmdb_ci_compute_security_group]
    Label Field Name
    Name name
    Object ID object_id
    State state

    Table 7. Images [cmdb_ci_os_template]
    Label Field Name
    Name name
    Object ID object_id
    Guest OS guest_os
    Root device type root_device_type
    Image source image_source
    Image type image_type

    Table 8. Hardware Type [cmdb_ci_compute_template]
    Label Field Name
    Name name
    vCPUs vcpus
    Memory MB memory_mb
    Local Storage GB local_storage_gb

    Table 9. Storage Volume [cmdb_ci_storage_volume]
    Label Field Name
    Name name
    State state
    Object ID object_id
    Storage type storage_type
    Size size

    Table 10. Cloud Networks [cmdb_ci_network] and VMware vCenter Network [cmdb_ci_vcenter_network]
    Label Field Name
    Name name
    State* state
    CIDR* cidr
    *Not found on VMware vCenter networks.

    Table 11. Cloud Subnets [cmdb_ci_cloud_subnet]
    Label Field Name
    Name name
    Status status
    CIDR cidr

    Table 12. Cloud Management Network Interfaces [cmdb_ci_nic]
    Label Field Name
    Name name
    Netmask netmask
    MAC Address mac_address
    MAC Manufacturer mac_manufacturer
    Status install_status

    Table 13. Cloud Load Balancers [cmdb_ci_cloud_load_balancer]
    Label Field Name
    Name name
    Object ID object_id
    State state
    Table 14. Resource Groups [cmdb_ci_resource_group]
    Label Field Name
    Name name
    Object ID object_id
    State state

    Table 15. Public IP Addresses [cmdb_ci_cloud_public_ipaddress]
    Label Field Name
    Name name
    Object ID object_id
    Public IP address public_ip_address
    Public DNS public_dns

    Table 16. Storage Accounts [cmdb_ci_cloud_storage_account]
    Label Field Name
    Name name
    Object ID object_id
    Sku Name sku_name
    State state

    Table 17. DNS Alias [cmdb_ci_dns_alias] and DNS name [cmdb_ci_dns_name]
    Label Field name
    DNS Alias [cmdb_ci_dns_alias]
    Name name
    Category category
    Status status
    DNS name [cmdb_ci_dns_name]
    Name name
    IP address ip_address
    Table 18. Cloud Databases [cmdb_ci_cloud_database]
    Label Field Name Description
    Name name The name of the database that you created in AWS.
    Object ID object_id This is also the name of the database.
    Type Type The type of database you created.
    Fully qualified domain name fqdn The FQDN that AWS assigned to your database. An example format for AWS is as follows:

    database-name.{random-number}.{datacenter}.rds.amazonaws.com

    State state The state of the database: whether it is Available or Terminated.
    TCP port(s) tcp_port The TCP port that the database communicates through.
    Category category The instance class of the database, for example: db.t2.micro.
    Table 19. Cloud WebServer [cmdb_ci_cloud_webserver]
    Label Field Name
    Name name
    Install status install_status
    Vendor vendor
    Fully qualified domain name fqdn
    Operational status operational_status
    State state

    Relationships between virtual machines, datacenters, and other CIs

    Class Relationship Class
    Virtual Machine Instance [cmdb_ci_vm_instance] Hosted on

    AWS Datacenter [cmdb_ci_aws_datacenter]

    vCenter Datacenter [cmdb_ci_vcenter_datacenter]

    Note: These tables extend Logical Datacenter [cmdb_ci_logical_datacenter]. The relationship between the VM and the specific type of datacenter is through the Logical Datacenter table.
    Virtualizes Computer [cmdb_ci_computer]
    Note: This is a virtual machine. The Is virtual field is true.

    Logical Datacenter [cmdb_ci_logical_datacenter]

    Contains Resource Group [cmdb_ci_resource_group]
    Hosts Public IP Address [cmdb_ci_cloud_public_ip_address]
    Hosted on Cloud Service Account [cmdb_ci_cloud_service_account]
    Hosts Storage Account [cmdb_ci_cloud_storage_account]
    Contains Availability Zone [cmdb_ci_availability_zone]
    Contains Host Cluster [cmdb_ci_host_cluster]
    Hosts OS Template [cmdb_ci_os_template]
    Hosts Compute Template [cmdb_ci_compute_template]
    Hosted on Cloud Management Network Interfaces [cmdb_ci_nic]
    Cloud DataBase [cmdb_ci_cloud_database] Owns IP Address [cmdb_ci_ip_address]
    Hosted on AWS Datacenter [cmdb_ci_aws_datacenter]
    Hosted on Cloud Service Account [cmdb_ci_cloud_service_account]

    AWS Config service

    If you configured the AWS Config service, the instance can receive notifications when changes to cloud resources occur. Discovery can then take action and make updates.

    The instance can detect an AWS config notification with message type ConfigurationItemChangeNotification for these resource types:
    • AWS::EC2::Instance
    • AWS::EC2::VPC
    • AWS::EC2::Subnet
    • AWS::EC2::Volume

    Discovery can then make updates to records in the Response Mappings [sn_cmp_response_mapping] table that have Cloud Event in the Datasource field.

    Related concepts
    • Cloud Discovery Landing Page
    • Discovery Manager
    • Assume an AWS role for temporary Cloud Discovery credentials

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      Amazon AWS Cloud Discovery

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      Amazon AWS Cloud Discovery

      Use Cloud Discovery to discover virtual resources in your AWS organizations (master accounts) and sub-accounts.

      AWS master accounts for AWS Organizations

      An AWS organization is a collection of AWS accounts under a single account. Cloud Discovery refers to AWS Organizations in the wizard as master accounts. The member accounts that belong to a master account are called sub-accounts.

      Note: Cloud Discovery for AWS Organizations is not fully supported in a GovCloud isolated region.
      The advantages of using master accounts are:
      Easy population of sub-accounts
      After you configure the master account and supply the necessary credentials, you can test the connection to the account. If the test succeeds, Discovery returns a list of the member accounts in that master account. From this list, you can choose one or more sub-accounts to include in the Discovery of the master account.
      Discovery of sub-account resources using dynamically acquired credentials

      When you run Discovery on your cloud resources, you do not need separate credentials for each sub-account. The Cloud Discovery process handles credentials automatically by acquiring a temporary credential for each sub-account via an AWS API. You can elect to use the default configuration or customize the MID Server to assume other roles for additional controls and security.

      AWS Credentials

      To discover a single account, create an IAM account in AWS console, and ensure it has "ReadOnlyAccess" policy applied. If you would like to discover a number of member/child accounts you do not need to configure separate credentials for accounts that are member accounts. You can configure IAM roles in an IAM Instance Profile to receive temporary credentials to your master account without requiring credentials in the instance. To receive temporary AWS credentials for one or more member accounts, you can assume an AWS member role. If a service account is a member account, the Discovery process automatically generates a temporary credential for the account through AWS.

      Note: To discover AWS resources, ensure that the configured credential in the AWS console, has the "ReadOnlyAccess" policy applied.
      Table 1. AWS Credentials form
      Field Input value
      Name A unique and descriptive name for the AWS credentials.
      Active Option to use the credential.
      Access Key ID The Access Key ID that you generated on the AWS Management Console. For example, APIAIOSFODNN7EXAMPLE.
      Secret Access Key The Secret Access key that you generated on the AWS Management Console, for example, wPalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY.

      How Discovery finds AWS resources

      Discovery uses the Cloud API (CAPI) and patterns to find cloud resources.

      Table 2. Default patterns
      Pattern Description
      Amazon AWS Elastic Load Balancer Service Retrieves AWS load balancers and populates the Load Balancer Services [cmdb_ci_lb_service] table. Application load balancers, network load balancers, and classic load balancers are supported.
      Amazon AWS Relational Database Service Retrieves RDS instances and populates the Cloud Database [cmdb_ci_cloud_database] table.
      Amazon AWS Route53 HD Resolves DNS names and aliases for the AWS cloud.
      Note: Amazon Route 53 is supported.

      Prerequisites

      Amazon AWS LDC discovery
      Discovery uses the Amazon AWS Logical Datacenter (LDC) discovery pattern to run horizontal discovery. The pattern requires these prerequisites:
      • On the Now Platform, configure AWS credentials, using a secret key and an access key.
      • Create a service account. Set the Account ID to the Amazon account ID to which RDS belongs. Use the Account ID as it appears in the AWS Management Console.
      • Set read-only permissions for the following REST API:
        • https://ec2.amazonaws.com/?Action=DescribeRegions&Version=2016-11-15
      • For Cloud Discovery, download the Discovery and Service Mapping pattern from the ServiceNow Store.
      • When installing the MID Server, ensure that the host machine meets or exceeds the MID Server system requirements published on the ServiceNow documentation site.
      Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store.

      Data collected for AWS Cloud Discovery

      Table 3. AWS Datacenter [cmdb_ci_aws_datacenter]
      Label Field Name
      Name name
      Region region
      Object ID object_id

      Table 4. Availability Zone [cmdb_ci_availability_zone]
      Label Field Name
      Name name

      Table 5. Virtual Machine Instance [cmdb_ci_vm_instance]
      Label Field Name
      Name name
      State state
      Object ID object_id
      CPUs cpus
      Disks disks
      Disks size (GB) disks_size
      Memory memory
      Network adapters nics
      VM Instance ID vm_inst_id

      Table 6. Compute Security Groups [cmdb_ci_compute_security_group]
      Label Field Name
      Name name
      Object ID object_id
      State state

      Table 7. Images [cmdb_ci_os_template]
      Label Field Name
      Name name
      Object ID object_id
      Guest OS guest_os
      Root device type root_device_type
      Image source image_source
      Image type image_type

      Table 8. Hardware Type [cmdb_ci_compute_template]
      Label Field Name
      Name name
      vCPUs vcpus
      Memory MB memory_mb
      Local Storage GB local_storage_gb

      Table 9. Storage Volume [cmdb_ci_storage_volume]
      Label Field Name
      Name name
      State state
      Object ID object_id
      Storage type storage_type
      Size size

      Table 10. Cloud Networks [cmdb_ci_network] and VMware vCenter Network [cmdb_ci_vcenter_network]
      Label Field Name
      Name name
      State* state
      CIDR* cidr
      *Not found on VMware vCenter networks.

      Table 11. Cloud Subnets [cmdb_ci_cloud_subnet]
      Label Field Name
      Name name
      Status status
      CIDR cidr

      Table 12. Cloud Management Network Interfaces [cmdb_ci_nic]
      Label Field Name
      Name name
      Netmask netmask
      MAC Address mac_address
      MAC Manufacturer mac_manufacturer
      Status install_status

      Table 13. Cloud Load Balancers [cmdb_ci_cloud_load_balancer]
      Label Field Name
      Name name
      Object ID object_id
      State state
      Table 14. Resource Groups [cmdb_ci_resource_group]
      Label Field Name
      Name name
      Object ID object_id
      State state

      Table 15. Public IP Addresses [cmdb_ci_cloud_public_ipaddress]
      Label Field Name
      Name name
      Object ID object_id
      Public IP address public_ip_address
      Public DNS public_dns

      Table 16. Storage Accounts [cmdb_ci_cloud_storage_account]
      Label Field Name
      Name name
      Object ID object_id
      Sku Name sku_name
      State state

      Table 17. DNS Alias [cmdb_ci_dns_alias] and DNS name [cmdb_ci_dns_name]
      Label Field name
      DNS Alias [cmdb_ci_dns_alias]
      Name name
      Category category
      Status status
      DNS name [cmdb_ci_dns_name]
      Name name
      IP address ip_address
      Table 18. Cloud Databases [cmdb_ci_cloud_database]
      Label Field Name Description
      Name name The name of the database that you created in AWS.
      Object ID object_id This is also the name of the database.
      Type Type The type of database you created.
      Fully qualified domain name fqdn The FQDN that AWS assigned to your database. An example format for AWS is as follows:

      database-name.{random-number}.{datacenter}.rds.amazonaws.com

      State state The state of the database: whether it is Available or Terminated.
      TCP port(s) tcp_port The TCP port that the database communicates through.
      Category category The instance class of the database, for example: db.t2.micro.
      Table 19. Cloud WebServer [cmdb_ci_cloud_webserver]
      Label Field Name
      Name name
      Install status install_status
      Vendor vendor
      Fully qualified domain name fqdn
      Operational status operational_status
      State state

      Relationships between virtual machines, datacenters, and other CIs

      Class Relationship Class
      Virtual Machine Instance [cmdb_ci_vm_instance] Hosted on

      AWS Datacenter [cmdb_ci_aws_datacenter]

      vCenter Datacenter [cmdb_ci_vcenter_datacenter]

      Note: These tables extend Logical Datacenter [cmdb_ci_logical_datacenter]. The relationship between the VM and the specific type of datacenter is through the Logical Datacenter table.
      Virtualizes Computer [cmdb_ci_computer]
      Note: This is a virtual machine. The Is virtual field is true.

      Logical Datacenter [cmdb_ci_logical_datacenter]

      Contains Resource Group [cmdb_ci_resource_group]
      Hosts Public IP Address [cmdb_ci_cloud_public_ip_address]
      Hosted on Cloud Service Account [cmdb_ci_cloud_service_account]
      Hosts Storage Account [cmdb_ci_cloud_storage_account]
      Contains Availability Zone [cmdb_ci_availability_zone]
      Contains Host Cluster [cmdb_ci_host_cluster]
      Hosts OS Template [cmdb_ci_os_template]
      Hosts Compute Template [cmdb_ci_compute_template]
      Hosted on Cloud Management Network Interfaces [cmdb_ci_nic]
      Cloud DataBase [cmdb_ci_cloud_database] Owns IP Address [cmdb_ci_ip_address]
      Hosted on AWS Datacenter [cmdb_ci_aws_datacenter]
      Hosted on Cloud Service Account [cmdb_ci_cloud_service_account]

      AWS Config service

      If you configured the AWS Config service, the instance can receive notifications when changes to cloud resources occur. Discovery can then take action and make updates.

      The instance can detect an AWS config notification with message type ConfigurationItemChangeNotification for these resource types:
      • AWS::EC2::Instance
      • AWS::EC2::VPC
      • AWS::EC2::Subnet
      • AWS::EC2::Volume

      Discovery can then make updates to records in the Response Mappings [sn_cmp_response_mapping] table that have Cloud Event in the Datasource field.

      Related concepts
      • Cloud Discovery Landing Page
      • Discovery Manager
      • Assume an AWS role for temporary Cloud Discovery credentials

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login