AWS Cloud Operations Blog

Create an approval workflow for AWS Service Catalog in ServiceNow

The AWS Service Catalog connector for ServiceNow allows AWS enterprise customers to securely provision compliant workloads using ServiceNow on AWS. A lot of customers ask me how to create an approval workflow in ServiceNow for deploying AWS products. For example, such a workflow might be needed if a data scientist wants to launch an Amazon EMR cluster or an Amazon RDS database and his/her manager needs to approve the usage in the data scientist’s cost center. You can also create a custom catalog of products from AWS Marketplace, and use ServiceNow to provision these products. In this blog post, I’ll show you how to modify your AWS Service Catalog connector for ServiceNow to include an approval step in ServiceNow before provisioning your products.

Background

AWS Service Catalog allows you to centrally manage commonly deployed AWS services and provisioned software products. It helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need.

In addition to provisioning AWS resources using the AWS Service Catalog Connector for ServiceNow, you can build additional solutions with other AWS services and ServiceNow to allow for incident management and other functionality.

Getting started

Follow the AWS Service Catalog connector for ServiceNow blog post for the initial setup in your AWS account. After setting up the AWS Service Catalog connector for ServiceNow, you can create baseline service catalog products by leveraging one of the AWS Service Catalog reference architectures.

Finally, you can create an approval workflow by following these steps:

Grant workflow administration permissions to your administrator

  1. Go to the ServiceNow navigation pane, select Users and Groups and then choose Users.
  2. Search for the user that you are logged in as, and add the role of workflow_admin to that user. This will allow you to edit a workflow, which is required in the next step.

grant workflow permissions servicenow

Modify the Service Catalog connector workflow

The AWS Service Catalog scoped application comes with three workflows:

  • AWS Service Catalog – Provision Product Request
  • AWS Service Catalog – Execute Provisioned Product Action
  • AWS Service Catalog Approve Change Request

We will modify the AWS Service Catalog- Provision Product Request workflow in this section.

  1. In the ServiceNow console, navigate to the Workflow and then the Workflow Editor. Open the AWS Service Catalog–Provision Product Request workflow.

AWS Service Catalog- Provision Product Request workflow

 

 

  1. Delete the Approval Action box in the workflow by right-clicking the Approval Action box and selecting delete.
  1. Navigate to the Core tab in the Workflow Editor, and choose Core Activities, Approvals, and then Approval-Group or Approval-User. In this example, I have selected Approval-Group.

select Approval Group ServiceNow AWS Service Catalog

  1. For Stage, enter Waiting for Approval, and select approvers in the approver box.

select approvers ServiceNow AWS Service Catalog

  1. Choose Submit, which will place the dialog box on the workflow.
  1. Navigate to the Core tab again, and select Core Activities, Notifications, and then Notification.

select notifications ServiceNow AWS Service Catalog

  1. For Stage, enter Completed, and add the notification receivers in the Addressee(s) tab. Choose Submit.

choose submit ServiceNow AWS Service Catalog

  1. Connect the Approved condition in the Approval Action box to Run Script (Request provisioning), and the Rejected condition to the Notification dialog box that you created. The workflow should look like the following diagram:

workflow diagram ServiceNow AWS Service Catalog

Publish the modified workflow

Before you publish the edited workflow, make sure that there are no errors by choosing the validate button at the top right of the workflow. If there are no errors, choose Workflow Actions, and then choose Publish to publish the edited workflow. Now, you will start receiving approval requests for all the AWS Service Catalog product requests in ServiceNow.

choose publish ServiceNow AWS Service Catalog

Test the approval workflow

Finally, you can test the approval workflow by ordering a product from the AWS Service Catalog portfolio in ServiceNow.

  1. In the following screenshot, an end user orders the product Amazon Elastic Compute Cloud (EC2) Linux, and request REQ0010021 is created.

request REQ0010021 is created ServiceNow AWS Service Catalog

request REQ0010021 is created ServiceNow AWS Service Catalog 1.png

  1. Administrator receives the approval request for RITM0010021, as shown in the following screenshot:

approval request for RITM0010021 ServiceNow AWS Service Catalog

  1. In the next screenshot, the administrator approves the request RITM0010021, and the product is provisioned successfully.

admin approves RITM0010021 ServiceNow AWS Service Catalog

Conclusion

You have successfully completed the creation of an approval workflow for the AWS Service Catalog Connector for ServiceNow. You can now assign approvers to control the provisioning of AWS Service Catalog products from ServiceNow. For questions on the AWS Service Catalog Connector for ServiceNow installation, email aws-sc-servicenow-issues@amazon.com.

About the author

Sagar KhasnisSagar Khasnis is a Partner Solutions Architect focusing on AWS Marketplace and Service Catalog. He is passionate about building innovative solutions using AWS services to help customers achieve their business objectives.