AWS Cloud Operations & Migrations Blog

Create ServiceNow Incidents for Amazon CloudWatch Alarms using AWS Service Management Connector for ServiceNow

Many customers use ServiceNow for Incident Management, and have asked how they can create ServiceNow incidents when CloudWatch alarms are triggered in their AWS environment. The AWS post Learn how to leverage Amazon CloudWatch alarms to create an incident in ServiceNow explains how to leverage Amazon Simple Notification Service (Amazon SNS) topics to send messages to ServiceNow and open an incident when a CloudWatch alarm is triggered.

Amazon CloudWatch is a monitoring and observability service. You can create CloudWatch alarms that watch CloudWatch metrics, and you can configure actions such as notification or AWS Systems Manager action when a CloudWatch alarm is triggered.

ServiceNow is an enterprise service management platform that places a service-oriented lens on the activities, tasks, and processes that enable day-to-day work life and a modern work environment. AWS Service Management Connector for ServiceNow enables ServiceNow end users to provision, manage, and operate AWS resources natively through ServiceNow.

This post demonstrates how to leverage AWS Service Management Connector for ServiceNow to create ServiceNow incidents when CloudWatch alarms are triggered.


The following prerequisites are needed to follow along with this post:

  1. ServiceNow instance
  2. AWS Account with AWS Identity and Access Management (IAM) access

Configure AWS

  1. Create IAM users SCEndUser and SCSyncUser using AWS CloudFormation. Download this CloudFormation template to create SCEndUser and SCSyncUser users with required privileges.

Note that for this post, I’ve granted limited permissions to SCEndUser and SCSyncUser as required to create incidents from CloudWatch alarms. If you intend to use AWS Service Management Connector for ServiceNow for additional use-cases such as Service Configuration Management, Change Enablement etc., then you can grant additional permissions to IAM users SCEndUser and SCSyncUser as mentioned in the AWS Documentation.

  1. Enable OpsCenter in the Systems Manager console as shown in the following:
Under the AWS Systems Manager console, select OpsCenter on the left under Operations Management to enable OpsCenter.

Figure 1: AWS Systems Manager console OpsCenter setup

  1. Next, we’ll create a CloudWatch alarm and configure Systems Manager action for the alarm to create OpsItem when the CloudWatch alarm is triggered.
    1. 1 For this post, I have created an Amazon Elastic Compute Cloud (Amazon EC2) instance, and we’ll use the CPU Utilization metric for this instance to create a CloudWatch alarm. The same approach can be used for any other CloudWatch metric.
    1. 2 Go to CloudWatch console, select Alarms, and select Create alarm.
    The CloudWatch console Alarms page displays an option to create a new alarm. Currently, no alarms are present.

    Figure 2: CloudWatch console, alarms page.


    1. 3 Select Select metric and select the metric for which you would like to create the CloudWatch alarm.
    The Create CloudWatch alarm – Specify metric and conditions page shows an option to select metric for the alarm.

    Figure 3: Create alarm – select metric

    In my case, I selected the CPU Utilization metric for the EC2 instance created in the earlier step.

    The Create CloudWatch alarm - Specify metric and conditions page displays a Metric name field set to CPUUtilization and an InstanceId field where instance id of my EC2 instance is entered. This screen also displays default values for Statistic and Period fields.

    Figure 4: Create alarm – Specify metric and conditions

    1. 4 Under Conditions, define the threshold value for the CloudWatch alarm. Here, I have provided threshold value of 90, so that the alarm should trigger when the CPU utilization exceeds 90%. Select Next.
    The Create CloudWatch alarm – Conditions section displays a Threshold type field set to Static, a Whenever CPUUtilization is… field set to Greater, and a than… field where 90 is entered.

    Figure 5: Create alarm – Conditions

    1. 5 Under Configure actions, select Add Systems Manager action.
    The Create CloudWatch alarm – Configure actions page shows options such as Notification, Auto Scaling action, EC2 action, Ticket action and Systems Manager action to configure actions for the alarm.

    Figure 6: Create alarm – Configure actions

    1. 6 Select Create OpsItem under Systems Manager action and select the Severity for the OpsItem. Select Next to provide alarm name and Create alarm
    The Systems Manager action window displays a Create OpsItem option is selected and severity of OpsItem selected as 3 - Medium. The categoty of OpsItem is not defined on this page.

    Figure 7: Create alarm – Systems Manager action

    Configure ServiceNow

    1. Create a developer ServiceNow instance or use your own ServiceNow instance. I have used a free ServiceNow Developer instance admin login for this post.
    2. Configure core ServiceNow components as per the instructions in AWS Documentation. This includes installing the ServiceNow Connector scoped application, configuring AWS accounts to synchronize in the Connector, validating connectivity to the AWS account, and manually synchronizing scheduled jobs.
    3. Configure AWS Systems Manager OpsCenter integration in ServiceNow: Enter OpsCenter in the navigator and choose AWS Systems Manager – OpsCenter. On this screen, you can select to create incidents when synchronizing OpsItems. For this post, I’ve selected to create incidents for all severity types. You can also update the Assignment Group for the created incidents on this screen, so that incidents are routed to the appropriate support teams.
    The ServiceNow console displays AWS Systems Manager – OpsCenter dashboard. The options to create incident is selected for new OpsItem with a severity 1, severity 2, severity 3 and severity 4.

    Figure 8: ServiceNow console – AWS Systems Manager OpsCenter settings

    Test the CloudWatch Alarm and ServiceNow integration

    To test this integration, we’ll trigger the CloudWatch alarm, which should create OpsItem in AWS Systems Manager, as well as an incident in ServiceNow.

    1. To manually trigger the CloudWatch alarm, I modified the threshold value to 0.01% CPU Utilization. You can adjust the threshold based on the metric that you selected and the current value of that metric.
    The Create CloudWatch alarm – Conditions section displays a Threshold type field set to Static, Whenever CPUUtilization is… field set to Greater, and a than… field where 0.01 is entered.

    Figure 9: CloudWatch console – edit alarm threshold

    1. As expected, an OpsItem is created in the System Manager console for the CloudWatch alarm.
    AWS Systems Manager OpsCenter console displays one open OpsItem and one total OpsItem.

    Figure 10: AWS Systems Manager OpsCenter page

    1. We also have an incident created in ServiceNow for the OpsItem/CloudWatch alarm.
    The ServiceNow Incident console shows an incident for the AWS Systems Manager OpsItem. The screen also shows other additional details for the incident such as short description, description and state.

    Figure 11: ServiceNow incident management console

    1. Once resolved the incident in ServiceNow, the opsitem was marked resolved in the System Manager console as well.

    Cleaning up

    To avoid incurring future charges, delete the resources that you have created by following these steps:

    Delete CloudFormation stack
    Delete CloudWatch Alarm
    Release ServiceNow Personal Developer Instance


    This post demonstrates a way to integrate ServiceNow with CloudWatch by creating an incident in ServiceNow whenever a CloudWatch alarm is triggered in AWS. This principle can be extended to additional CloudWatch metrics as mentioned earlier, or Amazon EventBridge events. When an alarm reaches the alarm state or an Amazon EventBridge event is processed, you can configure to create an OpsItem in OpsCenter, as well as a ServiceNow incident by leveraging AWS Service Management Connector for ServiceNow.

    About the author:

    Hiren Patel

    Hiren Patel is a Cloud Infrastructure Architect for AWS Professional Services. He primarily works with Global Financial Services customers and helps them on their journey to AWS. In his free time, Hiren enjoys outdoor activities, hiking and staying active.