Create ServiceNow Incidents for Amazon CloudWatch Alarms using AWS Service Management Connector for ServiceNow
Many customers use ServiceNow for Incident Management, and have asked how they can create ServiceNow incidents when CloudWatch alarms are triggered in their AWS environment. The AWS post Learn how to leverage Amazon CloudWatch alarms to create an incident in ServiceNow explains how to leverage Amazon Simple Notification Service (Amazon SNS) topics to send messages to ServiceNow and open an incident when a CloudWatch alarm is triggered.
Amazon CloudWatch is a monitoring and observability service. You can create CloudWatch alarms that watch CloudWatch metrics, and you can configure actions such as notification or AWS Systems Manager action when a CloudWatch alarm is triggered.
ServiceNow is an enterprise service management platform that places a service-oriented lens on the activities, tasks, and processes that enable day-to-day work life and a modern work environment. AWS Service Management Connector for ServiceNow enables ServiceNow end users to provision, manage, and operate AWS resources natively through ServiceNow.
This post demonstrates how to leverage AWS Service Management Connector for ServiceNow to create ServiceNow incidents when CloudWatch alarms are triggered.
The following prerequisites are needed to follow along with this post:
- ServiceNow instance
- AWS Account with AWS Identity and Access Management (IAM) access
- Create IAM users SCEndUser and SCSyncUser using AWS CloudFormation. Download this CloudFormation template to create SCEndUser and SCSyncUser users with required privileges.
Note that for this post, I’ve granted limited permissions to SCEndUser and SCSyncUser as required to create incidents from CloudWatch alarms. If you intend to use AWS Service Management Connector for ServiceNow for additional use-cases such as Service Configuration Management, Change Enablement etc., then you can grant additional permissions to IAM users SCEndUser and SCSyncUser as mentioned in the AWS Documentation.
- Enable OpsCenter in the Systems Manager console as shown in the following:
- Next, we’ll create a CloudWatch alarm and configure Systems Manager action for the alarm to create OpsItem when the CloudWatch alarm is triggered.
- 1 For this post, I have created an Amazon Elastic Compute Cloud (Amazon EC2) instance, and we’ll use the CPU Utilization metric for this instance to create a CloudWatch alarm. The same approach can be used for any other CloudWatch metric.
- 2 Go to CloudWatch console, select Alarms, and select Create alarm.
- 3 Select Select metric and select the metric for which you would like to create the CloudWatch alarm.
In my case, I selected the CPU Utilization metric for the EC2 instance created in the earlier step.
- 4 Under Conditions, define the threshold value for the CloudWatch alarm. Here, I have provided threshold value of 90, so that the alarm should trigger when the CPU utilization exceeds 90%. Select Next.
- 5 Under Configure actions, select Add Systems Manager action.
- 6 Select Create OpsItem under Systems Manager action and select the Severity for the OpsItem. Select Next to provide alarm name and Create alarm
- Create a developer ServiceNow instance or use your own ServiceNow instance. I have used a free ServiceNow Developer instance admin login for this post.
- Configure core ServiceNow components as per the instructions in AWS Documentation. This includes installing the ServiceNow Connector scoped application, configuring AWS accounts to synchronize in the Connector, validating connectivity to the AWS account, and manually synchronizing scheduled jobs.
- Configure AWS Systems Manager OpsCenter integration in ServiceNow: Enter OpsCenter in the navigator and choose AWS Systems Manager – OpsCenter. On this screen, you can select to create incidents when synchronizing OpsItems. For this post, I’ve selected to create incidents for all severity types. You can also update the Assignment Group for the created incidents on this screen, so that incidents are routed to the appropriate support teams.
Test the CloudWatch Alarm and ServiceNow integration
To test this integration, we’ll trigger the CloudWatch alarm, which should create OpsItem in AWS Systems Manager, as well as an incident in ServiceNow.
- To manually trigger the CloudWatch alarm, I modified the threshold value to 0.01% CPU Utilization. You can adjust the threshold based on the metric that you selected and the current value of that metric.
- As expected, an OpsItem is created in the System Manager console for the CloudWatch alarm.
- We also have an incident created in ServiceNow for the OpsItem/CloudWatch alarm.
- Once resolved the incident in ServiceNow, the opsitem was marked resolved in the System Manager console as well.
To avoid incurring future charges, delete the resources that you have created by following these steps:
This post demonstrates a way to integrate ServiceNow with CloudWatch by creating an incident in ServiceNow whenever a CloudWatch alarm is triggered in AWS. This principle can be extended to additional CloudWatch metrics as mentioned earlier, or Amazon EventBridge events. When an alarm reaches the alarm state or an Amazon EventBridge event is processed, you can configure to create an OpsItem in OpsCenter, as well as a ServiceNow incident by leveraging AWS Service Management Connector for ServiceNow.
About the author: