AWS Cloud Operations Blog
How Organon used AWS Service Management Connector to provision AWS resources from Service Now across multiple AWS accounts.
Organon has been exploring Amazon Web Services (AWS) to provide a simple, efficient way to their end users to easily provision cloud infrastructure across multiple accounts and regions. Additionally, they needed to ensure security, management, governance and compliance on the AWS services to follow GxP regulations.
Organon uses ServiceNow as the enterprise IT Service Management platform for end-user provisioning and they wanted to have capabilities for its users to provision AWS resources from ServiceNow Service Catalog. They also want to extend the provisioning capabilities for other AWS services that are in scope.
How Organon made it work–Solution Overview
Organon engaged AWS Professional Services to build AWS Service Catalog products and portfolios that can create, organize, and govern a curated catalog of AWS services. With different permissions levels separated from requestors, we can share the product catalog with end users to quickly provision pre-approved resources without needing direct access to the underlying AWS services. AWS Service Catalog can further integrate with AWS Service Management Connector that enables end users to provision AWS resources from ServiceNow. The plugin is available at no charge in the ServiceNow store and the integration is available in all AWS regions where AWS Service Catalog is available.
Organon’s cloud management team identified the most frequently used AWS services by its end users for their application management. AWS Professional Services is tasked to build in Golden templates for the identified AWS services.
We built golden templates using AWS CloudFormation for services in scope and include specific security and regulatory compliance requirements. AWS Service Catalog Framework Factory converts each golden template to products in AWS Service Catalog. AWS Service Catalog Framework Puppet then shares the products from the central account to multiple accounts/regions. We also built AWS Config & RAPIDQ custom solution for monitoring and alerting security findings. This implementation approach for AWS Service Catalog enables Organon to scale and centrally manage catalog of AWS services.
As a result, the AWS Service Management Connector powered by AWS Service Catalog is now configured in Organon’s ServiceNow instance. It periodically synchronizes available AWS Service Catalog products in AWS accounts to ServiceNow Service Catalog.
ServiceNow administrators then provide secured and governed AWS Service Catalog products and portfolios to applicable end users. AWS Service Management Connector provides Organon’s end users self-service mechanisms to browse and request vetted AWS services that can track the lifecycle of provisioned resources from their familiar ITSM platform ServiceNow. It also enables them to take post provisioning actions that can update or terminate the provisioned products.
Summary
Organon now offers an automated self-service solution to end users to provision pre-approved products in authorized accounts from ServiceNow, while maintaining the products configuration templates in central account. It also enhances security and creates a repeatable foundation in the future using AWS Service Catalog and AWS Service Management Connector.
Centralized cloud management teams can use this approach to curate the battle-tested, repeatable, predictable and best-practices based software-infrastructure blueprints, and offer those enterprise-wide for easy, self-service adoption as Service Catalog products.
We have built this in collaboration with Organon team, as they design and build AWS solutions in their cloud adoption journey.
About the authors: