AWS Cloud Operations Blog

Learn how to leverage Amazon CloudWatch alarms to create an incident in ServiceNow

This was blog was authored by Itai Njanji and third party collaborators:

A special thanks to

Grant Hulbert  a Sr. Technology Alliance Architect for ServiceNow, who co-authored this blog

Ben Yukich a Field CTO for ITOM at ServiceNow, who wrote the ServiceNow source code for this integration

(Note: This post was updated September 22, 2020)

Introduction

Customers want to leverage Amazon CloudWatch and ServiceNow together to receive notification of important events and to quickly orchestrate a remediation.

Amazon CloudWatch is a monitoring and management service that enables you to monitor your applications, understand and respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health.

ServiceNow routes incidents to the right people in your organization who need to take action when something meaningful happens in your AWS environment.

This post demonstrates how to integrate Amazon SNS topics to send messages to ServiceNow, open an incident when a CloudWatch alarm is triggered, and test your configuration with a sample CloudWatch alarm.

Configure ServiceNow

We will use a free ServiceNow developer instance to do our work. If you already have one, feel free to use your own.

    1.  Log in to https://developers.service-now.com, and request a developer instance https://developer.servicenow.com/app.do#!/instance.
    2.  Log in to the developer instance as administrator, and make sure to remember your login credentials (these will be used later when configuring SNS topic subscription URLs).
    3. Navigate to System Applications -> Studio, and choose [Import From Source Control].
    4. First, clone this repository: https://github.com/byukich/x_snc_aws_sns  into your own GitHub account as a private repo. Go to Profile ->Your Own Repositories ->New ->Click link to import repository. In ServiceNow, import this newly created repo by entering the URL of your repository  and enter User Name and Password fields of your repository, and Click Import
    5. Close the Studio browser tab. You won’t be needing it any more.
    6. Refresh your ServiceNow browser tab, and navigate to “SNS”. Notice that there are three new navigation links on the left pane (AWS SNS in the below image refers to the app name and not to Amazon SNS)

Create an SNS topic and subscription

  1. Log in to the Amazon SNS console, in N Virginia, https://console.aws.amazon.com/sns/v2/home
  2.  Choose Topics on the left pane.
  3.  Choose Create new topic, give it a name and display name “ServiceNow.”
  4. Choose Create Topic.
  5. Choose the Amazon Resource Name (ARN) link for the topic you just created.
  6.  Choose Create Subscription.
  7. Choose HTTPS protocol.
  8. For Endpoint use the admin password that was given to you when you acquired the free ServiceNow developer instance and choose the following link: https://admin:<ServiceNow admin password>@<your developer instance>.service-now.com/api/x_snc_aws_sns/aws_sns
  9. Choose Create subscription.
  10. Note that your new subscription is “PendingConfirmation.”

Confirm SNS subscription on ServiceNow

Before SNS is allowed to send messages to ServiceNow, you must confirm the subscription on ServiceNow. At this point, AWS has already sent a handshake request, and it’s awaiting confirmation inside your ServiceNow instance.

  1.  On your ServiceNow browser tab, navigate to SNS -> Subscriptions, and notice that a new record has been created by AWS.
  2. Open the subscription by choosing ServiceNow, and then choosing Confirm Subscription
  3. Stay on this page, because you will need to create a handler next.

Now let’s do something meaningful whenever SNS sends an alarm. In this case, we want to open an incident when CloudWatch notifies you of a budget threshold being crossed. ServiceNow provides a script “Handler” that is invoked when SNS sends an alarm message. To configure a handler to create an incident, follow instructions below:

  1. At the bottom of the Subscription form, find the Handlers section.
  2. Choose New and type a name for the handler, such as “Create SNS Spending Alarm Incident.”
  3. Paste the following code at line 3 (just inside the function):
    var incident = new GlideRecord("incident");
    	incident.initialize();
    	incident.short_description = "SNS Alarm: "+message.AlarmName;
    	incident.description = "AWS Account ID: " + message.AWSAccountId + "\nRegion: " + message.Region + "\nDescription: " + message.NewStateReason;
    	incident.insert();
    

  4. Choose Submit to save the handler.

Test using CloudWatch

To test this integration, we’ll create a CloudWatch alarm, then it will be tripped to trigger an SNS message, which will create an incident in ServiceNow.

  1. Navigate to the CloudWatch console. Your alarm should be in the same Region as your SNS topic, N Virginia.
  2. Choose Create an Alarm and, under Browse metrics, select Billing.
  3. Select USD and choose Next:
  4. Complete your setup by filling the details as shown:
  5. To test your Alarm, go to the same modification page shown earlier, and change your threshold to something lower than your current spend. That will trigger your alarmFor example before trigger:Alarms->Select Alarm->Modify
  6. After refreshing the page, your alarm should be triggered.
  7. Navigate to ServiceNow and check whether an Incident was created.
  8. If you see an incident, then you have successfully integrated SNS and ServiceNow.

 

Conclusion
This blog demonstrates one way of integrating ServiceNow with CloudWatch, by creating an incident whenever AWS billing exceeds a threshold. The principle can be extended to any type of SNS topic that notifies ServiceNow whenever anything meaningful happens inside your AWS Cloud environment. For example, you can configure ServiceNow to provision AWS resources by leveraging the AWS Service Catalog Connector for ServiceNow and configure it such that any alarms from CloudWatch for newly created resources would create an incident in ServiceNow. Within ServiceNow’s SNS Handlers, you can create any type of ServiceNow record you like. It can kick off an automated workflow, or create Events/Alerts/Notifications,  update CMDB or even automatically orchestrate a remediation.

Important performance note

This example is meant for low-volume scenarios only, such as occasional billing alarms. It is not designed to handle full operational monitoring scale of processing and will very quickly consume all your API semaphores. ServiceNow offers fully-supported solutions for high-volume operational monitoring included with Event Management:

AWS Config with ServiceNow

CloudWatch Alarms with ServiceNow

CloudWatch Metrics with ServiceNow

About the Authors

Itai David Njanji is a Seattle based Sr. Consultant for AWS Professional Services. He leads the Operations Integrations practice on tooling strategy between AWS services and third-party tools such as ServiceNow. In his free time, Itai enjoys being outdoors and staying active.

A special thanks to

Grant Hulbert  a Sr. Technology Alliance Architect for ServiceNow, who co-authored this blog

Ben Yukich a Field CTO for ITOM at ServiceNow, who wrote the ServiceNow source code for this integration

Disclaimer

SeriviceNow content and opinions in this post are those of the third-party author and AWS is not responsible for the content or accuracy of this post.