AWS Management Tools Blog

How to install and configure the AWS Service Catalog Connector for ServiceNow

(Note: This post was updated May 22, 2019)

Introduction

To help customers integrate provisioning secure, compliant, and pre-approved AWS products into their ServiceNow service catalog/portal, AWS created the AWS Service Catalog Connector for ServiceNow.

AWS Service Catalog Connector for ServiceNow synchronizes AWS Service Catalog portfolios and products with the ServiceNow Service Catalog to enable ServiceNow users to request approved AWS products via ServiceNow.

Earlier this year, AWS introduced the Connector for ServiceNow. Key features of the latest Connector for ServiceNow version 2.0.2 release include the ability to:

  • Support for AWS CloudFormation StackSets, enabling launch of AWS Service Catalog products across multiple regions and accounts.
  • Support for AWS CloudFormation Change Sets, enabling a preview of resource changes from a launch or update.
  • Display of AWS Service Catalog portfolios (including correlated products) as sub-categories in the ServiceNow Service Catalog.

Version 2.0.2 also includes prior AWS Service Catalog Connector for ServiceNow features:

  • Support for AWS Service Catalog Self-Service Actions.
  • Ability for ServiceNow administrators to delete AWS Service Catalog products in ServiceNow.
  • Rendering of AWS Service Catalog products in the ServiceNow Portal page.
  • Multi-account support.
  • Request update in ServiceNow of an AWS Service Catalog provisioned product.
  • Validate AWS regions and identities used during synchronization of AWS and ServiceNow.
  • Synchronization of product details in the My Asset/CMDB view.
  • Storage of AWS Service Catalog provisioned product outputs in the ServiceNow CMDB.

In this blog post, I show you how to install, upgrade, and configure the AWS Service Catalog Connector for ServiceNow version 2.0.2. To download the latest installation instructions choose  the link here.

Background

AWS Service Catalog allows you to centrally manage commonly deployed AWS services and provisioned software products. It helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need.

ServiceNow is an enterprise service management platform that places a service‑oriented lens on the activities, tasks, and processes that make up day‑to‑day work life to enable a modern work environment. ServiceNow Service Catalog is a self-service application that end users can use to order IT services based on request fulfillment approvals and workflows.

Getting started

First you need to make sure that you have the necessary permissions in your AWS account and ServiceNow instance prior to installing the AWS Service Catalog Connector for ServiceNow.

Important Notes: This blog will use the phrase UPG-IN to indicate upgrade instructions for customers currently on earlier versions of the Connector for ServiceNow scoped application.

AWS prerequisites

To get started you need an AWS account to configure your AWS portfolios and products. Refer to Setting Up for AWS Service Catalog for more details.

For each AWS account, the Connector for ServiceNow also requires two AWS Identity and Access Management (IAM) users and two IAM roles:

  • An IAM user to sync AWS portfolios and products to ServiceNow Service Catalog items.
  • An IAM role configured as an AWS Service Catalog end user and assigned to each Service Catalog portfolio
  • An IAM end user to “assume” the previous end user role that has a baseline of permissions to provision AWS services in the ServiceNow Service Catalog. This ServiceNow end user will be linked to the end user role in AWS.
  • An IAM launch roleused to place baseline AWS service permissions into the AWS Service Catalog launch constraints. Configuring this role enables segregation of duty through provisioning product resources on behalf of the ServiceNow end user.

The Baseline Permissions documentation link details the initial permissions setup actions. The baseline permissions enable an end user to provision the following AWS services: Amazon Simple Storage Service (Amazon S3), and Amazon Elastic Compute Cloud (Amazon EC2). To allow end users to provision AWS service beyond the baseline permissions, you will need to include the additional AWS service permissions to the launch role. Note: To use an AWS CloudFormation template to set up the AWS configurations of the Connector for ServiceNow, choose this link Connector for ServiceNow-AWS Configuration. Special thanks to Kenneth Walsh and Brian Terry, AWS Solution Architects, who wrote the AWS Configuration template for Connector version 2.0.2.

ServiceNow prerequisites

In addition to the AWS account, you also need a ServiceNow instance to install the ServiceNow Connector scoped application. The initial installation should occur in either an enterprise sandbox or a ServiceNow Personal Developer Instance (PDI), depending on your organization’s technology governance requirements. The ServiceNow administrator needs the admin role to install the Connector for ServiceNow scoped application.

Configure AWS Service Catalog

Now that you have created two IAM users with baseline permissions in each account, the next step is to configure AWS Service Catalog. In this section you will configure Service Catalog to have a portfolio that includes an Amazon S3 bucket product. Please use the following Amazon S3 template link here: Creating an Amazon S3 Bucket for Website Hosting for your preliminary product. Copy and save the S3 template to your device.

AWS Service Catalog configuration consists of the following sets of steps:

    1.  Creating a Service Catalog Portfolio
      Open the AWS Management Console and navigate to the AWS Service Catalog console. On the Create Portfolio page create a portfolio. After a portfolio is created, add the S3 bucket to that portfolio.
    2. Creating a Service Catalog Product
      • In the AWS Service Catalog console, on the Upload new product page,  enter product details. -For Select template, choose the S3 bucket CloudFormation template saved to your device in a previous step.
      • Set Constraint type to   for the product that you just created with the SCConnectLaunch role in the baseline permissions (see Appendix 1). Click here for additional launch constraint instructions.
        Reminder Note: The AWS configuration design requires each AWS Service Catalog Product to have a launch constraint. Failure to follow this step may result in an “Unable to Retrieve Parameter” message within ServiceNow Service Catalog.
      • Add the SnowEndUser IAM role to the AWS Service Catalog portfolio. Click here for additional Grant Access to Users instructions.

Your AWS Service Catalog configuration should look similar to the following:

SCConnect-1stAWSStorage

After configuring IAM and AWS Service Catalog, the AWS setup for the integration is complete. Review the steps we discussed earlier to validate AWS setup instructions.

Configure ServiceNow

Now that you completed the AWS IAM and AWS Service Catalog configurations, the next configuration area to setup is ServiceNow. High-level installation tasks within ServiceNow include:

  • UPG-IN: Clear the ServiceNow Platform Cache and Web Browser Cache
  • Upload and Commit AWS Service Catalog Connector for ServiceNow “update set.” The update set contains the AWS Service Catalog scoped app that is needed to configure the synchronization between AWS console and the ServiceNow platform.
  • Configure ServiceNow platform system admin components
  • Configure AWS Service Catalog scoped app

The Configure ServiceNow documentation link details the ServiceNow configuration setup actions.

Validate configurations

You are now ready to validate the AWS Service Catalog Connector for ServiceNow installation procedures. Log into your ServiceNow instance as the end user (for example. Abel Tuter). Type “Service Catalog” in the navigation filter and click on Service Catalog. The standard user interface view displays the AWS Service Catalog category as follows:

AWSSCStorageNSNow

I.        Ordering a Product

  1. Select the AWS Service Catalog S3 Storage product to provision.

AWSSCStorageOrderForm

  1. Fill in the product request details including product name, parameters and tags.
  1. Choose Order Now to submit the ServiceNow request and provision AWS Service Catalog product.

After the product is provisioned by AWS Service Catalog, a short time will be required for a periodic synchronization job to update the status of the product on the form (up to one minute). You will receive an order status similar to the one shown in the following screenshot:

SCStorageOrderStatus

II.      Viewing provisioned products

Go to My Assets to view your request. To view the Product, personalize the list view to show the associated Configuration Item:

  1. Choose the “Settings” cogwheel in the header row of the table of asset requests
  2. Select ” Configuration item (configuration_item) ” and add it to the view by pressing the “>” button. Move configuration item about “Request”:

PersonalizeListColumns

This means the configuration item (the product that was ordered) shows in the list of assets. See example of storage ordered:

  • Choose the product Configuration Item.

  • View the Outputs for the provisioned Product in the Outputs tab of the form.

  • View the history of the provisioning of the product in the Product Events tab of the form.

You can also go to the AWS resources provisioned (in this example, an Amazon S3 bucket) to validate.  Log into the AWS Console, navigate to Amazon S3, and choose the bucket.

 

Additional configurations

Connector for ServiceNow version 2.0.2 includes additional operational actions, ServiceNow admin capability and ServiceNow Service Portal features. The Connector for ServiceNow documentation link includes the ServiceNow Additional Administrator Features details. Details include the ability to delete an AWS Service Catalog product in ServiceNow that does not have self-service actions associated. The ServiceNow Service Portal configurations also details the ability to order AWS Service Catalog products through the ServiceNow Service Portal using the Service Catalog and Order Something views.

Conclusion

Your preliminary AWS Service Catalog Connector for ServiceNow installation is complete. The benefits of this connector are to 1) enable developers to request and build services on AWS–reducing time to market 2) enable products to adhere to compliance/security requirements 3) accelerate cloud adoption. For questions on the AWS Service Catalog Connector for ServiceNow installation, email aws-sc-servicenow-issues@amazon.com.

About the Author

MaSonya ScottMaSonya Scott is an Atlanta, GA-based Principal Business Development Manager with AWS Service Catalog. MaSonya enjoys helping AWS customers establish cloud operations frameworks (people, process, and tooling) to accelerate cloud adoption. In her free time, MaSonya enjoys comic book-based movies and beach vacations with her family.