How to install and configure the AWS Service Management Connector for ServiceNow
(Note: This post was updated June 12, 2020)
To help customers integrate provisioning secure, compliant, and pre-approved AWS products into their ServiceNow portal, AWS created the AWS Service Management Connector for ServiceNow (formerly the AWS Service Catalog Connector)
The AWS Service Management Connector for ServiceNow allows ServiceNow end users to provision, manage, and operate AWS resources natively via ServiceNow. ServiceNow administrators can provide pre-approved, secured and governed AWS resources to end users via AWS Service Catalog, execute automation playbooks via AWS Systems Manager and track resources in the CMDB powered by AWS Config seamlessly on ServiceNow with the AWS Service Management Connector.
ServiceNow end users can browse and request and provision pre-secured AWS solutions, view configuration item details and execute workflows within ServiceNow on AWS resources. This simplifies AWS product request actions for ServiceNow users and provides ServiceNow governance and oversight over AWS products.
In 2018, AWS introduced the Connector for ServiceNow. Key features of the latest Connector for ServiceNow version 3.0.4 release include:
- Streamlined install and configuration process for AWS accounts opted into ServiceNow scoped app.
- AWS Service Catalog integration features such as:
- Rendering AWS Service Catalog portfolios and products in the ServiceNow Service Portal and Fulfiller views.
- Enable ServiceNow administrators to create AWS Tags across provisioned products.
- The ability to map synced AWS portfolios to ServiceNow groups.
- The ability for ServiceNow users to request AWS Service Catalog products through ServiceNow.
- The ability for administrators to view portfolio and product budgets and actual costs. (Requires budgets to be associated within AWS Service Catalog.)
- Support for AWS Service Catalog service actions for ServiceNow users to update and terminate products.
- Support for AWS CloudFormation StackSets, enabling launch of AWS Service Catalog products across multiple regions and accounts.
- Support for AWS CloudFormation Change Sets, enabling a preview of resource changes prior to a launch or update.AWS Config integration features such as:
- AWS Config integration features such as
- Rendering of AWS Config configuration item details for (EC2, RDS, Load Balancers, S3 Buckets, CloudFormation Stacks, etc.) into the ServiceNow CMDB.
- Ability to view the configuration item relationships for AWS resources in scope for this release.
- AWS Systems Manager integration features such as
- Rendering of AWS Systems Manager automation documents in the ServiceNow Service Portal and Fulfiller (Standard User Interface) views.
- The ability for ServiceNow administrators to associate AWS Systems Manager automation for AWS accounts opted into the Connector for ServiceNow scoped app.
- The ability for ServiceNow users to request and execute AWS Systems Manager automation documents through ServiceNow.
- Support for multiple AWS accounts.
- Support for FIPS endpoints and usage in the AWS GovCloud West and East regions.
- Support for the latest ServiceNow platform releases Orlando (O), New York (N), Madrid (M).
In this blog post, I provide high level steps to install and configure the AWS Service Management Connector for ServiceNow version 3.0.4. Due to the Connector for ServiceNow’s feature expansion, the AWS Service Management Connector for ServiceNow documentation link fully details install instructions.
AWS Service Catalog allows you to centrally manage commonly deployed AWS services and provisioned software products. It helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need.
AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.
ServiceNow is an enterprise service management platform that places a service‑oriented lens on the activities, tasks, and processes that make up day‑to‑day work life to enable a modern work environment. ServiceNow Service Catalog is a self-service application that end users can use to order IT services based on request fulfillment approvals and workflows. The ServiceNow CMDB provides resource transparency and relationships for the logical components of a service.
First you need to make sure that you have the necessary permissions in your AWS account and ServiceNow instance prior to installing the AWS Service Catalog Connector for ServiceNow.
To get started, you need:
- For AWS Service Catalog with the Connector, you need an AWS account configure with your AWS portfolios and products. Refer to Setting Up for AWS Service Catalog for more details.
- For AWS Config details, the service settings need to be configured to record data for the resource types of interest. It is recommended to include provisioned products and AWS CloudFormation stacks in addition to the major resource types used by your team. For details, see Setting up AWS Config with the console.
- For AWS Systems Manager Automation with the Connector, no AWS-side set up is required. A number of automation documents are provided by AWS as standard. If you have additional automation documents you wish to use, they will be available in the Connector. For details, see Working with Automation Documents (Playbooks).
The Baseline Permissions documentation link details the initial permissions setup actions. The baseline permissions enable an end user to provision the following AWS services: Amazon Simple Storage Service (Amazon S3), and Amazon Elastic Compute Cloud (Amazon EC2). To allow end users to provision AWS service beyond the baseline permissions, you will need to include the additional AWS service permissions to the launch role.
In addition to the AWS account, you also need a ServiceNow instance to install the ServiceNow Connector scoped application. The initial installation should occur in either an enterprise sandbox or a ServiceNow Personal Developer Instance (PDI), depending on your organization’s technology governance requirements. The ServiceNow administrator needs the admin role to install the Connector for ServiceNow scoped application.
Configure AWS Service Catalog
Now that you have created two IAM users with baseline permissions in each account, the next step is to configure AWS Service Catalog. The Configure AWS Service Catalog documentation link details the AWS Service Catalog configuration setup actions.
Now that you completed the AWS IAM and AWS Service Catalog configurations, the next configuration area to setup is ServiceNow. High-level installation tasks within ServiceNow include:
- Clear the ServiceNow platform cache.
- Clear the web browser cache.
- Activate two ServiceNow plugins.
- Install the ServiceNow Connector scoped application, and upload and commit the ServiceNow
- Connector Update Set.
- Configure ServiceNow platform system admin components.
- Configure AWS Service Management Connector scoped application, including accounts, scheduled jobs sync, and permissions.
The Connector for ServiceNow version 3.0.4 update set may be applied to a or “Madrid,” “New York,” or “Orlando” platform release of ServiceNow. The Configure ServiceNow documentation link details the ServiceNow configuration setup actions.
You are now ready to validate the AWS Service Catalog Connector for ServiceNow installation procedures. Log into your ServiceNow instance as the end user (for example. Abel Tuter). Type “Service Catalog” in the navigation filter and click on Service Catalog. The standard user interface view displays the AWS Service Catalog category as follows:
I. Ordering a Product
- Select the AWS Service Catalog S3 Storage product to provision.
- Fill in the product request details including product name, parameters and tags.
- Choose Order Now to submit the ServiceNow request and provision AWS Service Catalog product.
After the product is provisioned by AWS Service Catalog, a short time will be required for a periodic synchronization job to update the status of the product on the form (up to one minute). You will receive an order status similar to the one shown in the following screenshot:
II. Viewing provisioned products
Go to My Assets to view your request. To view the Product, personalize the list view to show the associated Configuration Item:
- Choose the “Settings” cogwheel in the header row of the table of asset requests
- Select ” Configuration item (configuration_item) ” and add it to the view by pressing the “>” button. Move configuration item about “Request”:
This means the configuration item (the product that was ordered) shows in the list of assets. See example of storage ordered:
- Choose the product Configuration Item.
- View the Outputs for the provisioned Product in the Outputs tab of the form.
- View the history of the provisioning of the product in the Product Events tab of the form.
You can also go to the AWS resources provisioned (in this example, an Amazon S3 bucket) to validate. Log into the AWS Console, navigate to Amazon S3, and choose the bucket.
Connector for ServiceNow version 3.0.4 includes additional operational actions, ServiceNow admin capability and ServiceNow Service Portal features. The Connector for ServiceNow documentation link includes the ServiceNow Additional Features details. Details include the ability to delete an AWS Service Catalog product in ServiceNow that does not have self-service actions associated. The ServiceNow Service Portal configurations also details the ability to order AWS Service Catalog products through the ServiceNow Service Portal using the Service Catalog and Order Something views.
Your preliminary AWS Service Management Connector for ServiceNow installation is complete. The benefits of this connector are to 1) enable developers to request and build services on AWS–reducing time to market 2) enable products to adhere to compliance/security requirements 3) accelerate cloud adoption. For questions on the AWS Service Catalog Connector for ServiceNow installation, email firstname.lastname@example.org
About the Author
MaSonya Scott is an Atlanta, GA-based Principal Business Development Manager with AWS Service Catalog. MaSonya enjoys helping AWS customers establish cloud operations frameworks (people, process, and tooling) to accelerate cloud adoption. In her free time, MaSonya enjoys comic book-based movies and beach vacations with her family.