AWS Management & Governance Blog

How to install and configure the AWS Service Catalog Connector for ServiceNow

(Note: This post was updated November 18, 2019)

Introduction

To help customers integrate provisioning secure, compliant, and pre-approved AWS products into their ServiceNow service catalog/portal, AWS created the AWS Service Catalog Connector for ServiceNow.

AWS Service Catalog Connector for ServiceNow synchronizes AWS Service Catalog portfolios and products with the ServiceNow Service Catalog to enable ServiceNow users to request approved AWS products via ServiceNow.

In 2018, AWS introduced the Connector for ServiceNow. Key features of the latest Connector for ServiceNow version 2.3.3 release include the ability to:

  • Support for AWS CloudFormation StackSets, enabling launch of AWS Service Catalog products across multiple regions and accounts.
  • The ability for admins to view portfolio and products budgets and actual costs (requires budgets associated within the native AWS Service Catalog)
  • Support for AWS GovCloud West region
  • The ability for end users to choose accounts and regions for StackSet deployments
  • The ability to view provisioned product events and outputs in the ServiceNow request item. This includes closure of ServiceNow request items when products are terminated.

This version also includes prior AWS Service Catalog Connector for ServiceNow features such as:

  • Support for AWS CloudFormation StackSets, enabling launch of AWS Service Catalog products across multiple regions and accounts.
  • Support for AWS CloudFormation Change Sets, enabling a preview of resource changes from a launch or update.
  • Display of AWS Service Catalog portfolios (including correlated products) as sub-categories in the ServiceNow Service Catalog.
  • Support AWS Service Catalog self-service actions using AWS Systems Manager documents.
  • Support AWS Service Catalog post-provision operational actions to update and terminate products.
  • Rendering of AWS Service Catalog products in the ServiceNow Portal page.
  • Multi-account support.
  • Validation of AWS Regions and identities associated with syncing AWS and ServiceNow
  • Synchronization of product details in the My Asset/CMDB view

In this blog post, I show you how to install and configure the AWS Service Catalog Connector for ServiceNow version 2.3.3.  The AWS Service Catalog Connector for ServiceNow documentation link details fully details install instructions.

Background

AWS Service Catalog allows you to centrally manage commonly deployed AWS services and provisioned software products. It helps your organization achieve consistent governance and compliance requirements, while enabling users to quickly deploy only the approved AWS services they need.

ServiceNow is an enterprise service management platform that places a service‑oriented lens on the activities, tasks, and processes that make up day‑to‑day work life to enable a modern work environment. ServiceNow Service Catalog is a self-service application that end users can use to order IT services based on request fulfillment approvals and workflows.

Getting started

First you need to make sure that you have the necessary permissions in your AWS account and ServiceNow instance prior to installing the AWS Service Catalog Connector for ServiceNow.

AWS prerequisites

To get started you need an AWS account to configure your AWS portfolios and products. Refer to Setting Up for AWS Service Catalog for more details.

For each AWS account, the Connector for ServiceNow also requires two AWS Identity and Access Management (IAM) users and two IAM roles:

  • An IAM user to sync AWS portfolios and products to ServiceNow Service Catalog items.
  • An IAM role configured as an AWS Service Catalog end user and assigned to each Service Catalog portfolio
  • An IAM end user to “assume” the previous end user role that has a baseline of permissions to provision AWS services in the ServiceNow Service Catalog. This ServiceNow end user will be linked to the end user role in AWS.
  • An IAM launch roleused to place baseline AWS service permissions into the AWS Service Catalog launch constraints. Configuring this role enables segregation of duty through provisioning product resources on behalf of the ServiceNow end user.

The Baseline Permissions documentation link details the initial permissions setup actions. The baseline permissions enable an end user to provision the following AWS services: Amazon Simple Storage Service (Amazon S3), and Amazon Elastic Compute Cloud (Amazon EC2). To allow end users to provision AWS service beyond the baseline permissions, you will need to include the additional AWS service permissions to the launch role. Note: To use an AWS CloudFormation template to set up the AWS configurations of the Connector for ServiceNow, see the two AWS Configurations templates for:
Connector for ServiceNow v2.3.3- AWS Commercial Regions and Connector for ServiceNow v2.3.3- AWS GovCloud West Region.  Special thanks to Kenneth Walsh and Brian Terry, AWS Solution Architects, who wrote the AWS Configuration template for Connector version 2.3.3.

ServiceNow prerequisites

In addition to the AWS account, you also need a ServiceNow instance to install the ServiceNow Connector scoped application. The initial installation should occur in either an enterprise sandbox or a ServiceNow Personal Developer Instance (PDI), depending on your organization’s technology governance requirements. The ServiceNow administrator needs the admin role to install the Connector for ServiceNow scoped application.

Configure AWS Service Catalog

Now that you have created two IAM users with baseline permissions in each account, the next step is to configure AWS Service Catalog. The Configure AWS Service Catalog documentation link details the AWS Service Catalog configuration setup actions.

Configure ServiceNow

Now that you completed the AWS IAM and AWS Service Catalog configurations, the next configuration area to setup is ServiceNow. High-level installation tasks within ServiceNow include:

  • Clear the ServiceNow Platform Cache and Web Browser Cache
  • Upload and Commit AWS Service Catalog Connector for ServiceNow “update set.” The update set contains the AWS Service Catalog scoped app that is needed to configure the synchronization between AWS console and the ServiceNow platform.
  • Configure ServiceNow platform system admin components
  • Configure AWS Service Catalog scoped app

The Connector for ServiceNow version 2.3.3 update set may be applied to a “London,” or “Madrid,” or “New York” platform release of ServiceNow. The Configure ServiceNow documentation link details the ServiceNow configuration setup actions.

Validate configurations

You are now ready to validate the AWS Service Catalog Connector for ServiceNow installation procedures. Log into your ServiceNow instance as the end user (for example. Abel Tuter). Type “Service Catalog” in the navigation filter and click on Service Catalog. The standard user interface view displays the AWS Service Catalog category as follows:

AWSSCStorageNSNow

I.        Ordering a Product

  1. Select the AWS Service Catalog S3 Storage product to provision.

AWSSCStorageOrderForm

  1. Fill in the product request details including product name, parameters and tags.
  1. Choose Order Now to submit the ServiceNow request and provision AWS Service Catalog product.

After the product is provisioned by AWS Service Catalog, a short time will be required for a periodic synchronization job to update the status of the product on the form (up to one minute). You will receive an order status similar to the one shown in the following screenshot:

SCStorageOrderStatus

II.      Viewing provisioned products

Go to My Assets to view your request. To view the Product, personalize the list view to show the associated Configuration Item:

  1. Choose the “Settings” cogwheel in the header row of the table of asset requests
  2. Select ” Configuration item (configuration_item) ” and add it to the view by pressing the “>” button. Move configuration item about “Request”:

PersonalizeListColumns

This means the configuration item (the product that was ordered) shows in the list of assets. See example of storage ordered:

  • Choose the product Configuration Item.

  • View the Outputs for the provisioned Product in the Outputs tab of the form.

  • View the history of the provisioning of the product in the Product Events tab of the form.

You can also go to the AWS resources provisioned (in this example, an Amazon S3 bucket) to validate.  Log into the AWS Console, navigate to Amazon S3, and choose the bucket.

 

Additional configurations

Connector for ServiceNow version 2.3.3 includes additional operational actions, ServiceNow admin capability and ServiceNow Service Portal features. The Connector for ServiceNow documentation link includes the ServiceNow Additional Administrator Features details. Details include the ability to delete an AWS Service Catalog product in ServiceNow that does not have self-service actions associated. The ServiceNow Service Portal configurations also details the ability to order AWS Service Catalog products through the ServiceNow Service Portal using the Service Catalog and Order Something views.

Conclusion

Your preliminary AWS Service Catalog Connector for ServiceNow installation is complete. The benefits of this connector are to 1) enable developers to request and build services on AWS–reducing time to market 2) enable products to adhere to compliance/security requirements 3) accelerate cloud adoption. For questions on the AWS Service Catalog Connector for ServiceNow installation, email aws-sc-connector-issues@amazon.com.

About the Author

MaSonya ScottMaSonya Scott is an Atlanta, GA-based Principal Business Development Manager with AWS Service Catalog. MaSonya enjoys helping AWS customers establish cloud operations frameworks (people, process, and tooling) to accelerate cloud adoption. In her free time, MaSonya enjoys comic book-based movies and beach vacations with her family.