Getting started First you need to make sure that you have the necessary permissions in your AWS account and ServiceNow instance prior to installing the AWS Service Catalog Connector for ServiceNow.
It is assumed you already have Control Tower based landing zone up and running, with an instance of service catalog hosting the Account Factory product at a minimum.
You all so need to setup some baseline permissions on each account you want ServiceNow to have access to. You deploy these with the following CloudFormation templates - AWS Commercial Regions and AWS GovCloud Regions. Alternatively, see the step by step documentation here. For integrating with the Account Factory, we’ll just deploy these on the Management Account (the one hosting Control Tower). In the Parameters section set Enable Stack Set roles to false (Control Tower has already created these).
Now that you have created two IAM users with baseline permissions in each account, the next step is to configure AWS Service Catalog. * Open Service Catalog on the management account * Open the AWS Control Tower Account Factory Portfolio portfolio * Click on Groups, roles, and users * click Add groups, roles, users * click Users * Select SCEndUsers and click Add Access
Assuming you’ve just requested a fresh instances on the developer portal you can skip the following steps: * Clear the ServiceNow platform cache. * Clear the web browser cache.
Configure ServiceNow platform system admin components.
Configure AWS Service Management Connector scoped application, including accounts, scheduled jobs sync, and permissions.
Before installing the AWS Service Management scoped app, we recommend that you clear the ServiceNow platform cache by typing in the following URL: https://[InsertServiceNowInstanceNameHere]/cache.do
Clear the web browser cache to clear previous rendered product forms.
To install the update set: * Download the AWS ServiceNow Connector v2.3.4 * From your ServiceNow dashboard, type update sets into the navigation panel in the upper left. * Choose Retrieved Update Sets from the results. * Select Import Update Set from XML and upload the release XML file. * Click on AWS Service Management Connector for ServiceNow update set. * Click on Preview Update Set, which makes ServiceNow validate the connector update set. * Choose Update. * Click on Commit Update Set to apply the update set and create the application. * This procedure should complete 100%.
To enable the AWS Service Management Connector for ServiceNow scoped application named AWS Service Management, the system admin must create a discovery source, and configure specific platform tables, forms, and views.
To allow AWS to report discovered CIs into your CMDB you must create a new discovery data source called AWS Service Management Connector. Perform the following steps:
Note Make sure you are in Global mode in ServiceNow System Settings to modify System Definitions.
For AWS products to display under AWS portfolios as sub-categories in the ServiceNow Service Catalog, you need to modify the Application Access form for Catalog Item Category tables. This action is necessary because a ServiceNow scoped API is not available for the Catalog Item Category table.
The AWS Service Management scoped app comes with two ServiceNow roles that enable access to configure the application. This enables system admins to grant one or more users privileges to administer the application without having to open up full sysadmin access to them. These roles can be assigned either to individual users or to one administrator user.
You must add a new change request type called AWS Provisioned Product Event for the scoped application to trigger an automated change request in Change Management. For instructions, see Add a new change request type. * Type Change into the navigator and click on Open * Open the context (right-click) menu on an entry in the Type column and click Show Matching * for Type and then choose Show Choice List. * Choose New and fill in the following fields: * Table: Change Request * Label: AWS Provisioned Product Event * Value: AWSProvisionedProductEvent * Sequence: pick the next unused value * Submit the form.
Having installed and configured the AWS Service Management Connector for ServiceNow in the previous procedure, you must configure the scoped application and applicable roles.
Access key ID for the SCSyncUser
Secret Access key ID for the SCSyncUser
The region in which you deployed Control Tower
Click New In the AWS Service Management scoped app Accounts menu, create one entry for every AWS account. You need to use the keys and secret keys from the users you created in AWS. To create account entry:
Access key ID for the SCEndUser
Secret Access key ID for the SCEndUser
The region in which you deployed Control Tower
Click Validate Regions
Click on Products
Select AWS Control Tower Account Factory
To grant access to AWS Service Catalog products in ServiceNow, you must establish a link between the AWS Service Catalog portfolios and the ServiceNow group (for example, Order_AWS_Products created earlier in the instructions as an installation example).
To grant access to AWS Service Catalog portfolios in ServiceNow * In the AWS Service Management scoped app, choose the Portfolios module. * Select the desired Portfolio ARN. You can double-click the AWS Service Catalog portfolio name. * Select the Allowed Groups tab. * Choose New and enter the Group named Order_AWS_Products. * Choose Submit.
To address the varying personas of end users requesting AWS products, the Connector for ServiceNow includes a scoped app setting to enable or disable components of the AWS product widget. By default, all AWS product components are enabled.
To modify the AWS product view * In the navigator, type System Properties and select AWS Service Catalog. Note : Make sure you are in the AWS Service Management Connector scoped application mode. * Deselect any AWS product component such as: * Enable editing of the AWS Service Catalog Product name. * Enable selection of launch options for AWS Service Catalog Products. (Note that this component is only visible if the AWS product has more than one launch path.)
Enable selection of product versions for AWS Service Catalog. (Note that this component is only visible if the AWS product has more than one product version.)