AI Service Graph Connector for Amazon

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AI Service Graph Connector for Amazon

    The AI Service Graph Connector for Amazon enables ServiceNow customers to discover, import, and manage AI assets from their AWS environments directly within the ServiceNow AI Control Tower. This integration catalogs AI systems, agents, models, and prompts from AWS, automatically collecting usage data to populate the AI Control Tower value dashboard. This provides comprehensive visibility and governance over AI operations.

    Show full answer Show less

    Key Features

    • Discovery and Import: Seamlessly imports AI assets such as AI systems, models, tools, and prompts from AWS into ServiceNow.
    • Automatic Usage Data Collection: Gathers usage metrics automatically to support AI governance and operational insights.
    • Data Mapping: Uses staging tables to map AWS AI data sources to ServiceNow CMDB and non-CMDB tables, ensuring organized and structured data integration.
    • Wide AWS Service Support: Integrates with Amazon Bedrock, Amazon SageMaker, Amazon CloudWatch, and Bedrock AgentCore services.
    • Role and Permission Management: Requires specific ServiceNow roles and AWS IAM permissions to enable secure and effective data access and import.

    Prerequisites and Setup

    • ServiceNow Versions Supported: Australia, Zurich, and Yokohama releases.
    • User Roles Required: snaidisc.discoveryadmin or sncmdbintutil.sgcadmin roles in ServiceNow.
    • ServiceNow Setup: One-time update of data source access permissions and cache clearing to enable data source creation and ensure proper data synchronization.
    • AWS Setup: Active AWS account with read permissions via an IAM user or role. API access must be enabled for Amazon Bedrock, SageMaker, CloudWatch, and Bedrock AgentCore. Specific IAM permissions are required for listing and describing AI-related resources.

    Data Integration and Mapping

    The connector maps various AWS AI data sources to appropriate ServiceNow staging and target tables. This mapping supports organizing imported data into relevant CMDB classes such as digital assets for AI systems and models, AI tools, prompts, subcomponents, and usage data. This structured approach allows customers to maintain clarity and control over imported AI asset data within the ServiceNow environment.

    Benefits for ServiceNow Customers

    • Gain centralized visibility and governance of AWS AI assets within the ServiceNow AI Control Tower.
    • Automate data collection to support informed decision-making and AI lifecycle management.
    • Ensure secure and compliant integration through defined user roles and AWS IAM permissions.
    • Leverage structured data mapping to maintain a clean and actionable AI asset inventory.

    The AI Service Graph Connector for Amazon enables you to discover and import AI assets from your AWS environment into ServiceNow AI Control Tower.

    The connector integrates with your AWS account to catalog AI systems, agents, models, and prompts. Usage data is automatically collected and populated into the AI Control Tower value dashboard, providing comprehensive visibility and governance of your AI operations.

    Download apps from the Store

    Visit the  ServiceNow store website to download the AI Service Graph Connector for Amazon application.

    Supported ServiceNow versions

    This connector is supported on the following ServiceNow releases:

    Release Status
    Australia Supported
    Zurich Supported
    Yokohama Supported

    User Roles

    You must have one of the following roles assigned.

    Required Roles
    sn_ai_disc.discovery_admin
    sn_cmdb_int_util.sgc_admin

    ServiceNow Prerequisites

    Complete the following setup steps once when configuring the connector for the first time.

    Note:
    Updating data source access and clear cache is a prerequisite that needs to be completed only once, when setting up a new instance for the first time.
    Update Data Source Access

    The connector requires write permissions to the Data Source table to create data sources.

    To enable data source creation:
    1. Select Global from the application picker.
    2. Navigate to Application Access.
    3. Select the Can create, Can update, and Can delete checkboxes.
    4. Select Update.
    5. Switch to the connector application scope.
    Clear cache

    Clear the cached data for the Data Source and Tables.

    To clear the cache:
    1. Navigate to System Definition > Background Scripts
    2. Paste the following script into the Run Script text box:
      GlideTableManager.invalidateTable('sys_data_source');
GlideCacheManager.flushTable('sys_data_source');
GlideTableManager.invalidateTable('sys_db_object');
GlideCacheManager.flushTable('sys_db_object');
    3. Select Run Script.
      Note:
      The script may take several minutes to complete.
    4. After completion, switch to the connector application scope.

    AWS Prerequisites

    Role required: IAM user

    Before proceeding, confirm you have:

    • AWS Account- Active AWS account with access to the services you want to connect
    • IAM Credentials: AWS Access Key ID and Secret Access Key with read permissions for the services you plan to migrate
    • Service Access- API access enabled for Amazon Bedrock, Amazon SageMaker, Amazon CloudWatch, and Amazon Bedrock AgentCore
    Required IAM Permissions

    Your IAM user role or role needs these permissions.

    • Amazon Bedrock: bedrock:List*, bedrock:Get*
    • Amazon SageMaker: sagemaker:List*, sagemaker:Describe*
    • Amazon CloudWatch: logs:DescribeLogGroups, logs:DescribeLogStreams, cloudwatch:GetMetricData
    • bedrock-agentcore:List*/ bedrock-agentcore:Get*
    AWS Setup documentation

    Use these AWS resources to set up credentials and enable services.

    Data Mapping

    The following table lists the data sources, the staging tables, and the target tables  CMDB CI classes and non-CMDB  classes where data is stored for a  AWS  project.

    Data Source Staging Table Target Table
    SGawsBedrockAIAssetDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_asset sn_ai_disc_aws_sgc_bedrock_ai_system (routes to other staging tables)
    SGawsBedrockAISystemDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_system alm_ai_system_digital_asset
    SGawsBedrockAIModelDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_model alm_ai_model_digital_asset
    SGawsBedrockAIToolDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_tool sn_ent_ai_tool
    SGawsBedrockAIPromptDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_prompt alm_ai_prompt_digital_asset
    SGawsBedrockAISbcompM2mDSUtilSNC sn_ai_disc_aws_sgc_bedrock_sbcomp_m2m sn_ent_ai_system_subcomponent_m2m
    SGawsBedrockAIUsageDSUtilSNC sn_ai_disc_aws_sgc_bedrock_ai_usage sn_ai_disc_ai_usage
    SGAgentCoreDataSourceUtil (importAgentRuntimesByID) sn_ai_disc_aws_sgc_agentcore_ai_system alm_ai_system_digital_asset
    SGAgentCoreDataSourceUtil (importCodeInterpretersByID, importBrowsersByID, importTargetsByID) sn_ai_disc_aws_sgc_agentcore_ai_tool sn_ent_ai_tool
    SGAgentCoreDataSourceUtil (getAWSAgentCoreUsage) sn_ai_disc_aws_sgc_agentcore_ai_usage sn_ai_disc_ai_usage
    SGSageMakerAIModelDSUtilSNC sn_ai_disc_aws_sgc_sg_awssagemaker_model alm_ai_model_digital_asset
    SGSageMakerModelCardDSUtilSNC sn_ai_disc_aws_sgc_sg_awssagemaker_model alm_ai_model_digital_asset