Legacy Amazon AWS Cloud Discovery
Use Cloud Discovery to discover virtual resources in your AWS organizations: management and member accounts.
Make sure that you set up Cloud Discovery and provide all the necessary permissions and credentials for discovering AWS resources. For more information, see Setting up AWS service accounts.
Verify the REST API Permissions
Download the Cloud Discovery patterns spreadsheet so you can grant user permissions required for running the Discovery patterns. In addition to permissions, the spreadsheet also includes useful information such as pattern names, types, CI Classes, and links to vendor documentation. New patterns are available quarterly, so check periodically to be sure you have the latest version of the spreadsheet.
Nota:
You can test the AWS REST APIs using Postman API platform. For more information, see the How to test AWS REST API using POSTMAN [KB0782183] article in the Now Support
Knowledge Base.
Discovered relationships between virtual machines, datacenters, and other CIs
| Class | Relationship | Class |
|---|---|---|
| Virtual Machine Instance [cmdb_ci_vm_instance] | Hosted on |
AWS Datacenter [cmdb_ci_aws_datacenter] vCenter Datacenter [cmdb_ci_vcenter_datacenter] Nota:
These tables extend Logical Datacenter [cmdb_ci_logical_datacenter]. The relationship between the VM and the specific type of datacenter is through the Logical Datacenter table. |
| Virtualizes | Computer [cmdb_ci_computer] Nota:
This is a virtual machine. The Is virtual field value is true. |
|
|
Logical Datacenter [cmdb_ci_logical_datacenter] |
Contains | Resource Group [cmdb_ci_resource_group] |
| Hosts | Public IP Address [cmdb_ci_cloud_public_ip_address] | |
| Hosted on | Cloud Service Account [cmdb_ci_cloud_service_account] | |
| Hosts | Storage Account [cmdb_ci_cloud_storage_account] | |
| Contains | Availability Zone [cmdb_ci_availability_zone] | |
| Contains | Host Cluster [cmdb_ci_host_cluster] | |
| Hosts | OS Template [cmdb_ci_os_template] | |
| Hosts | Compute Template [cmdb_ci_compute_template] | |
| Hosted on | Cloud Management Network Interfaces [cmdb_ci_nic] | |
| Cloud DataBase [cmdb_ci_cloud_database] | Owns | IP Address [cmdb_ci_ip_address] |
| Hosted on | AWS Datacenter [cmdb_ci_aws_datacenter] | |
| Hosted on | Cloud Service Account [cmdb_ci_cloud_service_account] |
Data collected by Service Mapping during top-down discovery
To include discovered components into service instances, enable CI relationships used in tag-based discovery by Service Mapping. These CI relationships are available from the 1.0.68 release on the ServiceNow Store. For operational steps, see Tag-based discovery configuration.
Service Mapping uses tag-based discovery to create service instance maps including the Cloud components. The Service Mapping application comes with the following preconfigured CI relationships used for tag-based discovery. These CI relationships are available from the 1.0.68 release on the ServiceNow Store.
| CI | Relationship | CI |
|---|---|---|
| Configuration Item [cmdb_ci] | Hosted on::Hosts | Logical Datacenter [cmdb_ci_logical_datacenter] |
| Logical Datacenter [cmdb_ci_logical_datacenter] | Hosted on::Hosts | Cloud Service Account [cmdb_ci_cloud_service_account] |
AWS Config service
If you configured the configure AWS Config service, the instance can receive notifications when changes to cloud resources occur. Discovery can then take action and make updates.
The instance can detect an AWS config notification with message type
ConfigurationItemChangeNotification for these resource types: - AWS::DynamoDB::Table
- AWS::EC2::Instance
- AWS::EC2::SecurityGroup
- AWS::EC2::Subnet
- AWS::EC2::Volume
- AWS::EC2::VPC
- AWS::ElasticLoadBalancing::LoadBalancer
- AWS::ElasticLoadBalancingV2::LoadBalancer
- AWS::RDS::DBInstance
- AWS::S3::Bucket
Discovery can then make updates to records in the Response Mappings [sn_cmp_response_mapping] tables that have Cloud Event in the Datasource field.
Amazon Connect Discovery API list
| CI Attributes | AWS Attributes |
| object_id | DescribeRegionsResponse.regionInfo.item.regionName |
| name | DescribeRegionsResponse.regionInfo.item.regionName |
| region | DescribeRegionsResponse.regionInfo.item.regionName |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| object_id | DescribeAvailabilityZonesResponse.availabilityZoneInfo.item.zoneName |
| name | DescribeAvailabilityZonesResponse.availabilityZoneInfo.item.zoneName |
| state | DescribeAvailabilityZonesResponse.availabilityZoneInfo.item.zoneState |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| object_id | DescribeAddressesResponse.addressesSet.item.allocationid |
| name | DescribeAddressesResponse.addressesSet.item.elastic_name |
| public_ip_address | DescribeAddressesResponse.addressesSet.item.eip |
| region | DescribeAddressesResponse.addressesSet.item.region |
| domain | DescribeAddressesResponse.addressesSet.item.domain |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| memory | DescribeInstancesResponse.reservationSet.item.instancesSet.item.instanceType - Call Hardware Types |
| state | DescribeInstancesResponse.reservationSet.item.instancesSet.item.instanceState.name |
| object_id | DescribeInstancesResponse.reservationSet.item.instancesSet.item.instanceId |
| cpus | DescribeInstancesResponse.reservationSet.item.instancesSet.item.instanceType - Call Hardware Types |
| disks | DescribeVolumesResponse.volumeSet.item.attachmentSet.item.blockDeviceMapping[].size |
| nics | DescribeInstancesResponse.reservationSet.item.instancesSet.item.networkInterfaceSet[].size |
| vm_inst_id | DescribeInstancesResponse.reservationSet.item.instancesSet.item.instanceId |
| name | "DescribeInstancesResponse.reservationSet.item.instancesSet.item.tagSet.item.value==Name OR DescribeInstancesResponse.reservationSet.item.instancesSet.item.instanceId" |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| state | DescribeVolumesResponse.volumeSet.item.status |
| storage_type | block |
| volume_id | DescribeVolumesResponse.volumeSet.item.volumeId |
| name | "DescribeVolumesResponse.volumeSet.item.volumeId OR DescribeVolumesResponse.volumeSet.item.tagSet.value==Name" |
| size_bytes | DescribeVolumesResponse.volumeSet.item.size * 1024 * 1024 * 1024 |
| object_id | DescribeVolumesResponse.volumeSet.item.volumeId |
| size | DescribeVolumesResponse.volumeSet.item.size + "GB" |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| name | DescribeImagesResponseimagesSet.item.name |
| object_id | DescribeImagesResponseimagesSet.item.imageId |
| guest_os | DescribeImagesResponseimagesSet.item.platform |
| image_type | DescribeImagesResponseimagesSet.item.imageType |
| root_device_type | DescribeImagesResponseimagesSet.item.rootDeviceType |
| image_source | DescribeImagesResponseimagesSet.item.imageLocation |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| is_shared | FALSE |
| object_id | DescribeVpcsResponse.vpcSet.item.vpcId |
| state | DescribeVpcsResponse.vpcSet.item.state |
| netmask | Not applicable |
| name | "DescribeVpcsResponse.vpcSet.item.tagSet.item.value <key=""name""> OR DescribeVpcsResponse.vpcSet.item.cidrBlock+ ""[""+DescribeVpcsResponse.vpcSet.item.tagSet.item.vpcId+""]""" |
| is_external | FALSE |
| cidr | DescribeVpcsResponse.vpcSet.item.cidrBlock + DescribeVpcsResponse.vpcSet.item.cidrBlockAssociationSet.item.ipv6CidrBlock |
| default_gateway | DescribeInternetGatewaysResponse.internetGatewaySet.item.internetGatewayId |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| name | aws-service_account_name + region_name + DescribeKeyPairsResponse.keySet.item.keyName |
| finger_print | DescribeKeyPairsResponse.keySet.item.keyFingerprint |
| object_id | DescribeKeyPairsResponse.keySet.item.keyName |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| object_id | DescribeLoadBalancersResponse.DescribeLoadBalancersResult.LoadBalancerDescriptions.member.LoadBalancerName |
| name | DescribeLoadBalancersResponse.DescribeLoadBalancersResult.LoadBalancerDescriptions.member.LoadBalancerName |
| state | Available/ Terminated |
| dns_name | DescribeLoadBalancersResponse.DescribeLoadBalancersResult.LoadBalancerDescriptions.member.DNSName |
| fqdn | DescribeLoadBalancersResponse.DescribeLoadBalancersResult.LoadBalancerDescriptions.member.DNSName |
| canonical_hosted_zone_name | DescribeLoadBalancersResponse.DescribeLoadBalancersResult.LoadBalancerDescriptions.member.CanonicalHostedZoneName |
| canonical_hosted_zone_id | DescribeLoadBalancersResponse.DescribeLoadBalancersResult.LoadBalancerDescriptions.member.CanonicalHostedZoneNameID |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| category – DB class (‘templates’ for CPU and memory) | https://rds.us-east-1.amazonaws.com/?Action=DescribeDBInstances |
| object_id – DB name (unique for each LDC) | https://rds.us-east-1.amazonaws.com/?Action=DescribeDBInstances&DBInstanceIdentifier=<input_object_id> |
| fqdn – DB endpoint address (DNS name) | https://tagging.us-east-1.amazonaws.com/ (tags discovery) |
| tcp_port – DB endpoint port |
DescribeDBInstancesResponse.DescribeDBInstancesResult.DBInstances.Endpoint.Port Or DescribeDBClustersResponse.DescribeDBClustersResult.DBClusters.Port |
| name – DB name |
DescribeDBInstancesResponse.DescribeDBInstancesResult.DBInstances.DBName Or DescribeDBClustersResponse.DescribeDBClustersResult.DBClusters.DBClusterIdentifier |
| version – DB version |
DescribeDBInstancesResponse.DescribeDBInstancesResult.DBInstances.EngineVersion Or DescribeDBClustersResponse.DescribeDBClustersResult.DBClusters.EngineVersion |
| type – Database type (Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server) |
DescribeDBInstancesResponse.DescribeDBInstancesResult.DBInstances.Engine Or DescribeDBClustersResponse.DescribeDBClustersResult.DBClusters.Engine |
| operational_status – The status of the database | Operational/Non-Operational/Retired |
| ip_address – IP address of the FQDN | com.snc.sw.util.DNSUtils.resolveHostName( DescribeDBInstancesResponse.DescribeDBInstancesResult.DBInstances.Endpoint.AddressOrDescribeDBClustersResponse.DescribeDBClustersResult.DBClusters.Endpoint) |
| vendor – “Amazon” | Amazon |
| fqdn – DB endpoint address (DNS name) |
DescribeDBInstancesResponse.DescribeDBInstancesResult.DBInstances.Endpoint.Address Or DescribeDBClustersResponse.DescribeDBClustersResult.DBClusters.Endpoint |
| CI Attributes | AWS Attributes |
| name | "DescribeSubnetsResponse.subnetSet.item.cidrBlock OR DescribeSubnetsResponse.subnetSet.item.tagSet.item.value <key=""name"">" |
| object_id | DescribeSubnetsResponse.subnetSet.item.subnetId |
| cidr |
DescribeSubnetsResponse/subnetSet/item/cidrBlock + /DescribeSubnetsResponse/subnetSet/item/ipv6CidrBlockAssociationSet/item/ipv6CidrBlock/ |
| status | Installed/Retired |
| state | DescribeSubnetsResponse.subnetSet.item.state |
| available_ip_count | DescribeSubnetsResponse.subnetSet.item.availableIpAddressCount |
| CI Attributes | AWS Attributes |
| name | DescribeNetworkInterfacesResponse.networkInterfaceSet.item.networkInterfaceId |
| private_ip | DescribeNetworkInterfacesResponse.networkInterfaceSet.item.privateIpAddress |
| object_id | DescribeNetworkInterfacesResponse.networkInterfaceSet.item.networkInterfaceId |
| public_ip | DescribeNetworkInterfacesResponse.networkInterfaceSet.item.asscoiation.publicIp |
| gateway | Not applicable |
| private_dns | DescribeNetworkInterfacesResponse.networkInterfaceSet.item.privateDnsName |
| state | In Use/Terminated |
| owner | Not applicable |
| netmask | 255.255.255.0 |
| is_source_dest_check | DescribeNetworkInterfacesResponse.networkInterfaceSet.item.sourceDestCheck |
| public_dns | DescribeNetworkInterfacesResponse.networkInterfaceSet.item.asscoiation.publicDnsName |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| name | DescribeVolumesResponse.volumeSet.item.attachmentSet.item.blockDeviceMapping.ebs.volumeId |
| object_id | DescribeVolumesResponse.volumeSet.item.attachmentSet.item.blockDeviceMapping.ebs.volumeId |
| mapping_type | DescribeVolumesResponse.volumeSet.item.attachmentSet.item.blockDeviceMapping.rootDeviceType |
| host | DescribeVolumesResponse.volumeSet.item.attachmentSet.item.blockDeviceMapping.publicIPAddress |
| mount_point | DescribeVolumesResponse.volumeSet.item.attachmentSet.item.blockDeviceMapping.rootDeviceName |
| CI Attributes | AWS Attributes |
| object_id | DescribeSecurityGroupsResponse.securityGroupInfo.item.groupId |
| name | DescribeSecurityGroupsResponse.securityGroupInfo.item.groupName |
| state | Available/Terminated |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| object_id | No AWS Response |
| name | DescribeInstanceTypesResponse.instanceTypeSet.item.instanceType |
| vcpus | DescribeInstanceTypesResponse.instanceTypeSet.item.vCpuInfo.defaultVCpus |
| memory_mb | DescribeInstanceTypesResponse.instanceTypeSet.item.memoryInfo.sizeInMiB |
| local_storage_gb | DescribeInstanceTypesResponse.instanceTypeSet.item.instanceStorageInfo.totalSizeInGB |
| cores | DescribeInstanceTypesResponse.instanceTypeSet.item.vCpuInfo.defaultCores |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| object_id | <resolved dns name> |
| name | <resolved dns name> |
| ipaddress_type | <is not populated by CMP> |
| status | Installed/Retired |
| CI Attributes | AWS Attributes |
| name | DescribeLoadBalancersResponse.DescribeLoadBalancersResult.LoadBalancers.DNSName:DescribeListenersResponse.DescribeListenersResult.Listeners.Port |
| object_id | DescribeLoadBalancersResponse.DescribeLoadBalancersResult.LoadBalancers.DNSName:DescribeListenersResponse.DescribeListenersResult.Listeners.Port |
| port | DescribeListenersResponse.DescribeListenersResult.Listeners.Port |
| server_port | DescribeListenersResponse.DescribeListenersResult.Listeners.Port |
| server_protocol | DescribeListenersResponse.DescribeListenersResult.Listeners.Protocol |
| listener_protocol | DescribeListenersResponse.DescribeListenersResult.Listeners.Protocol |
| status | Installed/Retired |
| ssl_certificate_id | Not applicable |