To securely access data on your provider account, the Discovery process must present appropriate credentials. To make the credentials available to Discovery and Cloud Provisioning and Governance, you first create a user with programmatic access in the AWS Management
Console. You then securely store the credentials in a service
account at ServiceNow AI Platform.
Before you begin
Roles required:
- AWS Management
Console administrator
- For Cloud Discovery: discovery_admin
- For Cloud Provisioning and Governance: admin or sn_cmp.cloud_admin
About this task
Cloud providers often use different names for accounts,
regions, and credential settings. Because the ServiceNow application
supports several cloud providers, the app uses general-purpose names for the
settings.
Procedure
- Optional:
To create a user for
Cloud Provisioning and Governance (for programmatic access to your AWS resource and billing data), perform the following steps.
-
On the AWS Management
Console, navigate to .
-
On the IAM Resources portal, select Users.
-
Select Add user.
-
On the Details page, configure the user settings, and then select
Next.
Table 1. Details page
| Field |
Description |
| User name |
Name for the programmatic user. For example,
servicenowcloud. |
| Access type |
Select Programmatic
access. |
-
On the Permissions page, attach the user to a policy.
Configure the following settings and then select
Next.
| Field |
Description |
| Set permissions for <user name> |
Select Attach existing policies directly. |
| Attach one or more policies … |
Select the appropriate policy.
Note: The AdministratorAccess policy has the most powerful permission level, including permission to provision cloud resources. The policy enables the same access that would be
granted to the instance if you were not using IAM and used your AWS account Access Key ID and Secret Access Key. You might instead prefer to create a policy or combine multiple policies to grant the appropriate permission level.
See Control AWS access and permissions using policies for details. |
-
On the Review page, verify your selections and then select
Create user.
-
On the Security Credentials page, copy the secret access key and the
access key ID.
Important: Do not leave the page until you have completed
both steps. The Secret access key value does
not appear again. You need to paste the values that you generate in
these steps into a Cloud Provisioning and Governance
form.
- Select Show to display the Secret access
key. Copy the value.
- Select Download .csv to save the
CSV-format file that contains the user name, Access key ID, and
the Secret access key value. You create the file as a backup in
the case that you lose the values. Verify that the file was
created and then store the file securely.
-
In the ServiceNow instance, navigate to .
-
Select New, select AWS
Credentials, enter a unique and meaningful
Name (for example, Cloud Provisioning
Account), and then fill in the form.
Table 2. AWS Credentials form fields
| Field |
Input value |
Name |
Unique and descriptive name for the AWS credentials. |
Active |
Option to use the credential. |
Access Key ID |
The Access key ID that you generated on the AWS Management Console, such as: APIAIOSFODNN7EXAMPLE. |
Secret access key |
The Secret access key that you generated on the AWS Management Console, such as: wPalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY. |
-
Select Update or Submit.
What to do next
Associate these AWS credentials with the relevant AWS account and then test the credentials:
- Navigate to , and select the AWS account you
created earlier as described in Set up AWS service accounts.
- On the Cloud Service Account form, enter the AWS
credentials you created in the Discovery credentials
field.
- Under Related Links, select Discover
Datacenters.
- Navigate to , and then select the AWS tab. The dashboard shows discovered resources for the account that you associated with the newly created AWS credentials.
- Verify that Cloud Discovery ran the discovery process
successfully.