AWS Services discovery using patterns

  • Release version: Washingtondc
  • Updated April 3, 2025
  • 7 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of AWS Services discovery using patterns

    The Discovery and Service Mapping Patterns application enables the discovery of Amazon AWS services through horizontal discovery. It requires updating the application from the ServiceNow Store to access various AWS services, such as AppSync API, CloudWatch Logs, and more. This functionality is crucial for effective IT Operations Management (ITOM) visibility.

    Show full answer Show less

    Key Features

    • Supports discovery of multiple AWS services, including but not limited to:
      • Athena workgroups
      • CloudFront distributions
      • Elastic Beanstalk applications
      • SageMaker notebook instances
    • Compatibility with AWS GovCloud (US) accounts for specific services.
    • Data is populated in non-CMDB tables, with relevant information accessible through the Configuration module.
    • Discovery patterns are disabled by default and need to be enabled for operation.

    Key Outcomes

    By utilizing these patterns, customers can:

    • Automatically populate the Cloud Resource CMDB table with detailed data about AWS services.
    • Maintain effective visibility of their AWS environment, enhancing operational efficiency and resource management.
    • Ensure that AWS resources are accurately represented and easily discoverable within ServiceNow.

    To start, verify prerequisites, remove unnecessary resources from the Resource Inclusion List, and enable the relevant discovery patterns for optimal operation.

    Discovery and Service Mapping Patterns application uses Amazon AWS service patterns to discover Amazon AWS Services during horizontal discovery. Discovering some of these resources requires updating the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    The latest version of Discovery and Service Mapping Patterns supports discovering the following Amazon AWS Services:

    • AppSync API
    • Athena workgroup
    • Backup plan
    • Backup vault
    • CloudFront distribution
    • CloudWatch Logs
    • CodeDeploy deployment
    • CodePipeline pipeline
    • Database Migration Service (DMS) endpoints
    • Elastic BeanStalk Application
    • EMR cluster (running on EC2)
    • EventBridge Event Bus
    • FSx backup
    • FSx file system
    • Glue database
    • IAM policy
    • IAM role
    • IAM user
    • KMS key
    • MQ Broker
    • MQ configuration
    • S3 Glacier Vault
    • SageMaker notebook instance
    • Secrets Manager secret
    • Simple Email Service (SES) Identity
    • SQS Queue
    • Step Functions State Machine
    • Storage Gateway gateway
    • Systems Manager Document
    • Systems Manager Parameter Store
    • Transfer Family server
    • VPC Flow Log
    • VPC-managed prefix list
    • X-Ray sampling rule
    Discovery and Service Mapping Patterns supports AWS GovCloud (US) accounts for the following services:
    • AppSync API
    • Elastic BeanStalk Application
    • EventBridge Event Bus
    • MQ Broker
    • SQS Queue
    • Step Functions State Machine
    • Storage Gateway gateway
    Discovering AWS GovCloud (US) accounts requires using a datacenter URL when setting up an AWS service account. For more information, see Set up AWS service accounts.

    Prerequisites

    Verify Amazon AWS discovery prerequisites
    For more information, see the prerequisites section in Amazon AWS Cloud components discovery using patterns.
    Remove resources from the Resource Inclusion List table
    Verify that the relevant resource isn't listed in the Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table to avoid duplicate discovery. For more information on removing resources from the Resource Inclusion List, see Amazon Web Services (AWS) Resource Inventory.
    Enable the relevant pattern
    The Discovery and Service Mapping Patterns for these services are disabled by default. For more information on enabling patterns, see Activate a disabled pattern.

    Data collected by Discovery during horizontal discovery

    Discovery populates data for each of the patterns in non-CMDB tables. These tables are listed under All > Configuration > AWS. You can also search the navigation filter for the specific pattern name.

    Figure 1. Navigation example for non-CMDB table AWS Athena Workgroup
    AWS Athena Workgroup non-CMDB table navigation

    Discovery populates data in the Cloud Resource [cmdb_ci_cmp_resource] CMDB table when running the following patterns:

    • Amazon AWS - Athena Workgroup - Extended Inventory (LP)
    • Amazon AWS - Backup Backup Plan - Extended Inventory (LP)
    • Amazon AWS - Backup Backup Vault - Extended Inventory (LP)
    • Amazon AWS - CloudFront Distribution - Extended Inventory (LP)
    • Amazon AWS - CloudWatch Log - Extended Inventory (LP)
    • Amazon AWS - CodeDeploy Deployment - Extended Inventory (LP)
    • Amazon AWS - CodePipeline Pipeline - Extended Inventory (LP)
    • Amazon AWS - DMS Endpoint - Extended Inventory (LP)
    • Amazon AWS - EMR Cluster - Extended Inventory (LP)
    • Amazon AWS - FSx Backup - Extended Inventory (LP)
    • Amazon AWS - FSx File System - Extended Inventory (LP)
    • Amazon AWS - Glue Database - Extended Inventory (LP)
    • Amazon AWS - IAM Policy - Extended Inventory (LP)
    • Amazon AWS - IAM Role - Extended Inventory (LP)
    • Amazon AWS - IAM User - Extended Inventory (LP)
    • Amazon AWS - KMS Key - Extended Inventory (LP)
    • Amazon AWS - MQ Configuration - Extended Inventory (LP)
    • Amazon AWS - S3 Glacier Vault - Extended Inventory (LP)
    • Amazon AWS - SageMaker Notebook Instance - Extended Inventory (LP)
    • Amazon AWS - Secrets Manager Secret - Extended Inventory (LP)
    • Amazon AWS - Simple Email Service Identity - Extended Inventory (LP)
    • Amazon AWS - Systems Manager Document - Extended Inventory (LP)
    • Amazon AWS - Systems Manager Parameter Store - Extended Inventory (LP)
    • Amazon AWS - Transfer Family Server - Extended Inventory (LP)
    • Amazon AWS - VPC Flow Log - Extended Inventory (LP)
    • Amazon AWS - VPC Managed Prefix List - Extended Inventory (LP)
    • Amazon AWS - XRay Sampling Rule - Extended Inventory (LP)
    Table 1. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Name [name] Name of the AWS resource.
    Object ID [object_id] Amazon Resource Name (ARN) for the AWS resource.
    Resource type [resource_type] Type of resource, in the following format— Vendor::Service::Component.

    For example, for the DMS endpoint resource, the value is set to AWS::DMS::Endpoint.
    Install Status [install_status] Install status of the resource. Default value: Installed.
    Operational status [operational_status] Operational status of the resource. Default value: Operational.

    Discovery populates the data in various CMDB tables when running the following patterns.

    Amazon AWS - AppSync API - Extended Inventory (LP)
    Table 2. Cloud Messaging Service [cmdb_ci_cloud_messaging_service]
    Field Description
    Name [name] Name of the AWS AppSync API, which is the GraphQL interface.
    Object ID [object_id] ARN for the API.
    Type [type] Type of resource, in the following format— Vendor::Service::Component.

    The value is set to AWS::AppSync::API.
    Amazon AWS - Elastic BeanStalk Application - Extended Inventory (LP)
    Table 3. Cloud App Server [cmdb_ci_cloud_appserver]
    Field Description
    Name [name] Name of the application.
    Object ID [object_id] ARN of the application.
    Amazon AWS - EventBridge Event Bus - Extended Inventory (LP)
    Table 4. Cloud Messaging Service [cmdb_ci_cloud_messaging_service]
    Field Description
    Name [name] Name of the event bus.
    Object ID [object_id] ARN of the event bus.
    Type [type] Type of resource, in the following format— Vendor::Service::Component.

    The value is set to AWS::EventBridge::EventBus.
    Amazon AWS - MQ Broker - Extended Inventory (LP)
    Table 5. Cloud Messaging Service [cmdb_ci_cloud_messaging_service]
    Field Description
    Name [name] Name of the MQ Broker.

    This value must be unique in the AWS account, between 1-50 characters long, and contain only letters, numbers, dashes, and underscores. For example: MyActiveMQBroker.
    Object ID [object_id] ARN of the MQ Broker.
    Type [type] Type of broker engine. For example: ACTIVEMQ or RABBITMQ.
    Version [version] Version of the broker engine.
    Amazon AWS - SQS Queue - Extended Inventory (LP)
    Table 6. Cloud Messaging Service [cmdb_ci_cloud_messaging_service]
    Field Description
    Name [name] Name of the queue for which you want to fetch the URL. The name can be up to 80 characters long.
    Object ID [object_id] ARN of the queue.
    Type [type] Type of resource, in the following format— Vendor::Service::Component.

    The value is set to AWS::SQS::Queue.
    Amazon AWS - Step Functions State Machine - Extended Inventory (LP)
    Table 7. Cloud Function [cmdb_ci_cloud_function]
    Field Description
    Name [name] Name of the state machine.
    Object ID [object_id] ARN of the state machine.
    Edition [edition] Edition of the state machine. Possible values: STANDARD or EXPRESS.
    Amazon AWS - Storage Gateway Gateway - Extended Inventory (LP)
    Table 8. Cloud Gateway [cmdb_ci_cloud_gateway]
    Field Description
    Name [name] Name you configured for your gateway.
    Object ID [object_id] ARN of the gateway.
    Environment [environment] Type of hardware or software platform on which the gateway runs.

    CI relationships

    Discovery creates these relationships to support the Amazon AWS Services discovery.

    These relationships support the discovery of AWS Services when running the following patterns.
    • Amazon AWS - Athena Workgroup - Extended Inventory (LP)
    • Amazon AWS - Backup Backup Plan - Extended Inventory (LP)
    • Amazon AWS - Backup Backup Vault - Extended Inventory (LP)
    • Amazon AWS - CloudFront Distribution - Extended Inventory (LP)
    • Amazon AWS - CloudWatch Log - Extended Inventory (LP)
    • Amazon AWS - CodeDeploy Deployment - Extended Inventory (LP)
    • Amazon AWS - CodePipeline Pipeline - Extended Inventory (LP)
    • Amazon AWS - DMS Endpoint - Extended Inventory (LP)
    • Amazon AWS - EMR Cluster - Extended Inventory (LP)
    • Amazon AWS - FSx Backup - Extended Inventory (LP)
    • Amazon AWS - FSx File System - Extended Inventory (LP)
    • Amazon AWS - Glue Database - Extended Inventory (LP)
    • Amazon AWS - IAM Policy - Extended Inventory (LP)
    • Amazon AWS - IAM Role - Extended Inventory (LP)
    • Amazon AWS - IAM User - Extended Inventory (LP)
    • Amazon AWS - KMS Key - Extended Inventory (LP)
    • Amazon AWS - MQ Configuration - Extended Inventory (LP)
    • Amazon AWS - S3 Glacier Vault - Extended Inventory (LP)
    • Amazon AWS - SageMaker Notebook Instance - Extended Inventory (LP)
    • Amazon AWS - Secrets Manager Secret - Extended Inventory (LP)
    • Amazon AWS - Simple Email Service Identity - Extended Inventory (LP)
    • Amazon AWS - Systems Manager Document - Extended Inventory (LP)
    • Amazon AWS - Systems Manager Parameter Store - Extended Inventory (LP)
    • Amazon AWS - Transfer Family Server - Extended Inventory (LP)
    • Amazon AWS - VPC Flow Log - Extended Inventory (LP)
    • Amazon AWS - VPC Managed Prefix List - Extended Inventory (LP)
    • Amazon AWS - XRay Sampling Rule - Extended Inventory (LP)
    Table 9. Regional services
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Table 10. Global services
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts Cloud Service Account [cmdb_ci_cloud_service_account]
    These relationships support the discovery of AWS Services when running the following patterns.
    Amazon AWS - AppSync API - Extended Inventory (LP)
    CI Relationship CI
    Cloud Messaging Service [cmdb_ci_cloud_messaging_service] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - Elastic Beanstalk Application - Extended Inventory (LP)
    CI Relationship CI
    Cloud App Server [cmdb_ci_cloud_appserver] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - EventBridge Event Bus - Extended Inventory (LP)
    CI Relationship CI
    Cloud Messaging Service [cmdb_ci_cloud_messaging_service] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - MQ Broker - Extended Inventory (LP)
    CI Relationship CI
    Cloud Messaging Service [cmdb_ci_cloud_messaging_service] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - SQS Queue - Extended Inventory (LP)
    CI Relationship CI
    Cloud Messaging Service [cmdb_ci_cloud_messaging_service] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - Step Functions State Machine - Extended Inventory (LP)
    CI Relationship CI
    Cloud Function [cmdb_ci_cloud_function] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]
    Amazon AWS - Storage Gateway Gateway - Extended Inventory (LP)
    CI Relationship CI
    Cloud Gateway [cmdb_ci_cloud_gateway] Hosted on::Hosts AWS Datacenter [cmdb_ci_aws_datacenter]