Real-time tag updates to Cloud resources

Release version: Washingtondc

Updated February 1, 2024

2 minutes to read

Summarize

Summarized using AI

Summary of Real-time tag updates to Cloud resources

This feature enables real-time processing of tag updates to cloud resources by mapping a tag audit policy. It allows ServiceNow customers to execute policy audits and update tags on Configuration Items (CIs) as cloud events occur, ensuring accurate and up-to-date records in the CMDB.

Show full answer Show less

Key Features

Real-time processing of tag changes through cloud events.
Execution of policy audits specifically on impacted CIs identified by tag change events.
Configuration of cloud events processing for multiple cloud providers, including Amazon AWS, Microsoft Azure, and Google Cloud.
Ability to view changes and audit triggers in the Tag Change Log for up to 90 days.

Key Outcomes

By implementing real-time tag updates, customers can expect:

Improved accuracy of tag information in the CMDB.
Enhanced visibility into tag changes and audit results through the Tag Change Log.
Optimized performance through adjustable system properties for handling high event inflow and multiple policies.

To ensure effective operation, prerequisites include maintaining an empty cloud events table and configuring at least one tag governance policy with the appropriate settings.

Set up cloud events processing and map a tag audit policy to update tags cloud resources in real time.

Execute policy audits and update tags on CIs in real time

Process cloud events related to change in tags and execute policy audits on these events in real time. You must set up event processing with the required cloud provider so that the cloud events table is receiving events.

For more information on setting up cloud events processing, see:

Note:

To process real-time tag updates to cloud resources or CIs, ensure that you meet the following prerequisites:

Cloud events table [sn_cmp_cloud_events] table does not have any records in processed state.
CIs impacted by tag change events are identified by either CAPI or Discovery and Service Mapping patterns.
Configured at least one tag governance policy.
Select the Run on cloud events check box in the policy you create.

Unlike regular policy audits, where the audit is performed on all the CIs in the CMDB that the policy applies to, tag events are processed per CI. Based on the prerequisites, tag event processing occurs on events that are identified with a tag change. The impacted CI is identified and if the associated policy is applicable to the CI, the audit policy is run on the identified CI.

If the Run on cloud events check box is selected during policy creation, that policy is selected to run audit on tag change events. If the check box is cleared, the tag audit policy is not run on the CI even if there are tag change cloud events.

View the change type that applies to the tag (the change which triggered the audit) in the Tag Change Log [sn_itom_tag_change_log] table. The records in the Tag Change Log table are stored by default, for 90 days. The change log records display whether a remediation run or an event triggered the change on the CI. You can also see the tags that were added or updated as part of the change.

If you have a high event inflow or you have many policies configured on your instance you can modify the following System Properties to ensure that your instance's performance is consistent.

[sn_itom_tag.azure_window_size] - This system property is configurable (in minutes).
[sn_itom_tag.max_audit_lag_ratio] - Specify the lag between audits that are already running, before the audit triggers on the records ready for audit.
[sn_itom_tag.policy_batch_size] - Specify the batch size on which the policy is run.
[sn_itom_tag.event_batch_size] - Specify event batch size to be processed.