Cloud Configuration Governance actions reference

Release version: Xanadu

Updated August 1, 2024

2 minutes to read

Summarize

Summarized using AI

Summary of Cloud Configuration Governance actions reference

Cloud Configuration Governance (CCG) leverages Integration Hub subflows to interact with cloud environments and update configuration data in the Configuration Management Database (CMDB). This reference details key CCG actions you can use within ServiceNow to read configuration data, create records, and insert resource records, enabling effective cloud configuration auditing and management.

Show full answer Show less

CCG – Read Config Setting Action

This action reads specific configuration data from a cloud resource. To use it, insert the action via Action > Cloud Configuration Governance > Utils > CCG – Read Config Setting.

Resource: Specify the resource record containing the configuration data.
Configuration key: Define the key for the configuration data you want to read.

The action outputs can be configured to report audit violations by selecting the Report issue option, which triggers violation reporting based on the policy’s audit violation settings. If this option is cleared, violations are not reported automatically but can be captured through custom records. The Details field requires an entry of the violation definition when reporting is enabled.

Create Record Action

This generic action creates records in the CMDB, specifically used to store audit results from CCG scans. Access it via Action > ServiceNow Core > Default > Create Record.

Table: Set to Audit Result [snitomccgauditresult] to store audit findings.
Fields: Populate fields such as Scan Run, Is Test Run, Details, Violation Definition, Resource, and Severity to comprehensively document the audit issue.

CCG – Insert Resource Record Action

Use this action to insert new cloud resource records into the CMDB, maintaining an accurate inventory of cloud assets. This is available under Action > Cloud Configuration Governance > Utils > CCG – Insert Resource Record.

Scan run: The audit scan that triggers the record creation.
Service account: The account associated with the resource.
Logical datacenter: The datacenter linked to the resource.
Identifier, Name, Type, Provider: Key identifiers and classifications of the resource.
Details and Attributes: Additional information and attributes to enrich the resource record.

Practical Benefits for ServiceNow Customers

These CCG actions enable you to automate the retrieval and auditing of cloud resource configuration data, systematically create audit result records, and accurately maintain your CMDB with up-to-date cloud resource inventories. This facilitates compliance enforcement, improves visibility into cloud configurations, and supports governance policies by integrating cloud asset management directly with ServiceNow workflows.

Cloud Configuration Governance (CCG) uses Integration Hub subflows to interact with the cloud and update the configuration data in the Configuration Management Database (CMDB).

CCG – Read Config Setting

Use this action to read the configuration data of the resource.

To use this action, insert an action and then navigate to Action > Cloud Configuration Governance > Utils > CCG – Read Config Setting.

Table 1. CCG – Read Config Setting action
Field	Description
Resource [Resource]	Resource record that contains the configuration data.
Configuration key [Configuration Key]	Configuration key you want to read.

Assign Subflow Outputs

Table 2. Assign Subflow Outputs form
Field	Description
Report issue	Option to enable the subflow to report the audit violation. Select the Report Issue option in the Data column or clear this check box to set or clear this field. Selected: Report the issue as per the violation definition selected in the Audit Violation Reporting field of the policy. Cleared: Cloud Configuration Governance doesn’t report the violation. Create a custom record for the audit violation. You can specify conditions to control the creation of the audit violation record.
Details	Violation definition that you want to report for the violation. Enter the violation definition in the Details field in the Data column. This field is required if you've selected the Report Issue option.

Create Record

Use this action to create a record in the CMDB.

To use this action, insert an action and then navigate to Action > ServiceNow Core > Default > Create Record.

Table 3. Create Record action
Field	Description
Table	Name of the Configuration Management Database (CMDB) table where the audit result is stored. Set this field to Audit Result [sn_itom_ccg_audit_result].
Fields	Details of the record that you want to create in the Configuration Management Database (CMDB). Add the following fields and configure input for them: Scan Run: Scan run during which Cloud Configuration Governance has identified the audit issue. Is Test Run: Indicates whether Cloud Configuration Governance has reported the audit issue during a test run. Details: Details of the violation. Violation Definition: Violation definition of the audit issue. Resource: Cloud resource for which Cloud Configuration Governance has raised the audit issue. Severity: Severity of the audit issue.

CCG – Insert Resource Record

Use this action to insert a resource record to the Configuration Management Database (CMDB).

To use this action, insert an action and then navigate to Action > Cloud Configuration Governance > Utils > CCG – Insert Resource Record.

Table 4. CCG – Insert Resource Record action
Field	Description
Scan run	Scan run for which the subflow must create the resource record.
Service account	Service account to which the resource is attached.
Logical datacenter	Logical datacenter to which the resource is attached.
Identifier	Identifier of the resource record.
Name	Name of the resource.
Type	Resource type.
Provider	Cloud provider that hosts the resource.
Details	Details of the object that you want to store in the resource record.
Attributes	Any additional resource attribute that you want to import to the CMDB.