Triggers for cloud policies

  • Release version: Yokohama
  • Updated January 30, 2025
  • 6 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Triggers for Cloud Policies

    Triggers in ServiceNow cloud policies initiate the policy engine based on specific events, such as user requests or lifecycle operations on cloud resources like blueprints, catalog items, stacks, or individual resources. When a trigger fires, the policy engine evaluates conditions and executes actions if conditions are met. Understanding and configuring these triggers enables customers to automate governance, approvals, and operational controls in their cloud environments effectively.

    Show full answer Show less

    Key Features

    • Trigger Types and Timing: Triggers occur at various stages, including catalog item launch, request start/end, resource operation launch/request start/end, lease end, and stack/resource operations with or without approvals. This timing enables policies to run before, during, or after user actions or system operations.
    • Policy Actions: Based on the trigger, policies can execute scripts, override user-requested values (mainly text attributes), abort processes, send notifications, call Cloud APIs, or initiate approval workflows. Overriding values allows dynamic control of user inputs or operational parameters.
    • Approval Triggers: Specialized triggers such as on Stack operation (approval) and on Task remediation enable mandatory approval workflows before cloud activities proceed. Approvers can be managers, specific users/groups, or roles, arranged in a specified sequence.
    • Performance Considerations: To optimize system performance, minimize the use of broad or general triggers (e.g., on Catalog item triggers without a specific target), as they execute unconditionally.
    • Blueprint Deprecation: Although blueprints are deprecated, related triggers and policies are still applicable to cloud template–based catalogs, ensuring continuity during transition.

    Practical Applications for ServiceNow Customers

    • Pre-Provisioning Control: Use triggers like on Blueprint provision and on Catalog item launch to modify attribute values or run scripts before provisioning, customizing user request forms and resource configurations.
    • Approval Workflow Integration: Leverage approval triggers to enforce governance policies requiring managerial or role-based approvals before provisioning or resource operations proceed, enhancing compliance.
    • Post-Provisioning Automation: Employ on Catalog item request end triggers to initiate workflows such as software installations or notifications after provisioning completes.
    • Lifecycle Operation Management: Manage and control resource lifecycle events (start, stop, deprovision) through triggers that enable scripting, attribute overrides, API calls, and IP address management during these operations.
    • Lease Management: Automate lease expiration actions with the on Lease end trigger, enabling notifications or lifecycle operations to ensure efficient resource utilization.

    Key Outcomes

    • Automated enforcement of cloud governance policies based on precise lifecycle events and user interactions.
    • Dynamic control over user inputs and provisioning parameters to align with organizational standards.
    • Streamlined approval processes integrated within cloud operations to maintain compliance and oversight.
    • Improved operational efficiency through automation of post-provisioning tasks and resource lifecycle management.
    • Optimized system performance by careful use of triggers and minimizing unnecessary policy executions.

    Triggers are events that set the policy engine in motion. For example, the on Catalog item request end trigger fires after a user submits a request form. When the trigger for a policy fires, the policy engine tests the conditions specified in the policy rule and performs the actions specified in the rule, if the conditions are met.

    About triggers

    • You typically refer to a policy by the name of the trigger for the policy. For example, you might refer to a policy that is triggered by the on Lease end trigger as a "Lease end policy."
    • Triggers are often based on user requests and the operations (start, stop, provision, or de-provision) that can run on a blueprint, a catalog item, a resource, or a stack. Some trigger types do not specify a cloud operation. For example, the on Lease End trigger fires independently of any operation.
    • To optimize performance, limit the number of policies with general triggers like the on Catalog item triggers.
    • A trigger that does not specify a target (a blueprint, catalog item, stack, or resource) is always executed. To optimize performance, therefore, minimize the use of such policies.
    Important:
    Blueprints are deprecated. The trigger descriptions following the time-line schema below, are applicable for creating cloud template based catalogs as well.
    Figure 1. Provisioning trigger time-line
    Provisioning trigger time line

    Policy triggers

    Table 1. Types of policy trigger and the actions that are available for the associated policy rules
    Trigger name and actions Description

    on Blueprint provision

    Actions:

    • Execute a script
    • Property override
    • Abort process
    		 The on Blueprint provision trigger fires after execution of on Catalog item request start policies. A policy that is triggered by the on Blueprint provision trigger can run a script, override a user-requested attribute value, or abort and send a message about the provision operation.

    Use this trigger to override a value that the user enters. For example, when a user chooses a value for an attribute like the stack name, a policy with this trigger can change the stack name. In addition, another action can change the name again when the user finally provisions the resource.

    The user does not see the final value on the catalog item form because the change is made at provision time.

    Create an action for an 'on Blueprint provision' policy

    Approval triggers

    • on Stack operation (approval): Triggered during any stack operation on the Cloud User Portal.
    • on Stack resource operation (approval): Triggered during any resource operation (start, stop, provision, and so on) on the Cloud User Portal.
    • on Task remediation: Triggered when a user resubmits a failed request.

    Actions:

    • ServiceNow Approval
    • Custom Approval
    		 A cloud approval policy specifies the users who must approve a specified cloud activity before the activity can proceed. Approvers can include the manager of the user making a request, a specified user or group, or users with a specified role. You can specify multiple approvers. Approvals occur in the order that you specify. A policy that is triggered by one of the approval triggers can start approval workflows.

    The targeted approval policies complement the base-system approval operations.

    Note:
    The approval process is performed after properties are set because property values that were overridden could change costs.

    on Blueprint provision (approval) is applied before the blueprint is provisioned. Because the provisioning process can alter request data (and possibly change costs), approval processes run after the blueprint is provisioned.

    Use on Stack operation (approval) to run an approval workflow when an operation is performed on a stack. By default, a change request is generated when an operation is performed on a stack, but it does not require an approval. This trigger can launch a mandatory approval.

    Use on Stack resource operation (approval) to run an approval workflow when an operation is performed on a single resource that is part of a stack. By default, a change request is generated when an operation is performed on a stack, but it does not require an approval. This trigger can launch a mandatory approval.

    A policy that is triggered by the on Task Remediation trigger can start approval workflows.

    Create an action for an 'approval' policy

    on Catalog item launch

    Actions:

    • Execute a script
    • Property override
    		 The on Catalog item launch trigger fires when an order form (stack request form) is launched for a catalog item. A policy that is triggered by the on Catalog item launch trigger can run a script or override a user-requested value (text values only).

    Use this trigger to control what the user sees in the form when it first opens in the Cloud User Portal. For example, you can override a default value that first appears to the user. The user can see this value on the catalog item form.

    When both a policy rule and a form rule overwrite a value, the value in the form rule is used.

    Create an action for an 'on Catalog item launch' policy

    on Catalog item request start

    Actions:

    • Execute a script
    • Execute a workflow
    		 The on Catalog item request start trigger fires after the user opens a request form.

    A policy that is triggered by the on Catalog item request start or on Catalog item request end trigger can run a script or execute a workflow.

    You can use this trigger to run a custom script or workflow to fulfill enterprise processes like custom approval before the catalog item request is processed.​

    Create an action for an 'on Catalog item request start/end' policy

    on Catalog item request end

    Actions:

    • Execute a script
    • Execute a workflow
    		 The on Catalog item request end trigger fires after a user submits a request form.

    A policy that is triggered by the on Catalog item request start or on Catalog item request end trigger can run a script or execute a workflow.

    Use this trigger to launch a workflow after a catalog item request is processed. Consider this trigger a post-provisioning step. For example, you could launch a workflow to install MySQL on the provisioned resource.

    Create an action for an 'on Catalog item request start/end' policy

    on Lease end

    Actions:

    • Run an Operation
    • Send a Notification
    		 A policy that is triggered by the on Lease end trigger can send a notification or perform a Start, Stop, or Deprovision life cycle operation.

    Create an action for an 'on Lease end' policy

    on Resource operation launch

    Actions:

    • Execute a script
    • Property override
    		 The on Resource operation launch trigger fires before the catalog for a resource operation is loaded from the Cloud User Portal. A policy that is triggered by the on Resource operation launch trigger can run a script or can override a user-requested value (text values only).

    When both a policy rule and a form rule overwrite a value, the value in the form rule is used.

    Create an action for an 'on Resource operation launch' policy

    on Resource operation request start

    Actions:

    • Execute a script
    • Execute a workflow
    		 The on Resource operation request start trigger fires after a user submits a resource operation request (Start, Stop, Deprovision).

    A policy that is triggered by the on Resource operation request start or on Resource operation request end trigger can run a script or override a user-requested attribute value.

    Create an action for an 'on Resource operation request start/end' policy

    on Resource operation request end

    Actions:

    • Execute a script
    • Execute a workflow
    		 The on Resource operation request end trigger fires before completion of a life cycle operation on a resource (Start, Stop, Deprovision).

    A policy that is triggered by the on Resource operation request start or on Resource operation request end trigger can run a script or override a user-requested attribute value.

    Create an action for an 'on Resource operation request start/end' policy

    on Resource operation

    Actions:

    • Property override
    • Execute a script
    • Call Cloud API
    • IP Address Management
    		 The on Resource operation trigger fires during the Orchestration process when a user performs a Start, Stop, or Deprovision life cycle operation on a specific resource. A policy that is triggered by the on Resource operation trigger can override a user-requested attribute value, run a script, call a Cloud API, or perform an IP address management operation.

    Create an action for an 'on Resource operation' policy