Amazon Web Services EC2 Linux Out Of Box Catalog items

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Amazon Web Services EC2 Linux Out Of Box Catalog items

    This catalog item enables ServiceNow customers to easily order fully functional Amazon EC2 Linux virtual machines (VMs) with integrated Agent Client Collector (ACC) installation and enhanced security controls. It supports a variety of instance types, disk configurations, and security group assignments, tailored for production environments and compliance requirements.

    Show full answer Show less

    Key Features

    • Linux VM Provisioning: Request a Linux VM of any EC2 instance type with ACC installed. ACC installation is mandatory for production use to ensure monitoring and compliance.
    • Instance Type Approvals: Ordering instance sizes larger than t2.nano or t2.micro requires administrator approval via policy enforcement to control resource allocation.
    • Additional Disk Support: Attach up to 10 additional disks (volumes) of various sizes and types. No approval is needed for up to two disks; more than two requires administrator approval.
    • Security Group Assignment: Assign one Network Security Group to the VM to restrict network access, enhancing security. Security groups are filtered based on the selected VPC and subnet.
    • Compliance and Configuration Checks: A Cloud Configuration Governance (CCG) scan runs post-deployment to validate VM configuration against policy rules. Non-compliance triggers a ‘Follow up required’ state for remediation.
    • Tagging: All deployed resources (VM, network, storage) receive a CMDB key-value tag to assist with asset management. Tag updates currently apply only within the CMDB, with plans to extend tagging to cloud platforms in future releases.
    • Credential Management: Selecting the credential alias key for ACC deployment requires ACC admin role permissions, ensuring secure and controlled deployment.

    Practical Benefits for ServiceNow Customers

    • Streamlines provisioning of compliant and secure Linux EC2 instances directly from the ServiceNow catalog.
    • Enforces governance through approval workflows and automated compliance checks, reducing risk of misconfiguration.
    • Supports flexible storage options while maintaining control over resource usage via approval policies.
    • Enhances security posture by integrating network security group assignments at deployment time.
    • Improves asset visibility and management with automated tagging within the CMDB.

    Cloud Services Catalog Linux VM with agent client collector (ACC), up to 10 additional disks on EC2 or with security groups.

    This is a fully functional sample catalog item that can be used to request a Linux instance of any instance type from Amazon EC2.

    The video demonstrates how to order an Amazon Web Services EC2 Linux virtual machine.

    Linux VM orders and features:

    Order Features

    Order a Linux virtual machine on EC2, that allows installation of agent client collector. ACC is compulsory for production instances. VM sizes other than t2.nano, t2.micro require approval. Cloud configuration scan is run for compliance checking.

    For instance types other than t2.nano and t2.micro, approval is needed from administrator, by policy. The catalog item has built in client rules to drive an ACC (Agent Client Collector) installation when the deployment environment is marked for production.

    To select the credential alias key for ACC deployment from mid, the appropriate ACC admin role permissions are required to be bestowed to the user. For prerequisites check “Deploy ACC-* in post provisioning” below. The work-flow automation runs a CCG scan on the deployed Linux instance and checks the policy rule with the configuration of the VM. If there is any violation, the stack will be set with 'Follow up required' state to notify that the stack deployment is not as per norms.

    Order a Linux virtual machine on EC2 and specify up to 10 additional disk. For up to two disks, no approval is necessary. Seek approval for anything beyond that.

    This catalog item form allows ordering up to 10 additional disks (volumes) attached to the VM of varying sizes and types. If more than two additional disks are added to the request, seek approval from administrator, by policy.

    Order a secure Linux virtual machine with enhanced security by assigning a Network Security Group for highest level of security.

    This catalog item form allows capability to assign one Network Security Group to the compute instance so that the network access to the VM is restricted. Security groups are listed for the selected VPC and subnets.
    Note:

    Tag (key-value) is assigned to all deployed resources. Example: VM, network, storage as present in the stack.

    The key-value is updated only in the cmdb_key_value table, not in public cloud at this time. This will be fixed in future releases to update the tags in cloud.