AWS tag discovery
Summarize
Summary of AWS tag discovery
The AWS tag discovery feature in ServiceNow Discovery and Service Mapping applications enables customers to identify and import tags for a wide range of AWS resources into the CMDB. This enhances visibility and management of AWS assets by associating tags with their respective configuration item (CI) types. The tag-specific discovery patterns complement existing AWS resource discovery patterns available from the ServiceNow Store and require the latest Discovery and Service Mapping Patterns application versions.
Show less
Key Features
- Comprehensive AWS resource tag support: Tags are discovered and populated for numerous AWS services and CI types including ACLs, API Gateways, Load Balancers, Cognito, DynamoDB, Lambda, Relational Databases, S3, Security Groups, Virtual Servers, VPN Gateways, and many others.
- Pattern-driven discovery: Patterns use a Resource Type filter to target tags relevant to each CI type, and execute Cloud API calls to retrieve and parse tag data from AWS.
- Parsing and relationships: The discovery patterns extract resource names from ARNs and establish relationships between tags and cloud resource types for accurate CMDB population.
- Cloud Rest Call API integration: Patterns use a specific API call to the AWS Resource Groups Tagging API endpoint to fetch tag data, utilizing configured AWS credentials with read-only permissions.
- Discovery scheduling and credential management: Customers must configure AWS credentials (access key and secret key) on the ServiceNow AI Platform, including the Amazon Account ID and set up discovery schedules per AWS service account.
Practical Application for ServiceNow Customers
By implementing AWS tag discovery, you can enrich your CMDB with detailed tag metadata linked to AWS resources, improving configuration management, governance, and automation workflows. This enables better asset tracking, cost allocation, compliance reporting, and service mapping accuracy within your hybrid cloud environment.
To get started, ensure you have the latest Discovery and Service Mapping Patterns application installed, configure your AWS credentials correctly, set read-only permissions for the AWS tagging service endpoint, and create discovery schedules targeting your AWS accounts. Patterns handle the complex parsing of AWS ARNs and tag relationships, simplifying the integration process.
Additional Information
- For detailed tag and pattern information per AWS resource, consult the specific AWS resource documentation.
- Access apps and submit requests through the ServiceNow Store to obtain the necessary patterns.
- Use the Cloud Discovery Workspace to create and manage discovery schedules effectively.
The ServiceNow Discovery and Service Mapping applications can use patterns to discover the tags for AWS resources and configuration item (CI) types, and then populate the CMDB with these discoveries. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.
This tag-specific discovery pattern is in addition to the other AWS patterns available on the ServiceNow Store.This pattern extends the ones used for discovering the respective AWS resources.
- Amazon AWS - ACL (LP) [cmdb_ci_network_acl]
- Amazon AWS API Gateway [cmdb_ci_cloud_gateway]
- Amazon AWS - Application and Network LB (LP) [cmdb_ci_cloud_load_balancer]
- Amazon AWS Application and Network LBs Events
- Amazon AWS - Classic LB (LP) [cmdb_ci_cloud_load_balancer]
- Amazon AWS Classic LB Events
- Amazon AWS Cognito [cmdb_ci_cloud_authentication]
- Amazon AWS - Customer Gateway (LP) [cmdb_ci_customer_gateway]
- Amazon AWS DB Cluster
- Amazon AWS DynamoDB [cmdb_ci_dynamodb_table]
- Amazon AWS ElastiCache
- Amazon AWS - ECS [cmdb_ci_cloud_service_account]
- Amazon AWS - Executable Template (LP) [cmdb_ci_os_template]
- Amazon AWS - Host (LP)
- Amazon AWS - Internet Gateway (LP)
- Amazon AWS keyspace
- Amazon AWS - Key Pair (LP)
- Amazon AWS Lambda [cmdb_ci_cloud_function]
- Amazon AWS - LB Pool (LP)
- Amazon AWS - NAT Gateway (LP)
- Amazon AWS - Network (LP)
- Amazon AWS Network Events
- Amazon AWS - NIC (LP)
- Amazon AWS - Owned Template (LP)
- Amazon AWS - Public IP Address (LP)
- Amazon AWS Redshift
- Amazon AWS Relational Database Service [cmdb_ci_cloud_database]
- Amazon AWS Resource Inventory
- Amazon AWS - Route Table (LP)
- Amazon AWS S3 [cmdb_ci_cloud_object_storage]
- Amazon AWS - Security Group (LP)
- Amazon AWS Security Group Events
- Amazon AWS Serverless Database
- Amazon AWS - Storage (LP)
- Amazon AWS Storage Events
- Amazon AWS sub account discovery
- Amazon AWS - Subnet (LP)
- Amazon AWS - Virtual Server (LP)
- Amazon AWS Virtual Server Events
- Amazon AWS - VPN Connections (LP)
- Amazon AWS - VPN Gateway (LP)
Request apps on the Store
Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
Prerequisites
- AWS Credentials
-
- On the ServiceNow AI Platform, configure AWS credentials, using a secret key and an access key.
- Have an Amazon Account ID. Use the Account ID as it appears in the AWS Management Console. You can run Discovery from the service account form.
- Set read-only permissions for the following URL: https//tagging.<region>.amazonaws.com.
- Discovery schedule
- Create a schedule for the relevant AWS service account. For more information, see Create a discovery schedule in Cloud Discovery Workspace.
Pattern tasks
- Sets the Resource Type filter: Filters the tags to only those tags related to the pattern CI type.
- Initiates the Cloud API call: The API call to the cloud environment that collects the tags and parses their attributes in the Tags table.
- Parses the resource name from the Amazon Resource Name (ARN). Each Amazon resource is assigned a name and a unique identifier.Note:Parsing the resource name is needed only for patterns where the main identification section does not work with the ARN of the AWS resource. When that is the case, a relation attribute has to be parsed from the AWS ARN.
- Includes references to cloud resource type. Establishes the relationship between the tag and the cloud resource type.
Cloud Rest Call
The pattern includes an API called "Cloud Rest Call” Post Call used to collect the following data:
- API URL used to retrieve the data — "https://tagging." + $ldc[1].object_id + ".amazonaws.com/“
- API Body — "{\"ResourceTypeFilters\":[\"" + $resource_type + "\"]}“
- Headers — "Content-Type:application/x-amz-json-1.1,X-Amz-Target:ResourceGroupsTaggingAPI_20170126.GetResources"
This data displays as shown in the following window.
Data collected by Discovery during horizontal discovery
The pattern collects the following data during horizontal discovery:
| Table and field | Additional information |
|---|---|
| CI type [cmdb_key_value] | |
| Key | Tag key |
| Value | Tag value |
| Object_id |
Unique resource ID that identifies the resource in the AWS console. |
| Class model [cmdb_key_value] | |
| Extends table | Not applicable |
| Identifier – Object_id | Related entries to cloud resources |
| Metadata rules | Not applicable |
This data is displayed as shown in the following window:
var rtrn;
var name = ${cmdb_key_value[].object_id}
name = name.substring(name.lastIndexOf("restapis/")+9,name.lastIndex);
name = name.substring(0,name.indexOf("/"));
rtrn = name;