Cloud Configuration Governance actions reference

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Cloud Configuration Governance actions reference

    Cloud Configuration Governance (CCG) leverages Integration Hub subflows to interact with cloud environments and update configuration data within the ServiceNow Configuration Management Database (CMDB). It provides several predefined actions to read configuration settings, create audit result records, and insert resource records, enabling streamlined governance of cloud resources and audit compliance tracking.

    Show full answer Show less

    Key Actions and Their Uses

    • CCG – Read Config Setting: Reads configuration data from a specified cloud resource. You select the resource record and specify the configuration key to retrieve the desired configuration value.
    • Assign Subflow Outputs: Manages audit violation reporting. You can choose to report an issue based on policy violation definitions or suppress reporting and manage audit violation records with custom conditions.
    • Create Record: Creates audit result records in the CMDB table snitomccgauditresult. This action captures details such as the scan run, test run status, violation description, affected resource, and severity of the audit issue.
    • CCG – Insert Resource Record: Inserts new resource records into the CMDB with details including scan run, service account, logical datacenter, resource identifier, name, type, cloud provider, and any additional attributes.

    Practical Benefits for ServiceNow Customers

    • Enables automated retrieval and management of cloud resource configuration data directly within the CMDB, enhancing visibility and control.
    • Supports precise audit violation reporting and tracking, ensuring compliance with cloud governance policies.
    • Simplifies creation and maintenance of resource and audit records, fostering accurate and up-to-date configuration and audit databases.
    • Facilitates integration with ServiceNow workflows and automation through predefined actions, reducing manual efforts and improving governance efficiency.

    Cloud Configuration Governance (CCG) uses Integration Hub subflows to interact with the cloud and update the configuration data in the Configuration Management Database (CMDB).

    CCG – Read Config Setting

    Use this action to read the configuration data of the resource.

    To use this action, insert an action and then navigate to Action > Cloud Configuration Governance > Utils > CCG – Read Config Setting.

    Table 1. CCG – Read Config Setting action
    Field Description
    Resource [Resource] Resource record that contains the configuration data.
    Configuration key [Configuration Key] Configuration key you want to read.

    Assign Subflow Outputs

    Table 2. Assign Subflow Outputs form
    Field Description
    Report issue

    Option to enable the subflow to report the audit violation.

    Select the Report Issue option in the Data column or clear this check box to set or clear this field.

    • Selected: Report the issue as per the violation definition selected in the Audit Violation Reporting field of the policy.
    • Cleared: Cloud Configuration Governance doesn’t report the violation. Create a custom record for the audit violation. You can specify conditions to control the creation of the audit violation record.
    Details Violation definition that you want to report for the violation.

    Enter the violation definition in the Details field in the Data column. This field is required if you've selected the Report Issue option.

    Create Record

    Use this action to create a record in the CMDB.

    To use this action, insert an action and then navigate to Action > ServiceNow Core > Default > Create Record.

    Table 3. Create Record action
    Field Description
    Table Name of the Configuration Management Database (CMDB) table where the audit result is stored.

    Set this field to Audit Result [sn_itom_ccg_audit_result].
    Fields Details of the record that you want to create in the Configuration Management Database (CMDB).

    Add the following fields and configure input for them:

    • Scan Run: Scan run during which Cloud Configuration Governance has identified the audit issue.
    • Is Test Run: Indicates whether Cloud Configuration Governance has reported the audit issue during a test run.
    • Details: Details of the violation.
    • Violation Definition: Violation definition of the audit issue.
    • Resource: Cloud resource for which Cloud Configuration Governance has raised the audit issue.
    • Severity: Severity of the audit issue.

    CCG – Insert Resource Record

    Use this action to insert a resource record to the Configuration Management Database (CMDB).

    To use this action, insert an action and then navigate to Action > Cloud Configuration Governance > Utils > CCG – Insert Resource Record.

    Table 4. CCG – Insert Resource Record action
    Field Description
    Scan run Scan run for which the subflow must create the resource record.
    Service account Service account to which the resource is attached.
    Logical datacenter Logical datacenter to which the resource is attached.
    Identifier Identifier of the resource record.
    Name Name of the resource.
    Type Resource type.
    Provider Cloud provider that hosts the resource.
    Details Details of the object that you want to store in the resource record.
    Attributes Any additional resource attribute that you want to import to the CMDB.