Turbot Guardrails integration into ServiceNow injects continuous real-time cloud resource details, eliminating manual discovery gaps. Syncing occurs instantly across your multi-cloud environments as resources are created, updated or deleted. This real-time accuracy helps eliminate blindspots and empowers more responsive operations.
Why continuous cloud sync is required
Manual and scheduled discovery leads to inaccurate data as the cloud is rapidly changing – resources come and go quickly which if it is not real-time will miss which resources have been used, what was their configuration at the time, and who made those changes.
Continuously syncing your cloud resources into ServiceNow enhances the CMDB into a living source of truth for hybrid and multi-cloud enterprises:
- Eliminate blindspots: comprehensive multi-cloud resource coverage.
- Improve accuracy: instant updates prevents missing and incomplete data.
- Flexible mapping: control what data is synced to which CMDB CI tables.
- Enrich context: surface tags as key resource data.
How to sync cloud resources to ServiceNow CMDB
Each cloud resource type can be configured to sync to the ServiceNow CMDB. Most often you would set the scope of the policy across many cloud resources from all your cloud accounts. In this example we will show how to enable syncing AWS S3 Buckets.
Simply set the Turbot Guardrails policy to “Enforce: Sync” and apply to all or specific cloud accounts:
For the AWS account we enabled the sync for, the following resources will be in scope for the sync:
Instantly the resources will be added to the associated ServiceNow CMDB table:
As cloud resources are added, updated, or deleted, Turbot Guardrails handles the configuration drift and keeps ServiceNow updated.
For example when a resource changes, Turbot captures the configuration drift and updates ServiceNow:
Cloud resource deletion can be managed as a complete synchronization where the record in ServiceNow is deleted as well, or archived to retain its record with an archive status.
Map cloud resource details to CMDB CI tables
Each cloud resource type can be mapped to new or existing CMDB CI tables. You can also extend off existing tables as well. In this example, the AWS S3 Bucket resource type maps to a new `cmdb_ci_aws_s3_bucket”.
table: name: cmdb_aws_s3_bucket label: AWS > S3 > Bucket extendsTable: cmdb_ci_cloud_storage_accountMappings of which columns to create are simple to define in the Table Definition policy:
columns: - name: bucket_name label: Bucket Name - name: account_id label: Account ID - name: region label: Region - name: tags size: 1000 type: string label: Cloud TagsAny data from the cloud provider can be added. To associate more fields simply add as additional columns:
- name: versioning_enabled label: Versioning EnabledAdding custom fields is common. In this case we want to add a column to capture the Application ID associated from ServiceNow to the cloud resource:
- name: app_id size: 1000 type: string label: Application IDTo populate the added columns dynamically, the Configuration Item policy can define where the data comes from. In this case, this information can be pulled from the cloud resource details such as the Versioning.Status and the app_id tag:
bucket_name: {{ $.resource.data.Name }}account_id: {{ $.resource.metadata.aws.accountId }}region: {{ $.resource.metadata.aws.regionName }}tags: {{ $.resource.turbot.tags }}
versioning_enabled: {{ $.resource.data.Versioning.Status }}app_id: {{ $.resource.turbot.tags.app_id }}See it in action
Modernize your ServiceNow CMDB
With the integration between the ServiceNow and Turbot Guardrails, you can enable a continuous cloud sync to boost data accuracy and automate discoveries across your multi-cloud environments.
If you are new to Turbot Guardrails, reach out to us to get started. For existing customers, simply follow the ServiceNow integration guide to enable in your Turbot Guardrails workspace, and learn how you can also sync ServiceNow data to Guardrails, further enriching your cloud & security controls.
Join our Slack community #guardrails channel to discuss your use cases and provide feedback as you leverage the integration.