Continuous Cloud CMDB Sync with ServiceNow & Turbot Guardrails

Supercharge your ServiceNow CMDB with real-time syncing of AWS, Azure, and GCP resources to increase visibility & accuracy.

Turbot Team
5 min. read - Dec 11, 2023
Supercharge your ServiceNow CMDB with real-time syncing of AWS, Azure, and GCP resources to increase visibility & accuracy.

Turbot Guardrails integration into ServiceNow injects continuous real-time cloud resource details, eliminating manual discovery gaps. Syncing occurs instantly across your multi-cloud environments as resources are created, updated or deleted. This real-time accuracy helps eliminate blindspots and empowers more responsive operations.

Why continuous cloud sync is required

Manual and scheduled discovery leads to inaccurate data as the cloud is rapidly changing – resources come and go quickly which if it is not real-time will miss which resources have been used, what was their configuration at the time, and who made those changes.

Continuously syncing your cloud resources into ServiceNow enhances the CMDB into a living source of truth for hybrid and multi-cloud enterprises:

  • Eliminate blindspots: comprehensive multi-cloud resource coverage.
  • Improve accuracy: instant updates prevents missing and incomplete data.
  • Flexible mapping: control what data is synced to which CMDB CI tables.
  • Enrich context: surface tags as key resource data.

How to sync cloud resources to ServiceNow CMDB

Each cloud resource type can be configured to sync to the ServiceNow CMDB. Most often you would set the scope of the policy across many cloud resources from all your cloud accounts. In this example we will show how to enable syncing AWS S3 Buckets.

Simply set the Turbot Guardrails policy to “Enforce: Sync” and apply to all or specific cloud accounts:

For the AWS account we enabled the sync for, the following resources will be in scope for the sync:

Instantly the resources will be added to the associated ServiceNow CMDB table:

As cloud resources are added, updated, or deleted, Turbot Guardrails handles the configuration drift and keeps ServiceNow updated.

For example when a resource changes, Turbot captures the configuration drift and updates ServiceNow:

Cloud resource deletion can be managed as a complete synchronization where the record in ServiceNow is deleted as well, or archived to retain its record with an archive status.

Map cloud resource details to CMDB CI tables

Each cloud resource type can be mapped to new or existing CMDB CI tables. You can also extend off existing tables as well. In this example, the AWS S3 Bucket resource type maps to a new `cmdb_ci_aws_s3_bucket”.

name: cmdb_aws_s3_bucket
label: AWS > S3 > Bucket
extendsTable: cmdb_ci_cloud_storage_account

Mappings of which columns to create are simple to define in the Table Definition policy:

- name: bucket_name
label: Bucket Name
- name: account_id
label: Account ID
- name: region
label: Region
- name: tags
size: 1000
type: string
label: Cloud Tags

Any data from the cloud provider can be added. To associate more fields simply add as additional columns:

- name: versioning_enabled
label: Versioning Enabled

Adding custom fields is common. In this case we want to add a column to capture the Application ID associated from ServiceNow to the cloud resource:

- name: app_id
size: 1000
type: string
label: Application ID

To populate the added columns dynamically, the Configuration Item policy can define where the data comes from. In this case, this information can be pulled from the cloud resource details such as the Versioning.Status and the app_id tag:

bucket_name: {{ $ }}
account_id: {{ $ }}
region: {{ $ }}
tags: {{ $.resource.turbot.tags }}
versioning_enabled: {{ $ }}
app_id: {{ $.resource.turbot.tags.app_id }}

See it in action

Modernize your ServiceNow CMDB

With the integration between the ServiceNow and Turbot Guardrails, you can enable a continuous cloud sync to boost data accuracy and automate discoveries across your multi-cloud environments.

If you are new to Turbot Guardrails, reach out to us to get started. For existing customers, simply follow the ServiceNow integration guide to enable in your Turbot Guardrails workspace, and learn how you can also sync ServiceNow data to Guardrails, further enriching your cloud & security controls.

Join our Slack community #guardrails channel to discuss your use cases and provide feedback as you leverage the integration.