Discovering AWS resources in ServiceNow's CMDB just got easier with Turbot Guardrails. The integration requires no additional ServiceNow modules or AWS services. Instead, Turbot Guardrails enables a direct, low-cost way to get real-time AWS resource discovery into ServiceNow. This automated discovery integration has two key benefits. First, it enhances the accuracy of your CMDB data by surfacing comprehensive and timely AWS resource insights. Second, it significantly reduces the cost and overhead compared to enabling native ServiceNow cloud discovery capabilities. This makes Turbot Guardrails an ideal solution for those new to cloud discovery or looking to augment existing ServiceNow AWS integrations. Users can tap into broader coverage and more precise AWS data without added complexity. ## Why an automated AWS discovery for ServiceNow? Manual and scheduled discovery of AWS resources leads to inaccurate ServiceNow data. AWS resources change too quickly for legacy discovery methods to keep up. As a result, CMDBs end up with blindspots and incorrect configurations. Automating continuous AWS discovery and integrating resources into ServiceNow enhances the accuracy and reliability of your CMDB: * Eliminates blindspots by covering more AWS services beyond the native integrations * Prevents missing and stale data with instant updates when resources change * Allows flexible control over which resource data syncs to which CMDB CI tables * Surfaces AWS tags and metadata to enrich CMDB context * Archives historical records of provisioned resources that get deleted ## Augmenting native AWS discovery in ServiceNow Native ServiceNow connectors & AWS integrations are available to enable discovery of core AWS services such as EC2, VPC, etc. However, these have limitations around: * Requiring additional licensing and services * Supporting limited resource coverage * Relying on scheduled batch jobs rather than real-time scans * Needing professional services and customization The Turbot Guardrails integration augments native capabilities by: * Point-and-click integration setup * Discovering 100+ AWS resource types out of the box * Reducing licensing dependency and service overhead * Automatically updating CMDBs instantly when resources change * Providing flexible control to configure synced data as needed * * Centralized management for other discovery scopes; [Azure](https://turbot.com/guardrails/blog/2024/03/servicenow-azure-discovery), [GCP](https://turbot.com/guardrails/blog/2024/03/servicenow-gcp-discovery), & [Kubernetes](https://turbot.com/guardrails/blog/2024/05/servicenow-kubernetes-discovery) By combining automated discovery from Turbot Guardrails with ServiceNow and AWS, you can accurately sync AWS configs into ServiceNow's CMDB in real-time without added cost & complexity. ## Configuring automated AWS resource discovery for ServiceNow CMDB Each AWS resource type can be configured to sync to the ServiceNow CMDB. Most often you would set the scope of the policy across many AWS resources from all your AWS accounts. In this example we will show how to enable syncing AWS S3 Buckets. Simply set the Turbot Guardrails policy to “Enforce: Sync” and apply to all or specific AWS accounts:

For the AWS account we enabled the integration for, the following AWS resources will be in scope for the AWS discovery:

Instantly the AWS resources will be added to the associated ServiceNow CMDB table:

As AWS resources are added, updated, or deleted, Turbot Guardrails handles the configuration drift and keeps ServiceNow CMDB updated. For example, when an AWS resource changes, Turbot Guardrails captures the configuration drift and updates ServiceNow CMDB:

AWS resource deletion can be managed as a complete synchronization where the record in ServiceNow is deleted as well, or archived to retain its record with an archive status. ## Map AWS resource details to ServiceNow CMDB CI tables Each cloud resource type can be mapped to new or existing ServiceNow CMDB CI tables. You can also extend off existing tables as well. In this example, the AWS S3 Bucket resource type maps to a new `cmdb_ci_aws_s3_bucket”. ```yaml table: name: cmdb_aws_s3_bucket label: AWS > S3 > Bucket extendsTable: cmdb_ci_cloud_storage_account ``` Mappings of which columns to create are simple to define in the Table Definition policy: ```yaml columns: - name: bucket_name label: Bucket Name - name: account_id label: Account ID - name: region label: Region - name: tags size: 1000 type: string label: Cloud Tags ``` Any data from AWS can be added. To associate more fields simply add as additional ServiceNow CMDB table columns: ```yaml - name: versioning_enabled label: Versioning Enabled ``` Adding custom ServiceNow CMDB CI fields is common. In this case we want to add a CMDB CI column to capture the Application ID associated from ServiceNow to the AWS resource: ```yaml - name: app_id size: 1000 type: string label: Application ID ``` To populate the added ServiceNow CMDB CI columns dynamically, the Configuration Item policy can define where the data comes from. In this case, this information can be pulled from the AWS resource details such as the `Versioning.Status` and the `app_id` tag: ``` bucket_name: {{ $.resource.data.Name }} account_id: {{ $.resource.metadata.aws.accountId }} region: {{ $.resource.metadata.aws.regionName }} tags: {{ $.resource.turbot.tags }} versioning_enabled: {{ $.resource.data.Versioning.Status }} app_id: {{ $.resource.turbot.tags.app_id }} ``` ## See Turbot Guardrails AWS discovery for ServiceNow in action

## Modernize your ServiceNow CMDB with automated AWS discovery [Get started](https://turbot.com/start) with a 14-day free trial of Turbot Guardrails to experience [automated discovery](https://turbot.com/guardrails/docs/integrations/servicenow) and sync for AWS resources into your ServiceNow instance. Real-time, comprehensive visibility within minutes at just $0.05 per resource per month.

Automated AWS discovery to ServiceNow CMDB