How To

Automated AWS discovery to ServiceNow CMDB

Automated ServiceNow AWS discovery via Turbot Guardrails provides comprehensive coverage and real-time accuracy across 100+ AWS services.

Turbot Team
5 min. read - Jan 18, 2024
Automated ServiceNow AWS discovery via Turbot Guardrails provides comprehensive coverage and real-time accuracy across 100+ AWS services.

Discovering AWS resources in ServiceNow's CMDB just got easier with Turbot Guardrails. The integration requires no additional ServiceNow modules or AWS services. Instead, Turbot Guardrails enables a direct, low-cost way to get real-time AWS resource discovery into ServiceNow.

This automated discovery integration has two key benefits. First, it enhances the accuracy of your CMDB data by surfacing comprehensive and timely AWS resource insights. Second, it significantly reduces the cost and overhead compared to enabling native ServiceNow cloud discovery capabilities. This makes Turbot Guardrails an ideal solution for those new to cloud discovery or looking to augment existing ServiceNow AWS integrations. Users can tap into broader coverage and more precise AWS data without added complexity.

Why an automated AWS discovery for ServiceNow?

Manual and scheduled discovery of AWS resources leads to inaccurate ServiceNow data. AWS resources change too quickly for legacy discovery methods to keep up. As a result, CMDBs end up with blindspots and incorrect configurations.

Automating continuous AWS discovery and integrating resources into ServiceNow enhances the accuracy and reliability of your CMDB:

  • Eliminates blindspots by covering more AWS services beyond the native integrations
  • Prevents missing and stale data with instant updates when resources change
  • Allows flexible control over which resource data syncs to which CMDB CI tables
  • Surfaces AWS tags and metadata to enrich CMDB context
  • Archives historical records of provisioned resources that get deleted

Augmenting native AWS discovery in ServiceNow

Native ServiceNow connectors & AWS integrations are available to enable discovery of core AWS services such as EC2, VPC, etc. However, these have limitations around:

  • Requiring additional licensing and services
  • Supporting limited resource coverage
  • Relying on scheduled batch jobs rather than real-time scans
  • Needing professional services and customization

The Turbot Guardrails integration augments native capabilities by:

  • Point-and-click integration setup
  • Discovering 100+ AWS resource types out of the box
  • Reducing licensing dependency and service overhead
  • Automatically updating CMDBs instantly when resources change
  • Providing flexible control to configure synced data as needed

By combining automated discovery from Turbot Guardrails with ServiceNow and AWS, you can accurately sync AWS configs into ServiceNow's CMDB in real-time without added cost & complexity.

Configuring automated AWS resource discovery for ServiceNow CMDB

Each AWS resource type can be configured to sync to the ServiceNow CMDB. Most often you would set the scope of the policy across many AWS resources from all your AWS accounts. In this example we will show how to enable syncing AWS S3 Buckets.

Simply set the Turbot Guardrails policy to “Enforce: Sync” and apply to all or specific AWS accounts:

For the AWS account we enabled the integration for, the following AWS resources will be in scope for the AWS discovery:

Instantly the AWS resources will be added to the associated ServiceNow CMDB table:

As AWS resources are added, updated, or deleted, Turbot Guardrails handles the configuration drift and keeps ServiceNow CMDB updated.

For example, when an AWS resource changes, Turbot Guardrails captures the configuration drift and updates ServiceNow CMDB:

AWS resource deletion can be managed as a complete synchronization where the record in ServiceNow is deleted as well, or archived to retain its record with an archive status.

Map AWS resource details to ServiceNow CMDB CI tables

Each cloud resource type can be mapped to new or existing ServiceNow CMDB CI tables. You can also extend off existing tables as well. In this example, the AWS S3 Bucket resource type maps to a new `cmdb_ci_aws_s3_bucket”.

name: cmdb_aws_s3_bucket
label: AWS > S3 > Bucket
extendsTable: cmdb_ci_cloud_storage_account

Mappings of which columns to create are simple to define in the Table Definition policy:

- name: bucket_name
label: Bucket Name
- name: account_id
label: Account ID
- name: region
label: Region
- name: tags
size: 1000
type: string
label: Cloud Tags

Any data from AWS can be added. To associate more fields simply add as additional ServiceNow CMDB table columns:

- name: versioning_enabled
label: Versioning Enabled

Adding custom ServiceNow CMDB CI fields is common. In this case we want to add a CMDB CI column to capture the Application ID associated from ServiceNow to the AWS resource:

- name: app_id
size: 1000
type: string
label: Application ID

To populate the added ServiceNow CMDB CI columns dynamically, the Configuration Item policy can define where the data comes from. In this case, this information can be pulled from the AWS resource details such as the Versioning.Status and the app_id tag:

bucket_name: {{ $ }}
account_id: {{ $ }}
region: {{ $ }}
tags: {{ $.resource.turbot.tags }}
versioning_enabled: {{ $ }}
app_id: {{ $.resource.turbot.tags.app_id }}

See Turbot Guardrails AWS discovery for ServiceNow in action

Modernize your ServiceNow CMDB with automated AWS discovery

Get started with a 14-day free trial of Turbot Guardrails to experience automated discovery and sync for AWS resources into your ServiceNow instance. Real-time, comprehensive visibility within minutes at just $0.05 per resource per month.