End of support notice: On March 31, 2027, AWS will end support for AWS Service Management Connector. After March 31, 2027, you will no longer be able to access the AWS Service Management Connector console or AWS Service Management Connector resources. For more information, see [AWS Service Management Connector end of support](https://docs.aws.amazon.com/smc/latest/ag/smc-end-of-support.html).
# AWS Config in ServiceNow
This section shows you how to use AWS Config to integrate to ServiceNow.
To allow the Connector to synchronize Config data for a given Region, you must enable AWS Config in that Region. For more information, see [Setting Up AWS Config with the Console](https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html).
AWS Service Management Connector for ServiceNow enables ServiceNow administrators to specify select ServiceNow tables as custom resources within AWS Config.
To set up these resources, use the preconfigured files in the Connector. These required files include the custom resource schema.
**Topics**
+ [Configuring system properties, aggregators, and custom resources](sn-configuration-integ.md)
+ [Validating AWS Config integration in ServiceNow](sn-validate-config.md)
+ [Updating the AWS Load Balancer resource details in the ServiceNow CMDB](update-balancer.md)
# Configuring system properties, aggregators, and custom resources
This version of the AWS Service Management Connector enables ServiceNow administrators to configure system properties, Config Aggregators, and AWS Config custom resources from select ServiceNow tables.
**To configure the new AWS Config integration System properties**
1. In the navigator, enter **AWS Service Management**.
1. Choose **System Properties**, and then choose **AWS Config**.
1. Review the available settings and recommendations in the table below.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/smc/latest/ag/sn-configuration-integ.html)
# Validating the synchronization of Amazon WorkSpaces from AWS Config
Validate the synchronization of Amazon WorkSpaces in AWS Config by executing a scheduled job.
**To validate the synchronization of Amazon WorkSpaces in AWS Config**
1. Execute the scheduled job **synchronize Amazon WorkSpaces** manually.
1. Navigate to **AWS Config**, and then choose **WorkSpaces**.
1. Validate the data.
**Note**
Amazon WorkSpaces synchronization is only supported for stand-alone accounts, not for AWS Config Aggregator accounts.
The **SyncUser** role must include the `DescribeWorkSpacesPolicy` for the synchronization to execute successfully.
# Addressing stale AWS Config items in the ServiceNow CMDB
**Note**
ServiceNow administrators are the target audience for this section.
In addition to the AWS Config settings, AWS SMC for ServiceNow now exposes a global API to identify stale config items from the AWS Config integration.
Stale Config items are the existing AWS Config items that did not update during the most recent sync for the same source (such as account, Region, and Aggregator name).
**Note**
This feature requires you to enable the creation relationship to sync the status setting in the AWS Config System Properties in the ServiceNow scoped app.
The script includes `x_126749_aws_sc.AwsSmc` and exposes a public API. You can use this script to access any application scope, including *global* scope. As an example, run this script:
```
x_126749_aws_sc.AwsSmc.asSyncUser().getStaleConfigItems().forAll(function(object)
{
gs.info(
object.accountNumber + '/' + object.region + ' '
+ (object.aggregatorName ? 'aggregator: ' + object.aggregatorName + ' ' :
'')
+ 'ci: ' + object.ci.name
+ ' - ' + object.ci.getDisplayValue('install_status')
);
});
```
As a background script, it would log the following:
```
Info: 11111111/us-east-1 ci: i-1234567fg6j8 - Installed
Info: 11111111/us-west-1 ci: i-9876541fdgfd - Installed
Info: 22222222/eu-west-1 aggregator: all-dev ci: i-1df5235ftt55 - Installed
```
Each *object* contains the properties below:
****
| Property | Type | Description |
| --- | --- | --- |
| accountNumber | String | The account number from which the stale config item originates. |
| region | String | The Region from which the stale config item originates. |
| aggregatorName | String | The Aggregator name (if applicable) from which the stale config item originates. |
| lastSynced | GlideDateTime | The GlideDateTime of the when the last synchronization occurred. |
| CI | GlideRecord | The GlideRecord of the stale config item. |
Optionally, you can also pass an `options` object as the second argument to the `forAll` method that allows you to customize the search for stale items.
| Property | Type | Description |
| --- | --- | --- |
| lowerTimeLimit | GlideDateTime | The threshold GlideDateTime from when you should search items. Any stale item last updated prior to that date does not return. |
| upperTimeLimit | GlideDateTime | The threshold GlideDateTime until you should search for items. Any item last updated after that date does not return. |
| excludeStatus | Number | The install\$1status to filter on. |
Timestamps of sync resources:
+ `LastSyncTimeField`(default `checked_in`): The start of the current sync process.
+ `first_discovered` (for new records): The current time. We set the `LastDiscoveredField` (default `last_discovered`) to the `configurationItemCaptureTime` of the resource, if it exists or is undefined.
**Additional notes on stale records**
When AWS Service Management Connector reads AWS Config records that refer to other resources, it often creates a relationship to those resources.
In some cases, the related resource does not have an entry in the ServiceNow CMDB. In these cases, the Connector creates a record for that relationship, with an install status of *absent*. When the Connector reads the AWS Config record for the related resource, that record populates.
To see active resources, you should filter ServiceNow records synced from AWS Config by an install status of *not Absent*.
**Disclaimer**
Because the script compares items linked to stale sync records, it is unable to identify stale resources synced before the installation of this SMC version. When switching to sync with an Aggregator or switching from Aggregator sync to non-Aggregator sync, the script also fails to detect items that became stale between the last non-Aggregator sync and the first Aggregator sync.
# Configuring synchronization of AWS Config data using an Aggregator in ServiceNow CMDB
**Prerequisite**: You need to opt-in and configure the AWS account that contains the aggregated AWS Config resources details prior to performing the steps below. For more information, see [Configuring AWS Accounts to Synchronize in the Connector. ](sn-configure-accounts.md)
**To configure the Connector to use an Aggregator to synchronize AWS Config data**
1. In the AWS Service Management scoped app, choose the **Setup** module.
1. Choose **Aggregators for AWS Config**.
1. Choose **New**.
1. Enter the name of the new Config Aggregator.
1. Choose the Region where you created the new Config Aggregator.
1. Choose the AWS account that should use the new Aggregator. Only AWS accounts opted into the Connector for ServiceNow that have **Integrate with AWS Config** are viewable.
1. Choose **Submit**.
If you define an Aggregator for an AWS account and Region, the Aggregator integration becomes the only AWS Config to ServiceNow CMDB synchronization mechanism for that AWS account.
The Connector can now synchronize Config data from multiple accounts and Regions using an Aggregator. You must configure the Config Aggregator in AWS before using this feature. For more information, see [Setting up an Aggregator](https://docs.aws.amazon.com/config/latest/developerguide/setup-aggregator-console.html) in the console.
**Note**
The Config Aggregator view in AWS displays only current config item resources in AWS Config. Thus, terminated resources are not available in the Config Aggregator view.
To minimize stale config item records from rendering in the ServiceNow CMDB from the AWS Config Aggregator, we recommend you remove Config rules associated to terminated resources. For more information, see [ Evaluating Resources with AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html)
# Configuring available ServiceNow tables to sync as AWS Config custom resources
In this Connector for ServiceNow release, you can now sync a set of ServiceNow tables in the CMDB to AWS Config as custom resources.
The ServiceNow tables and AWS Config custom resource mapping are as follows:
| ServiceNow CMDB table | AWS custom resource |
| --- | --- |
| cmdb\$1ci\$1apache\$1web\$1server | Apache Web Server |
| cmdb\$1ci\$1app\$1server | Application Server |
| cmdb\$1ci\$1app\$1server\$1java | Java Server |
| cmdb\$1ci\$1app\$1server\$1tomcat | Tomcat Server |
| cmdb\$1ci\$1app\$1server\$1tomcat\$1war | Tomcat Web Application |
| cmdb\$1ci\$1app\$1server\$1websphere | IBM Websphere Application |
| cmdb\$1ci\$1app\$1server\$1ws\$1ear | Websphere Enterprise Archive |
| cmdb\$1ci\$1appl | Application |
| cmdb\$1ci\$1appl\$1dot\$1net | A .Net Application |
| cmdb\$1ci\$1appl\$1now\$1app\$1comp | ServiceNow Application Component |
| cmdb\$1ci\$1appl\$1sap | SAP Application |
| cmdb\$1ci\$1appl\$1sap\$1hana\$1db | SAP Hana Database |
| cmdb\$1ci\$1appl\$1sap\$1system | SAP System |
| cmdb\$1ci\$1appl\$1sharepoint | Microsoft Sharepoint Application |
| cmdb\$1ci\$1application\$1cluster | Application Cluster |
| cmdb\$1ci\$1application\$1server\$1resource | Application Server Resource |
| cmdb\$1ci\$1application\$1software | Application Software |
| cmdb\$1ci\$1db\$1mssql\$1database | MySql Database |
| cmdb\$1ci\$1db\$1mysql\$1instance | MySql Instance |
| cmdb\$1ci\$1kubernetes\$1cluster | Kubernetes Cluster |
**To configure ServiceNow tables as AWS Config custom resources**
**Note**
When you configure ServiceNow tables as AWS Config custom resources you might encounter an increase in your billing statement for the creation of additional resources.
1. In the navigator, enter **AWS Service Management**.
1. Choose **Setup**, then **Tables Sync to AWS Config**.
1. Choose **New**.
1. Choose an in scope ServiceNow table.
1. Choose an account and Region for the new resource type. You can select any supported Region, in addition to preconfigured Regions for the account.
1. Click **Submit**.
1. Repeat steps above to include additional ServiceNow tables available to sync as AWS Config custom resources.
The amount of time to create new AWS Config resources depends on the number of ServiceNow tables you selected. You can see resources in the **Schema version** field upon successful completion. The period synchronization of resources automatically includes the new AWS Config custom resource type. As details in the ServiceNow table update, this information syncs to AWS Config custom resource.
# Validating AWS Config integration in ServiceNow
To see AWS Config details, configure the service settings to record data for the resource types of interest. For more information, see [Setting Up AWS Config with the Console](https://docs.aws.amazon.com/config/latest/developerguide/gs-console.html).
**To view configuration item details from AWS Config in the ServiceNow CMDB**
1. Log in to your ServiceNow instance as a user (for example, System Administrator) in the fulfiller view (Standard user interface view).
1. In the navigator, enter **AWS Service Management**.
1. Choose **AWS Config**. Select and view the relationships for available AWS resources.
This table illustrates the available AWS resources, ServiceNow CMDB label, and table name.
| AWS resources (AWS Config) | ServiceNow CMDB/Scoped App Table Label | ServiceNow CMDB/Scoped App Table Name |
| --- | --- | --- |
| Accounts | CMDB CI Cloud Service Accounts | cmdb\$1ci\$1cloud\$1service\$1account |
| VPCs | Cloud Networks | cmdb\$1ci\$1network |
| Availability Zones | Availability Zone | cmdb\$1ci\$1availability\$1zone |
| EC2 Instances | Virtual Machine Instance | cmdb\$1ci\$1vm\$1instance |
| EBS Volumes | Storage Volume | cmdb\$1ci\$1storage\$1volume |
| Security Groups | Compute Security Group | cmdb\$1ci\$1compute\$1security\$1group |
| Auto Scaling Group | Auto Scaling Groups | x\$1126749\$1aws\$1sc\$1cmdb\$1ci\$1autoscaling\$1group |
| Network Interfaces | Cloud Mgmt Network Interface | cmdb\$1ci\$1nic |
| RDS Instances | Cloud DataBase | cmdb\$1ci\$1cloud\$1database |
| Subnets | Cloud Subnet | cmdb\$1ci\$1cloud\$1subnet |
| Load Balancers (V2) | Cloud Load Balancer | cmdb\$1ci\$1cloud\$1load\$1balancer |
| S3 Buckets | Cloud Object Storages | cmdb\$1ci\$1cloud\$1object\$1storage |
| CloudFormation Stacks | CloudFormation Stack | x\$1126749\$1aws\$1sc\$1cmdb\$1ci\$1cloudformation\$1stack |
| CloudFormation Provisioned Products | CloudFormation Provisioned Product | x\$1126749\$1aws\$1sc\$1cmdb\$1ci\$1config\$1pp |
| Tags | Key Value | cmdb\$1key\$1value |
| Lambdas | Cloud Function | cmdb\$1ci\$1cloud\$1function |
| Dynamo DB | DynamoDB Table | cmdb\$1ci\$1dynamodb\$1table |
| OS images | Images | cmdb\$1ci\$1os\$1template |
| AppRegistry Applications | AppRegistry Application | x\$1126749\$1aws\$1sc\$1cmdb\$1ci\$1appregistry\$1application |
| AppRegistry Attribute Groups | AppRegistry Attribute Group | x\$1126749\$1aws\$1sc\$1cmdb\$1ci\$1appregistry\$1attribute\$1group |
| AppRegistry Resources | AppRegistryResource | x\$1126749\$1aws\$1sc\$1cmdb\$1ci\$1appregistry\$1resource |
| RDS Cluster | Cloud Database Clusters | cmdb\$1ci\$1cloud\$1db\$1cluster |
| API Gateway | Cloud Gateways | cmdb\$1ci\$1cloud\$1gateway |
| Amazon Workspaces | Virtual Desktop | cmdb\$1ci\$1virtual\$1desktop |
| Amazon Elastic Container Service (ECS) | AWS Cloud ECS Cluster | cmdb\$1ci\$1cloud\$1ecs\$1cluster |
| Amazon Elastic Kubernetes Service (EKS) | Kubernetes Cluster | cmdb\$1ci\$1kubernetes\$1cluster |
| Amazon Elastic File System (EFS) | File System | cmdb\$1ci\$1file\$1service |
# Updating the AWS Load Balancer resource details in the ServiceNow CMDB
AWS Load Balancer resources map to the ServiceNow table: Cloud Load Balancer (`cmdb_ci_cloud_load_balancer`).
The previous table in the Connector was Load Balancer Service (`cmdb_ci_lb_service`). This change aligns with ServiceNow’s cloud resource best practices.
**Note**
The following transition steps are required only if you are upgrading from version 3 of the Connector to version 4.
**Fix Scripts to address changes to ELB mappings in ServiceNow CMDB**
If you are using AWS Config integration before version 4, the Connector includes two fix scripts that migrate existing Connector resources in the Load Balancer Service (`cmdb_ci_lb_service`) table to the Cloud Load Balancer (`cmdb_ci_cloud_load_balancer`) table.
**Fix Script 1: AWS SMC - Migrate ELB data**
This fix script migrates ELBv2 data from the legacy Load Balancer Service (`cmdb_ci_lb_service`) table with `discovery_source` *AWS Service Management Connector* to the new Cloud Load Balancer (`cmdb_ci_cloud_load_balancer`) table with all the relationships. (Legacy records remain undeleted for audit).
**Note**
The **AWS SMC - Migrate ELB data fix script** migrates all existing relationships of the ELBv2 resource in Load Balancer Service (`cmdb_ci_lb_service`), where the discovery source is *AWS Service Management Connector* to the newly created resource in the Cloud Load Balancer (`cmdb_ci_cloud_load_balancer`) table.
**Fix Script 2: AWS SMC - Delete ELB legacy relationship (optional)**
This fix script deletes the relationships where a child or parent is a resource in the original Load Balancer Service (`cmdb_ci_lb_service`) table, and the discovery source of the resource is *AWS Service Management Connector*.
**Note**
We recommend you execute **AWS SMC - Delete ELB legacy relationship fix** **script** after executing **AWS SMC - Migrate ELB data fix** **script**, and receiving approvals from your ServiceNow admin based on your organization’s data retention policies.
****To run a fix script in ServiceNow****
1. Log in to your ServiceNow instance as an admin user (for example, System Administrator) in the fulfiller view (Standard user interface view).
1. In the filter navigator, enter **System Definition**.
1. Choose **Fix Scripts**.
1. To migrate resources to the new Cloud Load Balancer table, choose **AWS SMC - Migrate ELB data**.
To delete relationships from the Load Balancer Service table, choose **AWS SMC - Delete ELB legacy relationship fix script**.
1. Open the fix script to execute.
1. Choose **Run Fix Script**.