End of support notice: On March 31, 2027, AWS will end support for AWS Service Management Connector. After March 31, 2027, you will no longer be able to access the AWS Service Management Connector console or AWS Service Management Connector resources. For more information, see [AWS Service Management Connector end of support](https://docs.aws.amazon.com/smc/latest/ag/smc-end-of-support.html).
# Configuring core ServiceNow components
This section describes how to configure core components in ServiceNow.
**Note**
Before installing the AWS Service Management scoped app, we recommend you clear the ServiceNow platform and your browser cache.
Ensure that you install the update set in a non-production or sandbox environment. Consult a ServiceNow system administrator if you need approval to clear the ServiceNow platform cache.
**Topics**
+ [
# Activating ServiceNow plugins
](sn-activate-plugins.md)
+ [
# Installing ServiceNow Connector scoped application
](sn-install-connector.md)
+ [
# Configuring Connector using Guided Setup
](sn-guided-setup.md)
+ [
# Platform system administrator components
](sn-configure-connector.md)
+ [
# ServiceNow permissions for administrators of the Connector scoped app
](sn-permissions-admin.md)
+ [
# Configuring AWS Service Management Connector scoped application
](sn-configure-sc-connector-scoped-app.md)
+ [
# Configuring AWS accounts to synchronize in the Connector
](sn-configure-accounts.md)
+ [
# Validating ServiceNow connectivity to AWS Regions
](validate-regions.md)
+ [
# Manually syncing scheduled jobs
](manual-sync-scheduled-jobs.md)
# Activating ServiceNow plugins
AWS Service Management Connector uses three ServiceNow plugins to provide useful components to the integration features:
+ User Criteria Scoped API (for AWS Service Catalog integration)
+ Discovery and Service Mapping Patterns (for AWS Config integration)
+ Change Management – Change Model Foundation Data (for AWS Systems Manager Change Manager integration)
**To activate the User Criteria Scoped API plugin**
1. In your ServiceNow dashboard, enter **plugins** into the navigation panel in the upper left.
1. When the **System Plugins** page populates, next to the **Name** dropdown, search for **User Criteria**.
1. Choose **User Criteria Scoped API** and then choose **Activate**.
**To activate the Discovery and Service Mapping Patterns plugin**
1. In your ServiceNow dashboard, enter **plugins** into the navigation panel in the upper left.
1. When the **System Plugins** page populates, next to the **Name** dropdown, search for **Discovery**.
1. Choose **Discovery and Service Mapping Patterns** and then choose **Activate**.
**Note**
This plugin is free and aligns to the CMDB tables outside of ServiceNow’s family release CMDB updates.
**To activate the Change Management – Change Model Foundation Data plugin**
1. In your ServiceNow dashboard, enter **plugins** in the navigation panel in the upper left.
1. When the System Plugins page populates, next to the **Name** dropdown, search for **Change Management**.
1. Choose **Change Management - Change Model Foundation Data** and then choose **Activate**.
# Installing ServiceNow Connector scoped application
The AWS Service Management Connector for ServiceNow is a conventional, scoped application that was developed and released through a ServiceNow update set. Update sets are code changes to the base platform that lets developers move code across ServiceNow instances.
Download and install a certified version of the connector for no additional cost from the following locations:
+ [ ServiceNow store](https://store.servicenow.com/sn_appstore_store.do#!/store/application/f0b117a3db32320093a7d7a0cf961912/)
+ [ ServiceNow update set](https://servicecatalogconnector.s3.amazonaws.com/AWS_SC_update_set_5.1.12.zip): AWS Service Management Connector offers an update set for users who want to install the connector application in a ServiceNow Personal Developer Instance (PDI) or sandbox environment.
If you don't already have a ServiceNow instance, start with the following first step. If you already have a ServiceNow instance, use the previous links to download and install the connector.
To install the connector, complete the following steps.
**Obtain a ServiceNow instance**
1. Open [ Obtaining a Personal Developer Instance](https://developer.servicenow.com/dev.do#!/guides/rome/developer-program/pdi-guide/obtaining-a-pdi).
1. Create ServiceNow developer program credentials.
1. Follow the instructions for requesting a ServiceNow instance.
1. Capture your instance details, including URL, administrative ID, and temporary password credentials.
**To install the update set**
1. In your ServiceNow dashboard, enter **update sets** into the navigation panel in the upper left.
1. Choose **Retrieved Update Sets** from the results.
1. Choose **Import Update Set from XML** and upload the release XML file.
1. Choose the **AWS Service Management Connector for ServiceNow** update set.
1. Choose **Preview Update Set**, which makes ServiceNow validate the Connector update set.
1. Choose **Update**.
1. Choose **Commit Update Set** to apply the update set and create the application. This procedure should complete 100%.
# Configuring Connector using Guided Setup
The Connector for ServiceNow includes a Guided Setup mechanism to enable customers to configure and mark complete ServiceNow installation components for the AWS Service Management Connector.
Guided Setup enables the customers to plan the roll-out of the Connector and perform the basic configurations of the Connector to launch it across ServiceNow staged environments.
The Connector Guided Setup:
+ Provides a direct set of links to the pages in the ServiceNow instance where you can perform the configuration.
+ Tracks completed tasks so you can stop and start again where you left off.
+ Enables less maneuvering between AWS documentation and the ServiceNow instance.
+ Coordinates the deployment and configuration of the Connector for individuals and teams.
**Note**
Only ServiceNow admin users can access the Guided Setup to configure the Connectors.
**To configure Connector using Guided Setup**
1. Log in to your ServiceNow instance as an admin user.
1. Enter **AWS Service Management Connector** in the left filter navigator.
1. Choose **Guided Setup**.
1. Review details on the Guided Setup homepage and choose **Get Started**.
1. Review details on each section.
1. To perform a task, select the task and choose **Configure**.
1. After completion of the task, choose **Mark as Complete**.
To skip sections or tasks that do not apply to you, choose Skip.
# Platform system administrator components
To enable the AWS Service Management Connector scoped application named **AWS Service Management**, the system admin must create a discovery source, and configure specific platform tables, forms, and views.
**Create a discovery source AWS Service Management Connector entry**
You must create a new discovery data source, AWS Service Management Connector.
**To enable AWS to report discovered CIs into your CMDB**
1. Choose **System Definition**. Then select **Choice Lists**.
1. Choose **New**.
1. Create a new entry with these details:
+ **Table:** **Configuration Item [cmdb\$1ci]**
+ **Element:** **discovery\$1source**
+ **Label:** **AWS Service Management Connector**
+ **Value:** **AWS Service Management Connector**
**Note**
Make sure you are in Global mode in ServiceNow System Settings to modify System Definitions.
# Administering AWS Service Management Connector Dashboard
As the system administrator, you can restrict access to the dashboard and its reports for specific users, roles or groups.
**To restrict access to the connector dashboard**
1. In the ServiceNow instance, navigate to the AWS Service Management Connector dashboard.
1. Choose the **Share** icon and then select **Add users, groups, or roles**.
1. Add the users, groups, or roles that require access to the dashboard.
1. (optional) You can also restrict access to the reports available in the dashboard. For detailed instructions, review [ Administering reports](https://docs.servicenow.com/bundle/utah-now-intelligence/page/use/reporting/concept/c_AdminsteringReports.html) in the *ServiceNow product documentation*.
# Enabling permissions on ServiceNow Platform
For AWS products to display under AWS portfolios as sub-categories in the ServiceNow Service Catalog, you need to modify the Application Access form for Catalog Item Category tables. This action is necessary because a ServiceNow scoped API is not available for the Catalog Item Category table.
**To view AWS Service Catalog products (Catalog Item Category)**
1. Enter **Tables** in the Navigator and choose **System Definition**, then choose **Tables**.
1. In the list of tables, search for a table with label **Catalog Item Category** (or with the name `sc_cat_item_category`). The list of tables displays.
1. Choose **Category** to view the form defining the table.
1. Choose the **Application Access** tab on the form and select **Can Create**, **Can Update**, and **Can Delete** on the form.
1. Choose **Update**.
**To enable the connector to control visibility of Service Catalog products on Service Portal through Allowed Groups**
**Note**
This step is only required if the Application Access is not already enabled in your ServiceNow instance. Additionally, Service Management Connector recommends that you enable the `User Criteria Scope API` plugin.
1. Enter **Tables** in the Navigator and choose **System Definition**, then choose **Tables**.
1. In the list of tables, search for a table with label **Catalog Item Available for** (or with the name `sc_cat_item_user_criteria_mtom`). The list of tables displays.
1. Choose **Category** to view the form defining the table.
1. Choose the **Application Access** tab on the form and select **Can Create** and **Can Update** on the form.
1. Choose **Update**.
# ServiceNow permissions for administrators of the Connector scoped app
The AWS Service Management scoped app has two ServiceNow roles that enable access to configure the application. This feature enables system admins to grant one or more user's privileges to administer the application, without having to open full sysadmin access to them. System admins can assign these roles to either individual users or to one administrator user.
**To set up Connector application administrator privileges**
1. Enter **Users** in the navigator and select **System Security – Users**.
1. Choose a user to grant one or both previous roles (such as admin). You can also [Administer the Now Platform](https://docs.servicenow.com/bundle/washingtondc-platform-administration/page/administer/general/concept/intro-now-platform-landing.html).
1. Choose **Edit** on the **Roles** tab of the form.
1. Filter the collection of roles by the prefix **x\$1126749\$1aws\$1sc**.
1. Choose one or more of the following and add them to the user: ** x\$1126749\$1aws\$1sc\$1account\$1admin**, **x\$1126749\$1aws\$1sc\$1portfolio\$1manager**,** x\$1126749\$1 aws\$1sc.appregistry\$1manager,** **x\$1126749\$1 aws\$1sc.automation\$1manager**, **x\$1126749\$1aws\$1sc.finding\$1manager**, **x\$1126749\$1aws\$1sc.opscenter\$1manager**, **x\$1126749\$1aws\$1sc.support\$1case\$1manager **, **x\$1126749\$1aws\$1sc.change\$1manager\$1manager**, **x\$1126749\$1aws\$1sc.productsearchaccess**, **x\$1126749\$1aws\$1sc.cloudtrail\$1event\$1user**, and **x\$1126749\$1aws\$1sc.health\$1dashboard\$1viewer.**
1. Choose **Save**.
**To add Service Catalog to ServiceNow Service Catalog categories**
1. Choose **Self Service \$1 Service Catalog** and select the **Add content** icon in the upper right.
1. Choose the **AWS Service Catalog Product** entry. To add it to your catalog home page, choose the first **Add Here** link on the second row of the selection panel at the bottom of the page.
**To add AWS Systems Manager automation documents (runbook) to ServiceNow Service Catalog categories**
1. Choose **Self Service \$1 Service Catalog** and select the **Add content** icon in the upper right.
1. Select the **AWS Systems Manager** entry. To add it to your catalog home page, choose the first **Add Here** link on the second row of the selection panel at the bottom of the page.
**Note**
This Connector release displays all AWS Systems Manager documents in the AWS account that has AWS Systems Manager selected.
System administrators can deactivate AWS Systems Manager document requests. To deactivate requests, choose **AWS Systems Manager**, **Automation Documents**, and deselect **Active**. After deactivation of the document, you no longer see the document in the ServiceNow Service Catalog.
The Connector creates closed change requests on post provision actions (such as update, terminate and self-service) for AWS Service Catalog products visible in ServiceNow.
To achieve a closed change request from post provisioned actions, add a change request type and configure the `sys_id` for the group assigned to the closed change records in the Connector AWS Service Catalog system properties.
**To add a change request type for closed change request from post provisioned actions**
1. If you upgrade from a previous version of the AWS Service Management scoped app, you must remove the **AWS Product Termination** change request type before you create a new change request type.
1. You must add a new change request type called **AWS Provisioned Product Event** for the scoped application to trigger an automated change request in Change Management. For more information, see [IT Service Management](https://docs.servicenow.com/bundle/washingtondc-it-service-management/page/product/it-service-management/reference/r_ITServiceManagement.html).
1. Open an existing change request.
1. Open (right-click) the context menu for **Type** and then choose **Show Choice List**.
1. Choose **New** and complete these fields:
+ **Table**: **Change Request**
+ **Label**: **AWS Provisioned Product Event**
+ **Value**: **AWSProvisionedProductEvent**
+ **Sequence**: pick the next unused value
1. Submit the form.
**To add a change request type for executing AWS Systems Manager Change Manager change templates**
You must add a new change request type called `AWSChangeRequest` for the scoped application to view and execute AWS Change Manager change templates in ServiceNow Change Management. For more information, see [IT Service Management](https://docs.servicenow.com/bundle/washingtondc-it-service-management/page/product/it-service-management/reference/r_ITServiceManagement.html).
1. Open an existing change request.
1. Open (right-click) the context menu for **Type** and then choose **Show Choice List**.
1. Choose **New** and complete these fields:
+ Table: **Change Request**
+ Label: **AWS Change Request**
+ Value: **AWSChangeRequest**
+ Sequence: pick the next unused value
1. Submit the form.
**To enable AWS Systems Manager Change Manager integration Change models**
AWS Systems Manager Change Manager integration in ServiceNow requires Change Model feature in ServiceNow.
1. In the navigator, enter **sys\$1properties.list**.
1. Enter **\$1change\$1model** in the **Search** panel to view and edit the properties.
1. Review the available settings and recommendations in the table below.
**Note**
For more information on Change model system properties, see [IT Service Management](https://docs.servicenow.com/bundle/washingtondc-it-service-management/page/product/it-service-management/reference/r_ITServiceManagement.html).
| Available settings | Desired value |
| --- | --- |
| com.snc.change\$1management.change\$1model.hide | false |
| com.snc.change\$1management.change\$1model.type\$1compatibility | true |
**ServiceNow Permissions Recap**
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/smc/latest/ag/sn-permissions-admin.html)
# Configuring AWS Service Management Connector scoped application
After installing and configuring the AWS Service Management Connector, you must configure the scoped application and applicable roles.
**To configure the AWS Service Management Connector scoped application permissions**
1. In your ServiceNow instance, create a user group called **Order\$1AWS\$1Products**.
Members of this group can order Service Catalog products. For instructions, see [Administer the Now Platform.](https://docs.servicenow.com/bundle/washingtondc-platform-administration/page/administer/general/concept/intro-now-platform-landing.html)
1. Grant ServiceNow permissions to these users:
+ **System Administrator (admin)**: For simplicity in this example, user **admin** is the administrator of the AWS Service Management scoped application. Grant this user both of the administrative permissions from the adapter:** x\$1126749\$1aws\$1sc\$1account\$1admin,** **x\$1126749\$1aws\$1sc\$1portfolio\$1manager**, **x\$1126749\$1 aws\$1sc.appregistry\$1manager**, **x\$1126749\$1 aws\$1sc.automation\$1manager**, **x\$1126749\$1aws\$1sc.finding\$1manager**,** ****x\$1126749\$1aws\$1sc.opscenter\$1manager**, **x\$1126749\$1aws\$1sc.support\$1case\$1manager** and **x\$1126749\$1aws\$1sc.change\$1manager\$1manager**, **x\$1126749\$1aws\$1sc.productsearchaccess**, **x\$1126749\$1aws\$1sc.cloudtrail\$1event\$1user**, and **x\$1126749\$1aws\$1sc.health\$1dashboard\$1viewer**.
Add **System Administrator** to the new ServiceNow group **Order\$1AWS\$1Products**. In a real scenario, these roles would likely be granted to different users or groups.
+ **Abel Tuter**: The user **abel.tuter** is an illustrative end user. Grant Abel the new role **Order\$1AWS\$1Products**. This permission allows Abel to order products from AWS.
# Configuring AWS accounts to synchronize in the Connector
Learn how to configuring AWS accounts to synchronize in the Connector.
1. Log in as the system administrator.
1. Enter **AWS** in the navigator. Choose the **AWS Service Management** scoped app.
1. In the **Accounts** menu, create one entry for every AWS account. Use the keys and secret keys from the users you created in AWS.
**To create an account entry**
1. Enter the name as an account entry identifier, such as **Connector\$1Demo** (for Commercial Region), or **Connector\$1Demo\$1GovCloud** (for GovCloud Region).
1. Enter the access key and secret access key from the AWS account *sync user *IAM configurations.
1. Enter the access key and secret access key from the AWS account *end user* IAM configurations.
1. Choose the visible AWS service integrations for this AWS account. The choices include:
+ Integrate with Service Catalog (including AppRegistry)
+ Integrate with AWS Config
Choose AWS Config if you plan to integrate AWS Config cloud resources per each AWS account or through the latest AWS Config aggregator integration feature. The Connector for ServiceNow includes an AWS Config aggregator feature that enables ServiceNow administrators to align aggregated AWS Config details into one AWS account.
If you plan to view AppRegistry related resources details, choose **AWS Config **with **AWS Service Catalog**.
+ Integrate with AWS Systems Manager Automation
Choose AWS Systems Manager Automation if you want to execute automation documents (runbook) to remediate incidents from OpsItems.
+ Integrate with AWS Systems Manager OpsCenter
+ Integrate with AWS Security Hub CSPM
+ Integrate with Support
+ Integrate with AWS Systems Manager Change Manager
+ Integrate with AWS Health
+ Integrate with AWS Systems Manager Incident Manager
1. Choose **Account Regions**. Select the **Commercial** or **GovCloud Region**. To see the AWS account Regions, double-click **Insert a new row…**.
**Note**
AWS Support API uses a specific GovCloud endpoint for GovCloud accounts to enable Support integration for GovCloud accounts. Choose a GovCloud Region in Account Regions when you onboard the account in ServiceNow.
1. Repeat the step above to insert additional Regions.
1. Save or update the account entries.
1. Validate AWS account connectivity by following the steps in [Validating connectivity to AWS Regions](validate-regions.md). Note that in this Connector for ServiceNow, **Validate Accounts** only appears once after you submit or update the account entry.
**Note**
AWS Service Management Connector allows synchronization of updated keys using any automation or integration through a REST endpoint. For more information, see [Syncing updated keys programatically in ServiceNow](sn-sync-keys.md).
# Validating ServiceNow connectivity to AWS Regions
You can now validate connectivity to AWS accounts between the ServiceNow **Connector\$1Demo** account and the AWS IAM `SMSyncUser` and `SMEndUser`.
**To validate connectivity to AWS account**
1. In the AWS Service Management scoped app, choose **Setup**, then **AWS Accounts**.
1. Choose **Connector\$1Demo** and select **Validate Account**.
A successful connection results in the message, *Successfully validating AWS account in each referenced Region*.
If the AWS IAM access key or secret access key are incorrect, you receive an error message.
# Manually syncing scheduled jobs
The Connector for ServiceNow includes nine sync jobs related to AWS services integrations. During the initial setup, manually execute the sync job for your AWS service integration instead of waiting for Scheduled Jobs to run.
**To sync AWS service integrations or accounts manually**
1. Log in as system administrator.
1. Find **Scheduled Jobs** in the navigator panel.
1. Search the following AWS Service Management Connector scheduled jobs (including default sync intervals) in the table below:
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/smc/latest/ag/manual-sync-scheduled-jobs.html)
1. Choose the desired sync job, and choose **Execute Now**.
**Note**
If you do not see **Execute Now** in the upper left corner, choose **Configure Job Definition**. **Execute Now** is visible. ServiceNow Administrator can adjust the Scheduled Job repeat interval as required.
Data is visible in the AWS Service Management scoped app menus after the Connector’s scheduled synchronization job has run.