End of support notice: On March 31, 2027, AWS will end support for AWS Service Management Connector. After March 31, 2027, you will no longer be able to access the AWS Service Management Connector console or AWS Service Management Connector resources. For more information, see [AWS Service Management Connector end of support](https://docs.aws.amazon.com/smc/latest/ag/smc-end-of-support.html).
# Configuring system properties, aggregators, and custom resources
This version of the AWS Service Management Connector enables ServiceNow administrators to configure system properties, Config Aggregators, and AWS Config custom resources from select ServiceNow tables.
**To configure the new AWS Config integration System properties**
1. In the navigator, enter **AWS Service Management**.
1. Choose **System Properties**, and then choose **AWS Config**.
1. Review the available settings and recommendations in the table below.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/smc/latest/ag/sn-configuration-integ.html)
# Validating the synchronization of Amazon WorkSpaces from AWS Config
Validate the synchronization of Amazon WorkSpaces in AWS Config by executing a scheduled job.
**To validate the synchronization of Amazon WorkSpaces in AWS Config**
1. Execute the scheduled job **synchronize Amazon WorkSpaces** manually.
1. Navigate to **AWS Config**, and then choose **WorkSpaces**.
1. Validate the data.
**Note**
Amazon WorkSpaces synchronization is only supported for stand-alone accounts, not for AWS Config Aggregator accounts.
The **SyncUser** role must include the `DescribeWorkSpacesPolicy` for the synchronization to execute successfully.
# Addressing stale AWS Config items in the ServiceNow CMDB
**Note**
ServiceNow administrators are the target audience for this section.
In addition to the AWS Config settings, AWS SMC for ServiceNow now exposes a global API to identify stale config items from the AWS Config integration.
Stale Config items are the existing AWS Config items that did not update during the most recent sync for the same source (such as account, Region, and Aggregator name).
**Note**
This feature requires you to enable the creation relationship to sync the status setting in the AWS Config System Properties in the ServiceNow scoped app.
The script includes `x_126749_aws_sc.AwsSmc` and exposes a public API. You can use this script to access any application scope, including *global* scope. As an example, run this script:
```
x_126749_aws_sc.AwsSmc.asSyncUser().getStaleConfigItems().forAll(function(object)
{
gs.info(
object.accountNumber + '/' + object.region + ' '
+ (object.aggregatorName ? 'aggregator: ' + object.aggregatorName + ' ' :
'')
+ 'ci: ' + object.ci.name
+ ' - ' + object.ci.getDisplayValue('install_status')
);
});
```
As a background script, it would log the following:
```
Info: 11111111/us-east-1 ci: i-1234567fg6j8 - Installed
Info: 11111111/us-west-1 ci: i-9876541fdgfd - Installed
Info: 22222222/eu-west-1 aggregator: all-dev ci: i-1df5235ftt55 - Installed
```
Each *object* contains the properties below:
****
| Property | Type | Description |
| --- | --- | --- |
| accountNumber | String | The account number from which the stale config item originates. |
| region | String | The Region from which the stale config item originates. |
| aggregatorName | String | The Aggregator name (if applicable) from which the stale config item originates. |
| lastSynced | GlideDateTime | The GlideDateTime of the when the last synchronization occurred. |
| CI | GlideRecord | The GlideRecord of the stale config item. |
Optionally, you can also pass an `options` object as the second argument to the `forAll` method that allows you to customize the search for stale items.
| Property | Type | Description |
| --- | --- | --- |
| lowerTimeLimit | GlideDateTime | The threshold GlideDateTime from when you should search items. Any stale item last updated prior to that date does not return. |
| upperTimeLimit | GlideDateTime | The threshold GlideDateTime until you should search for items. Any item last updated after that date does not return. |
| excludeStatus | Number | The install\$1status to filter on. |
Timestamps of sync resources:
+ `LastSyncTimeField`(default `checked_in`): The start of the current sync process.
+ `first_discovered` (for new records): The current time. We set the `LastDiscoveredField` (default `last_discovered`) to the `configurationItemCaptureTime` of the resource, if it exists or is undefined.
**Additional notes on stale records**
When AWS Service Management Connector reads AWS Config records that refer to other resources, it often creates a relationship to those resources.
In some cases, the related resource does not have an entry in the ServiceNow CMDB. In these cases, the Connector creates a record for that relationship, with an install status of *absent*. When the Connector reads the AWS Config record for the related resource, that record populates.
To see active resources, you should filter ServiceNow records synced from AWS Config by an install status of *not Absent*.
**Disclaimer**
Because the script compares items linked to stale sync records, it is unable to identify stale resources synced before the installation of this SMC version. When switching to sync with an Aggregator or switching from Aggregator sync to non-Aggregator sync, the script also fails to detect items that became stale between the last non-Aggregator sync and the first Aggregator sync.
# Configuring synchronization of AWS Config data using an Aggregator in ServiceNow CMDB
**Prerequisite**: You need to opt-in and configure the AWS account that contains the aggregated AWS Config resources details prior to performing the steps below. For more information, see [Configuring AWS Accounts to Synchronize in the Connector. ](sn-configure-accounts.md)
**To configure the Connector to use an Aggregator to synchronize AWS Config data**
1. In the AWS Service Management scoped app, choose the **Setup** module.
1. Choose **Aggregators for AWS Config**.
1. Choose **New**.
1. Enter the name of the new Config Aggregator.
1. Choose the Region where you created the new Config Aggregator.
1. Choose the AWS account that should use the new Aggregator. Only AWS accounts opted into the Connector for ServiceNow that have **Integrate with AWS Config** are viewable.
1. Choose **Submit**.
If you define an Aggregator for an AWS account and Region, the Aggregator integration becomes the only AWS Config to ServiceNow CMDB synchronization mechanism for that AWS account.
The Connector can now synchronize Config data from multiple accounts and Regions using an Aggregator. You must configure the Config Aggregator in AWS before using this feature. For more information, see [Setting up an Aggregator](https://docs.aws.amazon.com/config/latest/developerguide/setup-aggregator-console.html) in the console.
**Note**
The Config Aggregator view in AWS displays only current config item resources in AWS Config. Thus, terminated resources are not available in the Config Aggregator view.
To minimize stale config item records from rendering in the ServiceNow CMDB from the AWS Config Aggregator, we recommend you remove Config rules associated to terminated resources. For more information, see [ Evaluating Resources with AWS Config Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html)
# Configuring available ServiceNow tables to sync as AWS Config custom resources
In this Connector for ServiceNow release, you can now sync a set of ServiceNow tables in the CMDB to AWS Config as custom resources.
The ServiceNow tables and AWS Config custom resource mapping are as follows:
| ServiceNow CMDB table | AWS custom resource |
| --- | --- |
| cmdb\$1ci\$1apache\$1web\$1server | Apache Web Server |
| cmdb\$1ci\$1app\$1server | Application Server |
| cmdb\$1ci\$1app\$1server\$1java | Java Server |
| cmdb\$1ci\$1app\$1server\$1tomcat | Tomcat Server |
| cmdb\$1ci\$1app\$1server\$1tomcat\$1war | Tomcat Web Application |
| cmdb\$1ci\$1app\$1server\$1websphere | IBM Websphere Application |
| cmdb\$1ci\$1app\$1server\$1ws\$1ear | Websphere Enterprise Archive |
| cmdb\$1ci\$1appl | Application |
| cmdb\$1ci\$1appl\$1dot\$1net | A .Net Application |
| cmdb\$1ci\$1appl\$1now\$1app\$1comp | ServiceNow Application Component |
| cmdb\$1ci\$1appl\$1sap | SAP Application |
| cmdb\$1ci\$1appl\$1sap\$1hana\$1db | SAP Hana Database |
| cmdb\$1ci\$1appl\$1sap\$1system | SAP System |
| cmdb\$1ci\$1appl\$1sharepoint | Microsoft Sharepoint Application |
| cmdb\$1ci\$1application\$1cluster | Application Cluster |
| cmdb\$1ci\$1application\$1server\$1resource | Application Server Resource |
| cmdb\$1ci\$1application\$1software | Application Software |
| cmdb\$1ci\$1db\$1mssql\$1database | MySql Database |
| cmdb\$1ci\$1db\$1mysql\$1instance | MySql Instance |
| cmdb\$1ci\$1kubernetes\$1cluster | Kubernetes Cluster |
**To configure ServiceNow tables as AWS Config custom resources**
**Note**
When you configure ServiceNow tables as AWS Config custom resources you might encounter an increase in your billing statement for the creation of additional resources.
1. In the navigator, enter **AWS Service Management**.
1. Choose **Setup**, then **Tables Sync to AWS Config**.
1. Choose **New**.
1. Choose an in scope ServiceNow table.
1. Choose an account and Region for the new resource type. You can select any supported Region, in addition to preconfigured Regions for the account.
1. Click **Submit**.
1. Repeat steps above to include additional ServiceNow tables available to sync as AWS Config custom resources.
The amount of time to create new AWS Config resources depends on the number of ServiceNow tables you selected. You can see resources in the **Schema version** field upon successful completion. The period synchronization of resources automatically includes the new AWS Config custom resource type. As details in the ServiceNow table update, this information syncs to AWS Config custom resource.