# Connecting ServiceNow Online to Amazon Q Business
ServiceNow provides a cloud-based service management system to create and manage organization-level workflows, such as IT services, ticketing systems, and support. You can connect ServiceNow Online instance to Amazon Q Business—using either the AWS Management Console or the [https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) API—and create an Amazon Q web experience.
**Topics**
+ [
# Known limitations for the Amazon Q Business ServiceNow Online connector
](servicenow-limitations.md)
+ [
# ServiceNow Online connector overview
](servicenow-overview.md)
+ [
# Prerequisites for connecting Amazon Q Business to ServiceNow Online
](servicenow-prereqs.md)
+ [
# Connecting Amazon Q Business to ServiceNow Online using the console
](servicenow-console.md)
+ [
# Connecting Amazon Q Business to ServiceNow using APIs
](servicenow-api.md)
+ [
# Connecting Amazon Q Business to ServiceNow using AWS CloudFormation
](servicenow-cfn.md)
+ [
# How Amazon Q Business connector crawls ServiceNow ACLs
](servicenow-user-management.md)
+ [
# ServiceNow Online data source connector field mappings
](servicenow-field-mappings.md)
+ [
# IAM role for Amazon Q Business ServiceNow Online connector
](servicenow-iam-role.md)
+ [
# Understand error codes in the Amazon Q Business ServiceNow Online connector
](servicenow-error-codes.md)
**Learn more**
+ For an overview of the Amazon Q web experience creation process using IAM Identity Center, see [Configuring an application using IAM Identity Center](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-application.html).
+ For an overview of the Amazon Q web experience creation process using AWS Identity and Access Management, see [Configuring an application using IAM](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/create-application-iam.html).
+ For an overview of connector features, see [Data source connector concepts](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html).
+ For information about connector configuration best practices, see [Connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
# Known limitations for the Amazon Q Business ServiceNow Online connector
The ServiceNow Online connector has the following known limitations:
+ There is no REST API to wake up your ServiceNow instance. To activate it when it's in hibernation mode, log in to the your ServiceNow instance.
+ Because Amazon Q Business uses email address as unique identifiers, each user must have a unique email address.
+ We don't support ServiceNow access controls.
+ We don't support ServiceNow user criteria.
+ Only the following ServiceNow roles are supported for incidents:
+ ITIL: This role provides broad access to incident management functionality.
+ Custom roles: You can create custom roles with specific incident access permissions.
# ServiceNow Online connector overview
The following table gives an overview of the Amazon Q Business ServiceNow Online connector and its supported features.
****
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-overview.html)
# Prerequisites for connecting Amazon Q Business to ServiceNow Online
Before you begin, make sure that you have completed the following prerequisites.
**In ServiceNow, make sure you have:**
+ Created a Personal or Enterprise Developer Instance and have a ServiceNow instance with an administrative role.
+ Copied the host of your ServiceNow instance URL. The format for the host URL you enter is *your-domain.service-now.com*. You need your ServiceNow instance URL to connect to Amazon Q.
+ Configured basic authentication credentials containing a username and password to allow Amazon Q to connect to your ServiceNow instance.
+ **Optional:** Configured an OAuth 2.0 credential token that can identify Amazon Q using a username, password, and a generated client ID, and a client secret. For more information, see [ServiceNow documentation on OAuth 2.0 authentication](https://www.servicenow.com/docs/bundle/utah-platform-security/page/integrate/single-sign-on/concept/c_Authentication.html) on the ServiceNow website.
+ Depending on what you are searching for, you will need specific roles. Note that if you are searching through public articles, you don't require any specific role. Apply the following roles depending on your use case:
+ When searching Knowledge article documents in Amazon Q, the user should have any of the following roles - Knowledge, Knowledge\$1Admin, and User\$1Admin or Itil.
+ When searching Service Catalog documents in Amazon Q, the user should have a catalog role.
+ When searching the Incident document in Amazon Q, the user should have the incident\$1manager role.
**In your AWS account, make sure you have:**
+ Created a Amazon Q Business application.
+ Created a [Amazon Q Business retriever and added an index](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/select-retriever.html).
+ Created an [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds) for your data source and, if using the Amazon Q API, noted the ARN of the IAM role.
+ Stored your ServiceNow Online authentication credentials in an AWS Secrets Manager secret and, if using the Amazon Q API, noted the ARN of the secret.
**Note**
If you’re a console user, you can create the IAM role and Secrets Manager secret as part of configuring your Amazon Q application on the console.
For a list of things to consider while configuring your data source, see [ Data source connector configuration best practices](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-best-practices.html).
**Note**
For more information on connecting ServiceNow Online to Amazon Q Business, see [Derive generative AI-powered insights from ServiceNow with Amazon Q Business](https://aws.amazon.com/blogs/machine-learning/derive-generative-ai-powered-insights-from-servicenow-with-amazon-q-business/) in the *AWS Machine Learning Blog*.
# Connecting Amazon Q Business to ServiceNow Online using the console
The following procedure outlines how to connect Amazon Q Business to ServiceNow Online using the AWS Management Console.
**Connecting Amazon Q to ServiceNow Online**
1. Sign in to the AWS Management Console and open the Amazon Q Business console.
1. From the left navigation menu, choose **Data sources**.
1. From the **Data sources** page, choose **Add data source**.
1. Then, on the **Add data sources** page, from **Data sources**, add the **ServiceNow Online** data source to your Amazon Q application.
1. Then, on the **ServiceNow Online** data source page, enter the following information:
1. **Name and description**, do the following:
+ For **Data source name** – Name your data source for easy tracking.
**Note**
You can include hyphens (-) but not spaces. Maximum of 1,000 alphanumeric characters.
+ **Description – *optional*** – Add an optional description for your data source. This text is viewed only by Amazon Q Business administrators and can be edited later.
1. In **Source**, enter the following information:
+ ** ServiceNow host** – Enter your ServiceNow host name without the protocol. For example, *example.service-now.com*.
1. **Authorization** – Amazon Q Business crawls ACL information by default to ensure responses are generated only from documents your end users have access to. If supported for your connector, you can manage ACLs by selecting ** Enable ACLs ** to enable ACLs or **Disable ACLs** to disable them. To manage ACLs, you need specific IAM permissions. See [Grant permission to create data sources with ACLs disabled](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/setting-up.html#DisableAclOnDataSource) for more details. See [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization) for more details.
1. **Authentication** – Choose between **Basic authentication** and **OAuth 2.0 authentication** and then enter the following information for your **AWS Secrets Manager secret**.
1. **Secret name** – A name for your secret.
1. Basic Authentication – Enter the **Secret name**, **Username**, and **Password** for your ServiceNow account.
If using OAuth2 Authentication – Enter the **Secret name**, **Username**, **Password**, **Client ID**, and **Client Secret** that you created in your ServiceNow account.
1. Choose **Save and add secret**.
1. **Configure VPC and security group – *optional*** – Choose whether you want to use a VPC. If you do, enter the following information:
1. **Subnets** – Select up to 6 repository subnets that define the subnets and IP ranges the repository instance uses in the selected VPC.
1. **VPC security groups** – Choose up to 10 security groups that allow access to your data source. Ensure that the security group allows incoming traffic from Amazon EC2 instances and devices outside your VPC. For databases, security group instances are required.
For more information, see [VPC](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-vpc).
1. **IAM role** – Choose an existing IAM role or create an IAM role to access your repository credentials and index content.
**Note**
Creating a new service IAM role is recommended.
For more information, see [IAM role](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-connector.html#servicenow-iam).
1. **Sync scope** – Set the content that you want to sync.
1. For **Knowledge articles**, choose from the following options :
+ **Knowledge articles** – Choose to index knowledge articles.
+ **Knowledge article attachments** – Choose to index knowledge article attachments.
+ **Type of knowledge articles** – Choose between **Only public articles** and **Knowledge articles based on ServiceNow filter query**, based on your use case. If you select **Include articles based on ServiceNow filter query**, you must enter a **Filter query** copied from your ServiceNow account. Example filter queries include: *workflow\$1state=draft^EQ*, *kb\$1knowledge\$1base=dfc19531bf2021003f07e2c1ac0739ab^text ISNOTEMPTY^EQ*, and *article\$1type=text^active=true^EQ*.
**Important**
If you choose to crawl **Only public articles**, Amazon Q crawls only knowledge articles assigned a public access role in ServiceNow Online.
+ **Include articles based on short description filter** – Specify regular expression patterns to include or exclude specific articles. For example, use `.*article[1,2].*` to include articles containing `article1` or `article2.` in their short descriptions. Use `(^mystart.*|.*endwith$)` to crawl articles with short descriptions starting with `mystart` or ending with `endwith`.
1. For **Service catalog items**:
+ **Service catalog items** – Choose to index service catalog items.
+ **Service catalog item attachments** – Choose to index service catalog item attachments.
+ **Active service catalog items** – Choose to index active service catalog items.
+ **Inactive service catalog items** – Choose to index inactive service catalog items.
+ **Filter query** – Choose to include service catalog items based on a filter defined in your ServiceNow instance. Example filter queries include: *short\$1descriptionLIKEAccess^category=2809952237b1300054b6a3549dbe5dd4^EQ*, *nameSTARTSWITHService^active=true^EQ*.
+ **Include service catalog items based on short description filter** – Specify a regex pattern to include specific catalog items.
1. For **Incidents**:
+ **Incidents** – Choose to index service incidents.
+ **Incident attachments** – Choose to index incident attachments.
+ **Active incidents** – Choose to index active incidents.
+ **Inactive incidents** – Choose to index inactive incidents.
+ **Active incident type** – Choose between **All incidents**, **Open incidents**, **Open - unassigned incidents**, and **Resolved incidents**, depending on your use case.
+ **Filter query** – Choose to include incidents based on a filter defined in your ServiceNow instance. Example filter queries include: *short\$1descriptionLIKETest^urgency=3^state=1^EQ*, and *priority=2^category=software^EQ *.
+ **Include incidents based on short description filter** – Specify a regex pattern to include specific incidents.
1. For **Maximum file size** – Specify the file size limit in MBs that Amazon Q will crawl. Amazon Q will crawl only the files within the size limit you define. The default file size is 50MB. The maximum file size should be greater than 0MB and less than or equal to 50MB.
1. In **Additional configuration – *optional***:
+ **Attachment regex patterns** – Add regular expression patterns to include or exclude specific attached files of catalogs, knowledge articles, and incidents. You can add up to 100 patterns.
1. **Multi-media content configuration – optional** – To enable content extraction from embedded images and visuals in documents, choose **Visual content in documents**.
To extract audio transcriptions and video content, enable processing for the following file types:
1. **Advanced settings**
**Document deletion safeguard** - *optional*–To safeguard your documents from deletion during a sync job, select **On** and enter an integer between 0 - 100. If the percentage of documents to be deleted in your sync job exceeds the percentage you selected, the delete phase will be skipped and no documents from this data source will be deleted from your index. For more information, see [Document deletion safeguard](connector-concepts.md#document-deletion-safeguard).
1. For **Sync mode**, choose how you want to update your index when your data source content changes. When you sync your data source with Amazon Q for the first time, all content is synced by default.
+ **Full sync** – Sync all content regardless of the previous sync status.
+ **New, modified, or deleted content sync** – Only sync new, modified, and deleted content.
1. In **Sync run schedule**, for **Frequency** – Choose how often Amazon Q will sync with your data source. For more details, see [Sync run schedule](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-sync-run). To learn how to start a data sync job, see [Starting data source connector sync jobs](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/supported-datasource-actions.html#start-datasource-sync-jobs).
1. **Tags - *optional*** – Add tags to search and filter your resources or track your AWS costs. See [Tags](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/tagging.html) for more details.
1. **Field mappings** – A list of data source document attributes to map to your index fields.
**Note**
Add or update the fields from the **Data source details** page after you finish adding your data source. You can choose from two types of fields:
1. **Default** – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can't edit these.
1. **Custom** – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can edit these. You can also create and add new custom fields.
**Note**
Support for adding custom fields varies by connector. You won't see the **Add field** option if your connector doesn't support adding custom fields.
For more information, see [Field mappings](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-field-mappings).
1. In **Data source details**, choose **Sync now** to allow Amazon Q to begin syncing (crawling and ingesting) data from your data source. When the sync job finishes, your data source is ready to use.
**Note**
View CloudWatch logs for your data source sync job by selecting **View CloudWatch logs**. If you encounter a `Resource not found exception` error, wait and try again as logs may not be available immediately.
You can also view a detailed document-level report by selecting **View Report**. This report shows the status of each document during the crawl, sync, and index stages, including any errors. If the report is empty for an in-progress job, check back later as data is emitted to the report as events occur during the sync process.
For more information, see [Troubleshooting data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/troubleshooting-data-sources.html#troubleshooting-data-sources-not-indexed).
# Connecting Amazon Q Business to ServiceNow using APIs
You use the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) action to connect a data source to your Amazon Q application. You can also use the [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) action to modify an existing data source configuration.
Then, you use the `configuration` parameter to provide a JSON blob that conforms the AWS-defined JSON schema.
For an example of the API request, see [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) and [UpdateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_UpdateDataSource.html) in the Amazon Q API Reference.
**Topics**
+ [
## ServiceNow configuration properties
](#servicenow-configuration-keys)
+ [
## ServiceNow JSON schema
](#servicenow-json)
+ [
## ServiceNow JSON schema example
](#s3-api-json-example)
## ServiceNow configuration properties
The following provides information about important configuration properties required in the schema.
| Configuration | Description | Type | Required |
| --- | --- | --- | --- |
| `connectionConfiguration` | Configuration information for the endpoint for the data source. | `object` This property has the following sub-property: `repositoryEndpointMetadata`. | Yes |
| `repositoryEndpointMetadata` | The endpoint information for the data source. | `object` This property has the following sub-property: `hostUrl`, `authType`. | Yes |
| `hostUrl` | The ServiceNow host URL. For example, your-domain.service-now.com. | `string` | Yes |
| `authType` | The type of authentication you are using, either basicAuth or OAuth2. | `string` | Yes |
| `repositoryConfigurations` | Configuration information for the content of the data source. For example, configuring specific types of content and field mappings. |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-api.html) | A list of ServiceNow objects that Amazon Q crawls and maps the attributes of to Amazon Q index field names. | `object` This property has the following sub-properties: `indexFieldName`, `indexFieldType`, `dataSourceFieldName`, and `dateFieldFormat`. | Yes |
| `indexFieldName` | The field name of your ServiceNow pages and assets. | `string` | Yes |
| `indexFieldType` | The field type of your ServiceNow pages and assets. | `string` The allowed values are `STRING`, `STRING_LIST`, `DATE`, and `LONG`. | Yes |
| `dataSourceFieldName` | The data source field name of your ServiceNow pages and assets. | `string` | Yes |
| `dateFieldFormat` | The date format of your ServiceNow pages and assets. | `string` Specify the date format in the form `yyyy-MM-dd'T'HH:mm:ss'Z'` | No |
| `additionalProperties` | Additional configuration options for your content in your data source. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-api.html) | Yes |
| `maxFileSizeInMegaBytes` | Specify the file size limit in MBs that Amazon Q will crawl. Amazon Q will crawl only the files within the size limit you define. The default file size is 50MB. The maximum file size should be greater than 0MB and less than or equal to 50MB. | `string` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-api.html) | Specify specific knowledge articles, incident queries, and service catalog queries to crawl. | `string` | No |
| `incidentStateType` | Specify incidents to crawl by state type: whether Open, Open - Unassigned, Resolved, or All. | `array (string)` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-api.html) | A list of regular expression patterns to include and exclude specific files in your ServiceNow data source. Files that match the patterns are included in the index. Files that don't match the patterns are excluded from the index. If a file matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the file isn't included in the index. | `string` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-api.html) | A list of regular expression patterns to exclude specific content in your ServiceNow data source. Content that matches the patterns are excluded from the index. Content that doesn't match the patterns are included in the index. If any content matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the content isn't included in the index. | `array (string)` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-api.html) | A list of regular expression patterns to include specific content in your ServiceNow data source. Content that matches the patterns are included in the index. Content that doesn't match the patterns are excluded from the index. If any content matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the content isn't included in the index. | `array (string)` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-api.html) | Specify true to index ServiceNow knowledge articles, service catalogs, incidents, and attachments and their ACLs. | `boolean` | No |
| `type` | The type of data source. We recommend that you use SERVICENOWV2 as your data source type. | `string` Valid values are `SERVICENOWV2` and `SERVICENOW`. | Yes |
| `enableIdentityCrawler` | `true` to activate identity crawler. Identity crawler is activated by default. Crawling identity information on users and groups with access to specific documents is useful for user context filtering. Search results are filtered based on the user or their group access to documents. Amazon Q Business crawls identity information from your data source by default to ensure responses are generated only from documents end users have access to. For more information, see [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler). | `boolean` | No |
| `syncMode` | Specify whether Amazon Q should update your index by syncing all documents or only new, modified, and deleted documents. | `string` You can choose between the following options: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-api.html) | Yes |
| `secretARN` | The Amazon Resource Name (ARN) of an AWS Secrets Manager secret that contains the key-value pairs required to connect to your ServiceNow. | `string` The secret must contain a JSON structure with the following keys: {
"username": "user name",
"password": "password"
} If you use OAuth2 authentication, your secret must contain a JSON structure with the following keys: {
"username": "user name",
"password": "password",
"clientId": "client id",
"clientSecret": "client secret"
} | Yes |
| `version` | The version of the template that's currently supported. | `string` | No |
## ServiceNow JSON schema
The following is the ServiceNow JSON schema:
```
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["SERVICENOWV2", "SERVICENOW"]
},
"syncMode": {
"type": "string",
"enum": ["FORCED_FULL_CRAWL", "FULL_CRAWL"]
},
"secretArn": {
"type": "string",
"minLength": 20,
"maxLength": 2048
},
"enableIdentityCrawler": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"connectionConfiguration": {
"type": "object",
"properties": {
"repositoryEndpointMetadata": {
"type": "object",
"properties": {
"hostUrl": {
"type": "string",
"pattern": "^(?!(^(https?|ftp|file):\\/\\/))[a-z0-9-]+(.service-now.com|.servicenowservices.com)$",
"minLength": 1,
"maxLength": 2048
},
"authType": {
"type": "string",
"enum": ["basicAuth", "OAuth2"]
},
"servicenowInstanceVersion": {
"type": "string",
"enum": ["Tokyo", "Sandiego", "Rome", "Vancouver", "Others"]
}
},
"required": ["hostUrl", "authType", "servicenowInstanceVersion"]
}
},
"required": ["repositoryEndpointMetadata"]
},
"repositoryConfigurations": {
"type": "object",
"properties": {
"knowledgeArticle": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "STRING_LIST"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"attachment": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "LONG", "DATE", "STRING_LIST"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"serviceCatalog": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "STRING_LIST"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"incident": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "STRING_LIST"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
}
}
},
"additionalProperties": {
"type": "object",
"properties": {
"maxFileSizeInMegaBytes": {
"type": "string"
},
"isCrawlKnowledgeArticle": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlKnowledgeArticleAttachment": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"includePublicArticlesOnly": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"knowledgeArticleFilter": {
"type": "string"
},
"incidentQueryFilter": {
"type": "string"
},
"serviceCatalogQueryFilter": {
"type": "string"
},
"isCrawlServiceCatalog": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlServiceCatalogAttachment": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlActiveServiceCatalog": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlInactiveServiceCatalog": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlIncident": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlIncidentAttachment": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlActiveIncident": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlInactiveIncident": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"applyACLForKnowledgeArticle": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"applyACLForServiceCatalog": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"applyACLForIncident": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"incidentStateType": {
"type": "array",
"items": {
"type": "string",
"enum": ["Open", "Open - Unassigned", "Resolved", "All"]
}
},
"knowledgeArticleTitleRegExp": {
"type": "string"
},
"serviceCatalogTitleRegExp": {
"type": "string"
},
"incidentTitleRegExp": {
"type": "string"
},
"inclusionFileTypePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFileTypePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionFileNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFileNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"enableDeletionProtection": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
],
"default": false
},
"deletionProtectionThreshold": {
"type": "string",
"default": "15"
}
},
"required": []
},
"version": {
"type": "string",
"anyOf": [
{
"pattern": "1.0.0"
}
]
},
"required": [
"type",
"syncMode",
"secretArn",
"connectionConfiguration",
"repositoryConfigurations",
"additionalProperties"
]
}
}
```
## ServiceNow JSON schema example
The following is the ServiceNow JSON schema example:
```
{
"type": "SERVICENOWV2",
"syncMode": "FULL_CRAWL",
"secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-servicenow-secret",
"enableIdentityCrawler": "true",
"connectionConfiguration": {
"repositoryEndpointMetadata": {
"hostUrl": "mycompany.service-now.com",
"authType": "basicAuth",
"servicenowInstanceVersion": "Tokyo"
}
},
"repositoryConfigurations": {
"knowledgeArticle": {
"fieldMappings": [
{
"indexFieldName": "article_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"attachment": {
"fieldMappings": [
{
"indexFieldName": "attachment_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"serviceCatalog": {
"fieldMappings": [
{
"indexFieldName": "catalog_item_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"incident": {
"fieldMappings": [
{
"indexFieldName": "incident_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
}
},
"additionalProperties": {
"maxFileSizeInMegaBytes": "50",
"isCrawlKnowledgeArticle": "true",
"isCrawlKnowledgeArticleAttachment": "true",
"includePublicArticlesOnly": "false",
"knowledgeArticleFilter": "filter_condition",
"incidentQueryFilter": "incident_condition",
"serviceCatalogQueryFilter": "service_catalog_condition",
"isCrawlServiceCatalog": "true",
"isCrawlServiceCatalogAttachment": "true",
"isCrawlActiveServiceCatalog": "true",
"isCrawlInactiveServiceCatalog": "false",
"isCrawlIncident": "true",
"isCrawlIncidentAttachment": "false",
"isCrawlActiveIncident": "true",
"isCrawlInactiveIncident": "false",
"applyACLForKnowledgeArticle": "true",
"applyACLForServiceCatalog": "true",
"applyACLForIncident": "true",
"incidentStateType": ["Open", "Resolved"],
"knowledgeArticleTitleRegExp": ".*",
"serviceCatalogTitleRegExp": ".*",
"incidentTitleRegExp": ".*",
"inclusionFileTypePatterns": ["*.pdf", "*.docx"],
"exclusionFileTypePatterns": ["*.tmp"],
"inclusionFileNamePatterns": ["important-*"],
"exclusionFileNamePatterns": ["temporary-*"],
"enableDeletionProtection": "false",
"deletionProtectionThreshold": "15"
}
}
```
# Connecting Amazon Q Business to ServiceNow using AWS CloudFormation
You use the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html) resource to connect a data source to your Amazon Q application.
Use the [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-applicationid](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-qbusiness-datasource.html#cfn-qbusiness-datasource-applicationid) property to provide a JSON or YAML schema with the necessary configuration details specific to your data source connector.
To learn more about AWS CloudFormation, see [What is AWS CloudFormation?](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) in the *CloudFormation User Guide*.
**Topics**
+ [
## ServiceNow configuration properties
](#servicenow-configuration-keys)
+ [
## ServiceNow JSON schema for using the configuration property with AWS CloudFormation
](#servicenow-cfn-json)
+ [
## ServiceNow YAML schema for using the configuration property with AWS CloudFormation
](#servicenow-cfn-yaml)
## ServiceNow configuration properties
The following provides information about important configuration properties required in the schema.
| Configuration | Description | Type | Required |
| --- | --- | --- | --- |
| `connectionConfiguration` | Configuration information for the endpoint for the data source. | `object` This property has the following sub-property: `repositoryEndpointMetadata`. | Yes |
| `repositoryEndpointMetadata` | The endpoint information for the data source. | `object` This property has the following sub-property: `hostUrl`, `authType`. | Yes |
| `hostUrl` | The ServiceNow host URL. For example, your-domain.service-now.com. | `string` | Yes |
| `authType` | The type of authentication you are using, either basicAuth or OAuth2. | `string` | Yes |
| `repositoryConfigurations` | Configuration information for the content of the data source. For example, configuring specific types of content and field mappings. |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-cfn.html) | A list of ServiceNow objects that Amazon Q crawls and maps the attributes of to Amazon Q index field names. | `object` This property has the following sub-properties: `indexFieldName`, `indexFieldType`, `dataSourceFieldName`, and `dateFieldFormat`. | Yes |
| `indexFieldName` | The field name of your ServiceNow pages and assets. | `string` | Yes |
| `indexFieldType` | The field type of your ServiceNow pages and assets. | `string` The allowed values are `STRING`, `STRING_LIST`, `DATE`, and `LONG`. | Yes |
| `dataSourceFieldName` | The data source field name of your ServiceNow pages and assets. | `string` | Yes |
| `dateFieldFormat` | The date format of your ServiceNow pages and assets. | `string` Specify the date format in the form `yyyy-MM-dd'T'HH:mm:ss'Z'` | No |
| `additionalProperties` | Additional configuration options for your content in your data source. | `object` This property has the following sub-properties. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-cfn.html) | Yes |
| `maxFileSizeInMegaBytes` | Specify the file size limit in MBs that Amazon Q will crawl. Amazon Q will crawl only the files within the size limit you define. The default file size is 50MB. The maximum file size should be greater than 0MB and less than or equal to 50MB. | `string` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-cfn.html) | Specify specific knowledge articles, incident queries, and service catalog queries to crawl. | `string` | No |
| `incidentStateType` | Specify incidents to crawl by state type: whether Open, Open - Unassigned, Resolved, or All. | `array (string)` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-cfn.html) | A list of regular expression patterns to include and exclude specific files in your ServiceNow data source. Files that match the patterns are included in the index. Files that don't match the patterns are excluded from the index. If a file matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the file isn't included in the index. | `string` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-cfn.html) | A list of regular expression patterns to exclude specific content in your ServiceNow data source. Content that matches the patterns are excluded from the index. Content that doesn't match the patterns are included in the index. If any content matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the content isn't included in the index. | `array (string)` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-cfn.html) | A list of regular expression patterns to include specific content in your ServiceNow data source. Content that matches the patterns are included in the index. Content that doesn't match the patterns are excluded from the index. If any content matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence, and the content isn't included in the index. | `array (string)` | No |
| [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-cfn.html) | Specify true to index ServiceNow knowledge articles, service catalogs, incidents, and attachments and their ACLs. | `boolean` | No |
| `type` | The type of data source. We recommend that you use SERVICENOWV2 as your data source type. | `string` Valid values are `SERVICENOWV2` and `SERVICENOW`. | Yes |
| `enableIdentityCrawler` | `true` to activate identity crawler. Identity crawler is activated by default. Crawling identity information on users and groups with access to specific documents is useful for user context filtering. Search results are filtered based on the user or their group access to documents. Amazon Q Business crawls identity information from your data source by default to ensure responses are generated only from documents end users have access to. For more information, see [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler). | `boolean` | No |
| `syncMode` | Specify whether Amazon Q should update your index by syncing all documents or only new, modified, and deleted documents. | `string` You can choose between the following options: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/servicenow-cfn.html) | Yes |
| `secretARN` | The Amazon Resource Name (ARN) of an AWS Secrets Manager secret that contains the key-value pairs required to connect to your ServiceNow. | `string` The secret must contain a JSON structure with the following keys: {
"username": "user name",
"password": "password"
} If you use OAuth2 authentication, your secret must contain a JSON structure with the following keys: {
"username": "user name",
"password": "password",
"clientId": "client id",
"clientSecret": "client secret"
} | Yes |
| `version` | The version of the template that's currently supported. | `string` | No |
## ServiceNow JSON schema for using the configuration property with AWS CloudFormation
The following is the ServiceNow JSON schema and examples for the configuration property for AWS CloudFormation.
**Topics**
+ [
### ServiceNow JSON schema for using the configuration property with AWS CloudFormation
](#servicenow-cfn-json-schema)
+ [
### ServiceNow JSON schema example for using the configuration property with AWS CloudFormation
](#servicenow-cfn-json-example)
### ServiceNow JSON schema for using the configuration property with AWS CloudFormation
The following is the ServiceNow JSON schema for the configuration property for CloudFormation
```
{
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["SERVICENOWV2", "SERVICENOW"]
},
"syncMode": {
"type": "string",
"enum": ["FORCED_FULL_CRAWL", "FULL_CRAWL"]
},
"secretArn": {
"type": "string",
"minLength": 20,
"maxLength": 2048
},
"enableIdentityCrawler": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"connectionConfiguration": {
"type": "object",
"properties": {
"repositoryEndpointMetadata": {
"type": "object",
"properties": {
"hostUrl": {
"type": "string",
"pattern": "^(?!(^(https?|ftp|file):\\/\\/))[a-z0-9-]+(.service-now.com|.servicenowservices.com)$",
"minLength": 1,
"maxLength": 2048
},
"authType": {
"type": "string",
"enum": ["basicAuth", "OAuth2"]
}
},
"required": ["hostUrl", "authType"]
}
},
"required": ["repositoryEndpointMetadata"]
},
"repositoryConfigurations": {
"type": "object",
"properties": {
"knowledgeArticle": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "STRING_LIST"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"attachment": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "LONG", "DATE", "STRING_LIST"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"serviceCatalog": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "STRING_LIST"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
},
"incident": {
"type": "object",
"properties": {
"fieldMappings": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"indexFieldName": {
"type": "string"
},
"indexFieldType": {
"type": "string",
"enum": ["STRING", "DATE", "STRING_LIST"]
},
"dataSourceFieldName": {
"type": "string"
},
"dateFieldFormat": {
"type": "string",
"pattern": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
},
"required": [
"indexFieldName",
"indexFieldType",
"dataSourceFieldName"
]
}
]
}
},
"required": ["fieldMappings"]
}
}
},
"additionalProperties": {
"type": "object",
"properties": {
"maxFileSizeInMegaBytes": {
"type": "string"
},
"isCrawlKnowledgeArticle": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlKnowledgeArticleAttachment": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"includePublicArticlesOnly": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"knowledgeArticleFilter": {
"type": "string"
},
"incidentQueryFilter": {
"type": "string"
},
"serviceCatalogQueryFilter": {
"type": "string"
},
"isCrawlServiceCatalog": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlServiceCatalogAttachment": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlActiveServiceCatalog": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlInactiveServiceCatalog": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlIncident": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlIncidentAttachment": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlActiveIncident": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"isCrawlInactiveIncident": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"applyACLForKnowledgeArticle": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"applyACLForServiceCatalog": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"applyACLForIncident": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
]
},
"incidentStateType": {
"type": "array",
"items": {
"type": "string",
"enum": ["Open", "Open - Unassigned", "Resolved", "All"]
}
},
"knowledgeArticleTitleRegExp": {
"type": "string"
},
"serviceCatalogTitleRegExp": {
"type": "string"
},
"incidentTitleRegExp": {
"type": "string"
},
"inclusionFileTypePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFileTypePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusionFileNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"exclusionFileNamePatterns": {
"type": "array",
"items": {
"type": "string"
}
},
"enableDeletionProtection": {
"anyOf": [
{
"type": "boolean"
},
{
"type": "string",
"enum": ["true", "false"]
}
],
"default": false
},
"deletionProtectionThreshold": {
"type": "string",
"default": "15"
}
},
"required": []
},
"version": {
"type": "string",
"anyOf": [
{
"pattern": "1.0.0"
}
]
},
"required": [
"type",
"syncMode",
"secretArn",
"connectionConfiguration",
"repositoryConfigurations",
"additionalProperties"
]
}
}
```
### ServiceNow JSON schema example for using the configuration property with AWS CloudFormation
The following is the ServiceNow JSON schema example for the configuration property for CloudFormation
```
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "CloudFormation SERVICENOW Data Source Template",
"Resources": {
"DataSourceServiceNow": {
"Type": "AWS::QBusiness::DataSource",
"Properties": {
"ApplicationId": "app12345-1234-1234-1234-123456789012",
"IndexId": "indx1234-1234-1234-1234-123456789012",
"DisplayName": "MyServiceNowDataSource",
"RoleArn": "arn:aws:iam::123456789012:role/qbusiness-data-source-role",
"Configuration": {
"type": "SERVICENOWV2",
"syncMode": "FULL_CRAWL",
"secretArn": "arn:aws:secretsmanager:us-west-2:123456789012:secret:my-servicenow-secret",
"enableIdentityCrawler": "true",
"connectionConfiguration": {
"repositoryEndpointMetadata": {
"hostUrl": "mycompany.service-now.com",
"authType": "basicAuth",
}
},
"repositoryConfigurations": {
"knowledgeArticle": {
"fieldMappings": [
{
"indexFieldName": "article_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"attachment": {
"fieldMappings": [
{
"indexFieldName": "attachment_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"serviceCatalog": {
"fieldMappings": [
{
"indexFieldName": "catalog_item_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
},
"incident": {
"fieldMappings": [
{
"indexFieldName": "incident_id",
"indexFieldType": "STRING",
"dataSourceFieldName": "id",
"dateFieldFormat": "yyyy-MM-dd'T'HH:mm:ss'Z'"
}
]
}
},
"additionalProperties": {
"maxFileSizeInMegaBytes": "50",
"isCrawlKnowledgeArticle": "true",
"isCrawlKnowledgeArticleAttachment": "true",
"includePublicArticlesOnly": "false",
"knowledgeArticleFilter": "filter_condition",
"incidentQueryFilter": "incident_condition",
"serviceCatalogQueryFilter": "service_catalog_condition",
"isCrawlServiceCatalog": "true",
"isCrawlServiceCatalogAttachment": "true",
"isCrawlActiveServiceCatalog": "true",
"isCrawlInactiveServiceCatalog": "false",
"isCrawlIncident": "true",
"isCrawlIncidentAttachment": "false",
"isCrawlActiveIncident": "true",
"isCrawlInactiveIncident": "false",
"applyACLForKnowledgeArticle": "true",
"applyACLForServiceCatalog": "true",
"applyACLForIncident": "true",
"incidentStateType": ["Open", "Resolved"],
"knowledgeArticleTitleRegExp": ".*",
"serviceCatalogTitleRegExp": ".*",
"incidentTitleRegExp": ".*",
"inclusionFileTypePatterns": ["*.pdf", "*.docx"],
"exclusionFileTypePatterns": ["*.tmp"],
"inclusionFileNamePatterns": ["important-*"],
"exclusionFileNamePatterns": ["temporary-*"],
"enableDeletionProtection": "false",
"deletionProtectionThreshold": "15"
}
}
}
}
}
}
```
## ServiceNow YAML schema for using the configuration property with AWS CloudFormation
The following is the ServiceNow YAML schema and examples for the configuration property for AWS CloudFormation:
**Topics**
+ [
### ServiceNow YAML schema for using the configuration property with AWS CloudFormation
](#servicenow-cfn-yaml-schema)
+ [
### ServiceNow YAML schema example for using the configuration property with AWS CloudFormation
](#servicenow-cfn-yaml-example)
### ServiceNow YAML schema for using the configuration property with AWS CloudFormation
The following is the ServiceNow YAML schema for the configuration property for CloudFormation.
```
type: object
properties:
type:
type: string
enum:
- SERVICENOWV2
- SERVICENOW
syncMode:
type: string
enum:
- FORCED_FULL_CRAWL
- FULL_CRAWL
secretArn:
type: string
minLength: 20
maxLength: 2048
enableIdentityCrawler:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
connectionConfiguration:
type: object
properties:
repositoryEndpointMetadata:
type: object
properties:
hostUrl:
type: string
pattern: "^(?!(^(https?|ftp|file):\\/\\/))[a-z0-9-]+(.service-now.com|.servicenowservices.com)$"
minLength: 1
maxLength: 2048
authType:
type: string
enum:
- basicAuth
- OAuth2
required:
- hostUrl
- authType
required:
- repositoryEndpointMetadata
repositoryConfigurations:
type: object
properties:
knowledgeArticle:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- DATE
- STRING_LIST
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
attachment:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- LONG
- DATE
- STRING_LIST
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
serviceCatalog:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- DATE
- STRING_LIST
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
incident:
type: object
properties:
fieldMappings:
type: array
items:
type: object
properties:
indexFieldName:
type: string
indexFieldType:
type: string
enum:
- STRING
- DATE
- STRING_LIST
dataSourceFieldName:
type: string
dateFieldFormat:
type: string
pattern: "yyyy-MM-dd'T'HH:mm:ss'Z'"
required:
- indexFieldName
- indexFieldType
- dataSourceFieldName
required:
- fieldMappings
additionalProperties:
type: object
properties:
maxFileSizeInMegaBytes:
type: string
isCrawlKnowledgeArticle:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
isCrawlKnowledgeArticleAttachment:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
includePublicArticlesOnly:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
knowledgeArticleFilter:
type: string
incidentQueryFilter:
type: string
serviceCatalogQueryFilter:
type: string
isCrawlServiceCatalog:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
isCrawlServiceCatalogAttachment:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
isCrawlActiveServiceCatalog:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
isCrawlInactiveServiceCatalog:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
isCrawlIncident:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
isCrawlIncidentAttachment:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
isCrawlActiveIncident:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
isCrawlInactiveIncident:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
applyACLForKnowledgeArticle:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
applyACLForServiceCatalog:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
applyACLForIncident:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
incidentStateType:
type: array
items:
type: string
enum:
- Open
- Open - Unassigned
- Resolved
- All
knowledgeArticleTitleRegExp:
type: string
serviceCatalogTitleRegExp:
type: string
incidentTitleRegExp:
type: string
inclusionFileTypePatterns:
type: array
items:
type: string
exclusionFileTypePatterns:
type: array
items:
type: string
inclusionFileNamePatterns:
type: array
items:
type: string
exclusionFileNamePatterns:
type: array
items:
type: string
enableDeletionProtection:
anyOf:
- type: boolean
- type: string
enum:
- "true"
- "false"
default: false
deletionProtectionThreshold:
type: string
default: "15"
required: []
version:
type: string
anyOf:
- pattern: "1.0.0"
required:
- type
- syncMode
- secretArn
- connectionConfiguration
- repositoryConfigurations
- additionalProperties
```
### ServiceNow YAML schema example for using the configuration property with AWS CloudFormation
The following is the ServiceNow YAML example for the Configuration property for CloudFormation:
```
AWSTemplateFormatVersion: "2010-09-09"
Description: CloudFormation SERVICENOW Data Source Template
Resources:
DataSourceServiceNow:
Type: AWS::QBusiness::DataSource
Properties:
ApplicationId: app12345-1234-1234-1234-123456789012
IndexId: indx1234-1234-1234-1234-123456789012
DisplayName: MyServiceNowDataSource
RoleArn: arn:aws:iam::123456789012:role/qbusiness-data-source-role
Configuration:
type: SERVICENOWV2
syncMode: FULL_CRAWL
secretArn: arn:aws:secretsmanager:us-west-2:123456789012:secret:my-servicenow-secret
enableIdentityCrawler: "true"
connectionConfiguration:
repositoryEndpointMetadata:
hostUrl: mycompany.service-now.com
authType: basicAuth
repositoryConfigurations:
knowledgeArticle:
fieldMappings:
- indexFieldName: article_id
indexFieldType: STRING
dataSourceFieldName: id
dateFieldFormat: yyyy-MM-dd'T'HH:mm:ss'Z'
attachment:
fieldMappings:
- indexFieldName: attachment_id
indexFieldType: STRING
dataSourceFieldName: id
dateFieldFormat: yyyy-MM-dd'T'HH:mm:ss'Z'
serviceCatalog:
fieldMappings:
- indexFieldName: catalog_item_id
indexFieldType: STRING
dataSourceFieldName: id
dateFieldFormat: yyyy-MM-dd'T'HH:mm:ss'Z'
incident:
fieldMappings:
- indexFieldName: incident_id
indexFieldType: STRING
dataSourceFieldName: id
dateFieldFormat: yyyy-MM-dd'T'HH:mm:ss'Z'
additionalProperties:
maxFileSizeInMegaBytes: "50"
isCrawlKnowledgeArticle: "true"
isCrawlKnowledgeArticleAttachment: "true"
includePublicArticlesOnly: "false"
knowledgeArticleFilter: filter_condition
incidentQueryFilter: incident_condition
serviceCatalogQueryFilter: service_catalog_condition
isCrawlServiceCatalog: "true"
isCrawlServiceCatalogAttachment: "true"
isCrawlActiveServiceCatalog: "true"
isCrawlInactiveServiceCatalog: "false"
isCrawlIncident: "true"
isCrawlIncidentAttachment: "false"
isCrawlActiveIncident: "true"
isCrawlInactiveIncident: "false"
applyACLForKnowledgeArticle: "true"
applyACLForServiceCatalog: "true"
applyACLForIncident: "true"
incidentStateType:
- Open
- Resolved
knowledgeArticleTitleRegExp: ".*"
serviceCatalogTitleRegExp: ".*"
incidentTitleRegExp: ".*"
inclusionFileTypePatterns:
- "*.pdf"
- "*.docx"
exclusionFileTypePatterns:
- "*.tmp"
inclusionFileNamePatterns:
- important-*
exclusionFileNamePatterns:
- temporary-*
enableDeletionProtection: "false"
deletionProtectionThreshold: "15"
```
# How Amazon Q Business connector crawls ServiceNow ACLs
Connectors support crawling ACL and identity information where applicable based on the data source. If you index documents without ACLs, all documents are considered public. Indexing documents with ACLs ensures data security.
Amazon Q Business supports crawling ACLs for document security by default.
When you connect an ServiceNow data source to Amazon Q Business, Amazon Q Business crawls ACL information attached to a document (user and group information) from your ServiceNow instance. If you choose to activate ACL crawling, the information can be used to filter chat responses to your end user's document access level.
**Note**
Amazon Q Business supports:
Role-based, static ACLs for Service Catalogs
Role-based, static ACLs for Knowledge Bases
Role-based, static ACLs for Incidents
Amazon Q Business does not honor limitations set by ServiceNow's advanced ACLs on documents.
The group and user IDs are mapped as follows:
+ `_group_ids` – Group IDs exist in ServiceNow on files where there are set access permissions. They're mapped from the role names of `sys_ids` in ServiceNow.
+ `_user_id` – User IDs exist in ServiceNow on files where there are set access permissions. They're mapped from the user emails as the IDs in ServiceNow.
**Important**
To maintain secure access control for Amazon Q Business, each user must have a unique email address across all connected data sources.
In ServiceNow users can share an email address while having a different application-specific unique identifier. However, in Amazon Q Business email addresses act as unique identifiers.
This means that if a document is shared with a particular user (for example, arnav\$1desai@example.com who is part of pentesters@example.com) on the basis of an application-specific unique ID, every other user who shares pentesters@example.com (for example, xiulan\$1wang@example.com and efua\$1owusu@example.com, both of whom are part of pentesters@example.com) can receive Amazon Q Business responses with content from a document that was shared only with Arnav. Similarly, content created by Arnav that only he should be able to access via Amazon Q Business chat responses, could also be part of Amazon Q Business chat responses for Xiulan and Efua, because they share the same email address.
For more information, see:
+ [Authorization](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-authorization)
+ [Identity crawler](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-concepts.html#connector-identity-crawler)
+ [Understanding User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html)
# ServiceNow Online data source connector field mappings
To improve retrieved results and customize the end user chat experience, Amazon Q Business enables you to map document attributes from your data sources to fields in your Amazon Q index.
Amazon Q offers two kinds of attributes to map to index fields:
+ **Reserved or default** – Reserved attributes are based on document attributes that commonly occur in most data. You can use reserved attributes to map commonly occurring document attributes in your data source to Amazon Q index fields.
+ **Custom** – You can create custom attributes to map document attributes that are unique to your data to Amazon Q index fields.
When you connect Amazon Q to a data source, Amazon Q automatically maps specific data source document attributes to fields within an Amazon Q index. If a document attribute in your data source doesn't have a attribute mapping already available, or if you want to map additional document attributes to index fields, use the custom field mappings to specify how a data source attribute maps to an Amazon Q index field. You create field mappings by editing your data source after your application and retriever are created.
To learn more about document attributes and how they work in Amazon Q, see [Document attributes and types in Amazon Q](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/doc-attributes.html).
**Important**
Filtering using document attributes in chat is only supported through the API.
The Amazon Q ServiceNow connector supports the following entities and the associated reserved and custom attributes.
**Topics**
+ [
## Knowledge articles
](#servicenow-field-mappings-ka)
+ [
## Service catalog
](#servicenow-field-mappings-sc)
+ [
## Attachments
](#servicenow-field-mappings-attachment)
+ [
## Incidents
](#servicenow-field-mappings-incidents)
## Knowledge articles
Amazon Q supports crawling [ServiceNow Online Knowledge articles](https://docs.servicenow.com/bundle/xanadu-servicenow-platform/page/product/knowledge-management/task/create-knowledge-article.html) and offers the following knowledge article field mappings.
| ServiceNow field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| text | sn\$1ka\$1text | Custom | String |
| short\$1description | sn\$1ka\$1short\$1description | Custom | String |
| sys\$1created\$1on | \$1created\$1at | Default | Date |
| sys\$1updated\$1on | \$1last\$1updated\$1at | Default | Date |
| kb\$1category\$1name | \$1category | Default | String |
| sys\$1created\$1by | \$1authors | Default | String |
| sys\$1updated\$1by | sn\$1updatedBy | Custom | String |
| sys\$1id | sn\$1sys\$1id | Custom | String |
| published | sn\$1ka\$1publish\$1date | Custom | Date |
| workflow\$1state | sn\$1ka\$1workflow\$1state | Custom | String |
| kb\$1category | sn\$1ka\$1category | Custom | String |
| article\$1type | sn\$1ka\$1article\$1type | Custom | String |
| first\$1name | sn\$1ka\$1first\$1name | Custom | String |
| last\$1name | sn\$1ka\$1last\$1name | Custom | String |
| user\$1name | sn\$1ka\$1user\$1name | Custom | String |
| valid\$1to | sn\$1ka\$1valid\$1to | Custom | Date |
| kb\$1knowledge\$1base | sn\$1ka\$1knowledge\$1base | Custom | String |
| number | sn\$1ka\$1number | Custom | String |
| url | sn\$1url | Custom | String |
| diplayUrl | \$1source\$1uri | Default | String |
| replacement\$1article | sn\$1ka\$1replacement\$1article | Custom | String |
| description | sn\$1ka\$1description | Custom | String |
| wiki | sn\$1ka\$1wiki | Custom | String |
| rating | sn\$1ka\$1rating | Custom | String |
| rating | sn\$1ka\$1rating | Custom | String |
| view\$1as\$1allowed | sn\$1ka\$1view\$1as\$1allowed | Custom | String |
| source | sn\$1ka\$1source | Custom | String |
| image | sn\$1ka\$1image | Custom | String |
| author | sn\$1ka\$1author | Custom | String |
| active | sn\$1ka\$1active | Custom | String |
| helpful\$1count | sn\$1ka\$1helpful\$1count | Custom | String |
| meta\$1description | sn\$1ka\$1meta\$1description | Custom | String |
| meta | sn\$1ka\$1meta | Custom | String |
| topic | sn\$1ka\$1topic | Custom | String |
| roles | sn\$1ka\$1roles | Custom | String |
| disable\$1suggesting | sn\$1ka\$1disable\$1suggesting | Custom | String |
| use\$1count | sn\$1ka\$1use\$1count | Custom | String |
| flagged | sn\$1ka\$1flagged | Custom | String |
| disable\$1commenting | sn\$1ka\$1disable\$1commenting | Custom | String |
| retired | sn\$1ka\$1retired | Custom | String |
| display\$1attachments | sn\$1ka\$1display\$1attachments | Custom | String |
| taxonomy\$1topic | sn\$1ka\$1taxonomy\$1topic | Custom | String |
## Service catalog
Amazon Q supports crawling [ServiceNow Online service catalogs](https://docs.servicenow.com/bundle/vancouver-servicenow-platform/page/product/service-catalog-management/concept/service-catalog.html) and offers the following service catalog field mappings.
| ServiceNow field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| description | sn\$1sc\$1description | Custom | String |
| short\$1description | sn\$1sc\$1short\$1description | Custom | String |
| sys\$1created\$1on | \$1created\$1at | Default | Date |
| sys\$1updated\$1on | \$1last\$1updated\$1at | Default | Date |
| category\$1name | \$1category | Default | String |
| sys\$1created\$1by | \$1authors | Default | String list |
| sys\$1updated\$1by | sn\$1updated\$1by | Custom | String |
| sys\$1id | sn\$1sys\$1id | Custom | String |
| sc\$1catalogs | sn\$1sc\$1catalogs | Custom | String |
| sc\$1catalogs\$1name | sn\$1sc\$1catalogs\$1name | Custom | String |
| category | sn\$1sc\$1category | Custom | String |
| category\$1full\$1name | sn\$1sc\$1category | Custom | String |
| url | sn\$1url | Custom | String |
| displayUrl | \$1source\$1uri | Default | String |
| show\$1variable\$1help\$1on\$1load | sn\$1sc\$1show\$1var\$1help\$1on\$1load | Custom | String |
| no\$1order\$1now | sn\$1sc\$1no\$1order\$1now | Custom | String |
| sc\$1ic\$1version | sn\$1sc\$1sc\$1ic\$1version | Custom | String |
| delivery\$1time | sn\$1sc\$1deliver\$1time | Custom | String |
| published\$1ref | sn\$1sc\$1published\$1ref | Custom | String |
| price | sn\$1sc\$1price | Custom | String |
| recurring\$1frequency | sn\$1sc\$1recurring\$1frequency | Custom | String |
| sys\$1name | sn\$1sc\$1sys\$1name | Custom | String |
| model | sn\$1sc\$1model | Custom | String |
| state | sn\$1sc\$1state | Custom | String |
| no\$1cart | sn\$1sc\$1no\$1cart | Custom | String |
| group | sn\$1sc\$1group | Custom | String |
| hide\$1sp | sn\$1sc\$1hide\$1sp | Custom | String |
| order | sn\$1sc\$1order | Custom | String |
| start\$1closed | sn\$1sc\$1start\$1closed | Custom | String |
| image | sn\$1sc\$1image | Custom | String |
| no\$1quantity | sn\$1sc\$1no\$1quantity | Custom | String |
| delivery\$1plan | sn\$1sc\$1delivery\$1plan | Custom | String |
| active | sn\$1sc\$1active | Custom | String |
| checked\$1out | sn\$1sc\$1checked\$1out | Custom | String |
| custom\$1cart | sn\$1sc\$1custom\$1cart | Custom | String |
| no\$1cart\$1v2 | sn\$1sc\$1no\$1cart\$1v2 | Custom | String |
| no\$1proceed\$1checkout | sn\$1sc\$1no\$1proceed\$1checkout | Custom | String |
| ignore\$1price | sn\$1sc\$1ignore\$1price | Custom | String |
| sys\$1update\$1name | sn\$1sc\$1sys\$1update\$1name | Custom | String |
| meta | sn\$1sc\$1meta | Custom | String |
| omit\$1price | sn\$1sc\$1omit\$1price | Custom | String |
| name | sn\$1sc\$1name | Custom | String |
| mobile\$1hide\$1price | sn\$1sc\$1mobile\$1hide\$1price | Custom | String |
| no\$1wishlist\$1v2 | sn\$1sc\$1no\$1wishlist\$1v2 | Custom | String |
| preview | sn\$1sc\$1preview | Custom | String |
| type | sn\$1sc\$1type | Custom | String |
| access\$1type | sn\$1sc\$1access\$1type | Custom | String |
| roles | sn\$1sc\$1roles | Custom | String |
| icon | sn\$1sc\$1icon | Custom | String |
| mobile\$1picture | sn\$1sc\$1mobile\$1picture | Custom | String |
| availability | sn\$1sc\$1availability | Custom | String |
| mandatory\$1attachment | sn\$1sc\$1mandatory\$1attachment | Custom | String |
| request\$1method | sn\$1sc\$1request\$1method | Custom | String |
| visible\$1guide | sn\$1sc\$1visible\$1guide | Custom | String |
| visible\$1standalone | sn\$1sc\$1visible\$1standalone | Custom | String |
| no\$1order | sn\$1sc\$1no\$1order | Custom | String |
| vendor | sn\$1sc\$1vendor | Custom | String |
| no\$1attachment\$1v2 | sn\$1sc\$1no\$1attachment\$1v2 | Custom | String |
| mobile\$1picture\$1type | sn\$1sc\$1mobile\$1picture\$1type | Custom | String |
| visible\$1bundle | sn\$1sc\$1visible\$1bundle | Custom | String |
| ordered\$1item\$1link | sn\$1sc\$1ordered\$1item\$1link | Custom | String |
| owner | sn\$1sc\$1owner | Custom | String |
| no\$1delivery\$1time\$1v2 | sn\$1sc\$1no\$1delivery\$1time\$1v2 | Custom | String |
| cost | sn\$1sc\$1cost | Custom | String |
| no\$1quantity\$1v2 | sn\$1sc\$1no\$1quantity\$1v2 | Custom | String |
| recurring\$1price | sn\$1sc\$1recurring\$1price | Custom | String |
| list\$1price | sn\$1sc\$1list\$1price | Custom | String |
| syst\$1tags | sn\$1sc\$1sys\$1tags | Custom | String |
| billable | sn\$1sc\$1billable | Custom | String |
| picture | sn\$1sc\$1picture | Custom | String |
| display\$1price\$1property | sn\$1sc\$1display\$1price\$1property | Custom | String |
| taxonomy\$1topic | sn\$1sc\$1taxonomy\$1topic | Custom | String |
| delivery\$1plain\$1script | sn\$1sc\$1delivery\$1plain\$1script | Custom | String |
| location | sn\$1sc\$1location | Custom | String |
## Attachments
Amazon Q supports crawling [ServiceNow Online attachments](https://docs.servicenow.com/bundle/tokyo-platform-user-interface/page/use/using-forms/task/t_AddingAnAttachment.html) and offers the following attachment field mappings.
| ServiceNow field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| size\$1bytes | sn\$1file\$1size | Custom | Long (numeric) |
| file\$1name | sn\$1file\$1name | Custom | String |
| sys\$1mod\$1count | sn\$1sys\$1mod\$1count | Custom | String |
| average\$1image\$1color | sn\$1average\$1image\$1color | Custom | String |
| image\$1width | sn\$1image\$1width | Custom | String |
| sys\$1updated\$1on | \$1last\$1updated\$1at | Default | Date |
| sys\$1tags | sn\$1sys\$1tags | Custom | String |
| table\$1name | sn\$1table\$1name | Custom | String |
| sys\$1id | sn\$1sys\$1id | Custom | String |
| image\$1height | sn\$1image\$1height | Custom | String |
| sys\$1updated\$1by | sn\$1updated\$1by | Custom | String |
| content\$1type | sn\$1content\$1type | Custom | String |
| sys\$1created\$1on | \$1created\$1at | Default | Date |
| size\$1compressed | sn\$1size\$1compressed | Custom | String |
| compressed | sn\$1compressed | Custom | String |
| state | sn\$1state | Custom | String |
| table\$1sys\$1id | sn\$1table\$1sys\$1id | Custom | String |
| chunk\$1size\$1bytes | sn\$1chunk\$1size\$1bytes | Custom | String |
| hash | sn\$1hash | Custom | String |
| sys\$1created\$1by | \$1authors | Default | String list |
| sys\$1updated\$1by | sn\$1updated\$1by | Custom | String |
| url | sn\$1url | Custom | String |
| displayUrl | \$1source\$1uri | Default | String |
## Incidents
Amazon Q supports crawling [ServiceNow Online incidents](https://docs.servicenow.com/bundle/tokyo-it-service-management/page/product/incident-management/concept/c_IncidentManagement.html) and offers the following incident field mappings.
| ServiceNow field name | Index field name | Description | Data type |
| --- | --- | --- | --- |
| short\$1description | sn\$1inc\$1short\$1description | Custom | String |
| description | sn\$1inc\$1description | Custom | String |
| sys\$1updated\$1on | \$1last\$1updated\$1at | Default | Date |
| number | sn\$1inc\$1number | Custom | String |
| sys\$1updated\$1by | sn\$1updatedBy | Custom | String |
| displayUrl | \$1source\$1uri | Default | String |
| opened\$1by | sn\$1inc\$1opened\$1by | Custom | String |
| sys\$1created\$1on | \$1created\$1at | Default | Date |
| state | sn\$1inc\$1state | Custom | String |
| sys\$1created\$1by | \$1authors | Default | String list |
| business\$1impact | sn\$1inc\$1business\$1impact | Default | String |
| impact | sn\$1inc\$1business\$1impact | Custom | String |
| priority | sn\$1inc\$1priority | Custom | String |
| urgency | sn\$1inc\$1urgency | Custom | String |
| opened\$1at | an\$1inc\$1opened\$1at | Custom | String |
| business\$1duration | sn\$1inc\$1business\$1duration | Custom | String |
| caller\$1id | sn\$1inc\$1caller\$1id | Custom | String |
| resolved\$1at | sn\$1inc\$1resolved\$1at | Custom | String |
| category | sn\$1inc\$1category | Custom | String |
| subcategory | sn\$1inc\$1subcategory | Custom | String |
| close\$1code | sn\$1inc\$1close\$1code | Custom | String |
| assignment\$1group | sn\$1inc\$1assignment\$1group | Custom | String |
| close\$1notes | sn\$1inc\$1close\$1notes | Custom | String |
| displayUrl | \$1source\$1uri | Default | String |
| sys\$1class\$1name | sn\$1inc\$1sys\$1class\$1name | Custom | String |
| parent\$1incident | an\$1inc\$1parent\$1incident | Custom | String |
| incident\$1state | sn\$1incident\$1state | Custom | String |
| company | sn\$1inc\$1company | Custom | String |
| assigned\$1to | sn\$1inc\$1assigned\$1to | Custom | String |
| hold\$1reason | an\$1inc\$1hold\$1reason | Custom | String |
| work\$1notes | sn\$1inc\$1work\$1notes | Custom | String |
| comments\$1and\$1work\$1notes | sn\$1inc\$1comments\$1and\$1work\$1notes | Custom | String |
| work\$1notes\$1list | sn\$1work\$1notes\$1list | Custom | String |
| comments | sn\$1inc\$1comments | Custom | String |
| sys\$1id | sn\$1inc\$1sys\$1id | Custom | String |
| url | sn\$1url | Custom | String |
| active | sn\$1inc\$1active | Custom | String |
| activity\$1due | sn\$1inc\$1activity\$1due | Custom | String |
| additional\$1assignee\$1list | sn\$1inc\$1additional\$1assign\$1list | Custom | String |
| approval | sn\$1inc\$1approval | Custom | String |
| approval\$1history | sn\$1inc\$1approval\$1history | Custom | String |
| approval\$1set | sn\$1inc\$1approval\$1set | Custom | Date |
| business\$1service | sn\$1inc\$1business\$1service | Custom | String |
| closed\$1by | sn\$1inc\$1closed\$1by | Custom | String |
| cmdb\$1ci | sn\$1inc\$1cmdb\$1id | Custom | String |
| resolved\$1by | sn\$1inc\$1resolved\$1by | Custom | String |
| sys\$1domain | sn\$1inc\$1sys\$1domain | Custom | String |
| business\$1stc | sn\$1inc\$1business\$1stc | Custom | String |
| calendar\$1duration | sn\$1inc\$1calendar\$1duration | Custom | String |
| calendar\$1stc | sn\$1inc\$1calendar\$1stc | Custom | String |
| cause | sn\$1inc\$1cause | Custom | String |
| caused\$1by | sn\$1inc\$1caused\$1by | Custom | String |
| child\$1incidents | sn\$1inc\$1child\$1incidents | Custom | String |
| closed\$1at | sn\$1inc\$1closed\$1at | Custom | String |
| contact\$1type | sn\$1inc\$1contact\$1type | Custom | String |
| contract | sn\$1inc\$1contract | Custom | String |
| correlation\$1display | sn\$1inc\$1correlation\$1display | Custom | String |
| delivery\$1plan | sn\$1inc\$1delivery\$1plan | Custom | String |
| delivery\$1task | sn\$1inc\$1delivery\$1task | Custom | String |
| due\$1date | sn\$1inc\$1due\$1date | Custom | String |
| escalation | sn\$1inc\$1escalation | Custom | String |
| expected\$1start | sn\$1inc\$1expected\$1start | Custom | String |
| follow\$1up | sn\$1inc\$1follow\$1up | Custom | String |
| group\$1list | sn\$1inc\$1group\$1list | Custom | String |
| knowledge | sn\$1inc\$1knowledge | Custom | String |
| location | sn\$1inc\$1location | Custom | String |
| made\$1sla | sn\$1inc\$1made\$1sla | Custom | String |
| notify | sn\$1inc\$1notify | Custom | String |
| order | sn\$1inc\$1order | Custom | String |
| origin\$1id | sn\$1inc\$1origin\$1id | Custom | String |
| origin\$1table | sn\$1inc\$1origin\$1table | Custom | String |
| parent | sn\$1inc\$1parent | Custom | String |
| problem\$1id | sn\$1inc\$1problem\$1id | Custom | String |
| reassignment\$1count | sn\$1inc\$1reassignment\$1count | Custom | String |
| repoen\$1count | sn\$1inc\$1reopen\$1count | Custom | String |
| reopened\$1by | sn\$1inc\$1reopened\$1by | Custom | String |
| reopened\$1time | sn\$1inc\$1reopened\$1time | Custom | String |
| rfc | sn\$1inc\$1rfc | Custom | String |
| route\$1reason | sn\$1inc\$1route\$1reason | Custom | String |
| service\$1offering | sn\$1inc\$1service\$1offering | Custom | String |
| severity | sn\$1inc\$1severity | Custom | String |
| sla\$1due | sn\$1inc\$1sla\$1due | Custom | Date |
| task\$1effective\$1number | sn\$1inc\$1task\$1effective\$1number | Custom | String |
| time\$1worked | sn\$1inc\$1time\$1worked | Custom | Date |
| universal\$1request | sn\$1inc\$1universal\$1request | Custom | String |
| upon\$1approval | sn\$1inc\$1upon\$1approval | Custom | String |
| upon\$1reject | sn\$1inc\$1upon\$1reject | Custom | String |
| user\$1input | sn\$1inc\$1user\$1input | Custom | String |
| watch\$1list | sn\$1inc\$1watch\$1list | Custom | String |
| work\$1end | sn\$1inc\$1work\$1end | Custom | String |
| work\$1start | sn\$1inc\$1work\$1start | Custom | String |
# IAM role for Amazon Q Business ServiceNow Online connector
If you use the AWS CLI or an AWS SDK, you must create an AWS Identity and Access Management (IAM) policy before you create an Amazon Q resource. When you call the [CreateDataSource](https://docs.aws.amazon.com/amazonq/latest/api-reference/API_CreateDataSource.html) operation, you provide the Amazon Resource Name (ARN) role with the policy attached.
If you use the AWS Management Console, you can create a new IAM role in the Amazon Q console or use an existing IAM role.
To learn more about IAM roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *AWS Identity and Access Management User Guide*.
To connect your data source connector to Amazon Q, you must give Amazon Q an IAM role that has the following permissions:
+ Permission to access the `BatchPutDocument` and `BatchDeleteDocument` operations to ingest documents.
+ Permission to access the [User Store](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/connector-principal-store.html) API operations to ingest user and group access control information from documents.
+ Permission to access your AWS Secrets Manager secret to authenticate your data source connector instance.
+ **(Optional)** If you're using Amazon VPC, permission to access your Amazon VPC.
```
{
"Version": "2012-10-17", ,
"Statement": [
{
"Sid": "AllowsAmazonQToGetSecret",
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue"
],
"Resource": [
"arn:aws:secretsmanager:{{region}}:{{account_id}}:secret:[[secret_id]]"
]
},
{
"Sid": "AllowsAmazonQToDecryptSecret",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"arn:aws:kms:{{region}}:{{account_id}}:key/[[key_id]]"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"secretsmanager.*.amazonaws.com"
]
}
}
},
{
"Sid": "AllowsAmazonQToIngestDocuments",
"Effect": "Allow",
"Action": [
"qbusiness:BatchPutDocument",
"qbusiness:BatchDeleteDocument"
],
"Resource": [
"arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}",
"arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}/index/{{index_id}}"
]
},
{
"Sid": "AllowsAmazonQToIngestPrincipalMapping",
"Effect": "Allow",
"Action": [
"qbusiness:PutGroup",
"qbusiness:CreateUser",
"qbusiness:DeleteGroup",
"qbusiness:UpdateUser",
"qbusiness:ListGroups"
],
"Resource": [
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}",
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}",
"arn:aws:qbusiness:{{region}}:{{account_id}}:application/{{application_id}}/index/{{index_id}}/data-source/*"
]
},
{
"Sid": "AllowsAmazonQToCreateAndDeleteNI",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": [
"arn:aws:ec2:{{region}}:{{account_id}}:subnet/[[subnet_ids]]",
"arn:aws:ec2:{{region}}:{{account_id}}:security-group/[[security_group]]"
]
},
{
"Sid": "AllowsAmazonQToCreateAndDeleteNIForSpecificTag",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringLike": {
"aws:RequestTag/AMAZON_Q": "qbusiness_{{account_id}}_{{application_id}}_*"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"AMAZON_Q"
]
}
}
},
{
"Sid": "AllowsAmazonQToCreateTags",
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CreateNetworkInterface"
}
}
},
{
"Sid": "AllowsAmazonQToCreateNetworkInterfacePermission",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterfacePermission"
],
"Resource": "arn:aws:ec2:{{region}}:{{account_id}}:network-interface/*",
"Condition": {
"StringLike": {
"aws:ResourceTag/AMAZON_Q": "qbusiness_{{account_id}}_{{application_id}}_*"
}
}
},
{
"Sid": "AllowsAmazonQToDescribeResourcesForVPC",
"Effect": "Allow",
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeSubnets"
],
"Resource": "*"
}
]
}
```
**To allow Amazon Q to assume a role, you must also use the following trust policy:**
```
{
"Version": "2012-10-17", ,
"Statement": [
{
"Sid": "AllowsAmazonQServicePrincipal",
"Effect": "Allow",
"Principal": {
"Service": "qbusiness.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{{source_account}}"
},
"ArnEquals": {
"aws:SourceArn": "arn:aws:qbusiness:{{region}}:{{source_account}}:application/{{application_id}}"
}
}
}
]
}
```
For more information on Amazon Q data source connector IAM roles, see [IAM roles for Amazon Q data source connectors](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/iam-roles.html#iam-roles-ds).
# Understand error codes in the Amazon Q Business ServiceNow Online connector
The following table provides information about error codes you may see for the ServiceNow Online connector and suggested resolutions.
| Error code | Error message | Suggested resolution |
| --- | --- | --- |
| SRN-5001 | Error validating credentials due to invalid client id or client secret or username or password. | Provide a valid client id/client secret/username/password. |
| SRN-5002 | Error validating credentials due to invalid username or password. | Provide a valid username/password. |
| SRN-5003 | Access token is empty or null. | Provide a non empty or non null access token. |
| SRN-5004 | Client ID exceeded the allowed length. | Provide a valid Client ID. |
| SRN-5005 | Client Secret exceeded the allowed length. | Provide a valid Client Secret. |
| SRN-5006 | Password exceeded the allowed length. | Provide a valid Password. |
| SRN-5007 | clientSecret contains non-printable Ascii characters. | Provide a valid clientSecret. |
| SRN-5008 | clientId contains non-printable Ascii characters. | Provide a valid clientId. |
| SRN-5010 | Error validating credentials due to invalid username or password. | Provide a valid username/password. |
| SRN-5011 | Amazon Q can't connect to the ServiceNow server with the specified credentials. | Provide admin credentials and try your request again. |
| SRN-5014 | ServiceNow instance is not available. | Check your ServiceNow instance before crawling. |
| SRN-5100 | Client id should not be empty. | Provide a valid client id. |
| SRN-5101 | Client secret should not be empty. | Provide a valid client secret. |
| SRN-5102 | User name should not be empty. | Provide a valid username. |
| SRN-5103 | Password should not be empty. | Provide a valid password. |
| SRN-5104 | Auth type should not be empty. | Provide an auth Type. |
| SRN-5105 | Incorrect auth type. | Auth type should be basicAuth or OAuth2. |
| SRN-5106 | Host url should not be empty. | Provide a valid host url. |
| SRN-5120 | crawlType should not be empty. | crawlType should be FORCED\$1FULL\$1CRAWL or FULL\$1CRAWL or CHANGE\$1LOG. |
| SRN-5122 | isCrawlKnowledgeArticle should not be empty. | Provide valid isCrawlKnowledgeArticle. |
| SRN-5123 | Invalid isCrawlKnowledgeArticle value. | isCrawlKnowledgeArticle should be true or false. |
| SRN-5124 | isCrawlKnowledgeArticleAttachment should not be empty. | Provide valid isCrawlKnowledgeArticleAttachment. |
| SRN-5125 | Invalid isCrawlKnowledgeArticleAttachment value. | isCrawlKnowledgeArticleAttachment should be true or false. |
| SRN-5126 | isCrawlServiceCatalog should not be empty. | Provide valid isCrawlServiceCatalog. |
| SRN-5127 | invalid isCrawlServiceCatalog value. | isCrawlServiceCatalog should be true or false. |
| SRN-5128 | isCrawlServiceCatalogAttachment should not be empty. | Provide valid isCrawlServiceCatalogAttachment. |
| SRN-5129 | Invalid isCrawlServiceCatalogAttachment value. | isCrawlServiceCatalogAttachment should be true or false. |
| SRN-5130 | isCrawlIncident should not be empty. | Provide valid isCrawlIncident. |
| SRN-5131 | invalid isCrawlIncident value. | isCrawlIncident should be true or false. |
| SRN-5132 | isCrawlIncidentAttachment should not be empty. | Provide valid isCrawlIncidentAttachment. |
| SRN-5133 | Invalid isCrawlIncidentAttachment value. | isCrawlIncidentAttachment should be true or false. |
| SRN-5134 | Invalid incidentStateType. | Invalid incidentStateType. Incident State Type should be All, Open, Open - Unassigned or Resolved. |
| SRN-5135 | applyACLForKnowledgeArticle should not be empty. | Provide valid applyACLForKnowledgeArticle. |
| SRN-5136 | applyACLForServiceCatalog should not be empty. | Provide valid applyACLForServiceCatalog. |
| SRN-5137 | applyACLForIncident should not be empty. | Provide valid applyACLForIncident. |
| SRN-5138 | Invalid applyACLForKnowledgeArticle value. | applyACLForKnowledgeArticle should be true or false. |
| SRN-5139 | Invalid applyACLForServiceCatalog value. | applyACLForServiceCatalog should be true or false. |
| SRN-5140 | Invalid applyACLForIncident value. | applyACLForIncident should be true or false. |
| SRN-5141 | invalid pattern :”file type pattern” | Provide valid patterns. |
| SRN-5142 | includePublicArticlesOnly should not be empty. | Provide valid includePublicArticlesOnly. |
| SRN-5143 | Invalid includePublicArticlesOnly value. | includePublicArticlesOnly should be true or false. |
| SRN-5144 | Invalid URI. | Provide valid URI. |
| SRN-5145 | isCrawlActiveServiceCatalog should not be empty. | Provide valid isCrawlActiveServiceCatalog. |
| SRN-5146 | isCrawlInActiveServiceCatalog should not be empty. | Provide valid isCrawlInactiveServiceCatalog. |
| SRN-5147 | isCrawlActiveIncident should not be empty. | Provide valid isCrawlActiveIncident. |
| SRN-5148 | isCrawlInActiveIncident should not be empty. | Provide valid isCrawlInactiveIncident. |
| SRN-5149 | Invalid isCrawlActiveServiceCatalog value. | isCrawlActiveServiceCatalog should be true or false. |
| SRN-5150 | Invalid isCrawlInactiveServiceCatalog value. | isCrawlInactiveServiceCatalog should be true or false. |
| SRN-5151 | Invalid isCrawlActiveIncident value. | isCrawlActiveIncident should be true or false. |
| SRN-5152 | Invalid isCrawlInactiveIncident value. | isCrawlInactiveIncident should be true or false. |
| SRN-5153 | servicenowInstanceVersion should not be empty. | Provide a valid servicenowInstanceVersion. |
| SRN-5154 | The ServiceNow host name is invalid. | The ServiceNow host name should follow the format: example.service-now.com |
| SRN-5501 | continuableInternalServerError. | Try again later. |