Many organizations utilize ServiceNow for Incident Management and have expressed interest in generating ServiceNow incidents when CloudWatch alarms activate within their AWS environment. The AWS article “Learn how to leverage Amazon CloudWatch alarms to create an incident in ServiceNow” provides guidance on using Amazon Simple Notification Service (SNS) topics to dispatch messages to ServiceNow, thus initiating an incident when a CloudWatch alarm is triggered.
Amazon CloudWatch is a comprehensive monitoring service that allows users to create alarms based on CloudWatch metrics, enabling various configured actions such as notifications or AWS Systems Manager actions when an alarm is activated. ServiceNow functions as an enterprise service management platform, offering a service-oriented perspective on the tasks and processes that facilitate daily operational activities. The AWS Service Management Connector for ServiceNow allows users to manage and operate AWS resources directly through the ServiceNow interface.
This article illustrates how to utilize the AWS Service Management Connector for ServiceNow to create incidents in ServiceNow whenever CloudWatch alarms are triggered.
Prerequisites
To follow along with this guide, you will need the following prerequisites:
- A ServiceNow instance
- An AWS account with IAM access
Configure AWS
- Create IAM users named
SCEndUserandSCSyncUserusing AWS CloudFormation. You can download this CloudFormation template to set up the required users with the necessary privileges.
Note that the permissions granted to SCEndUser and SCSyncUser in this example are limited to incident creation from CloudWatch alarms. If you plan to use the AWS Service Management Connector for ServiceNow for additional purposes such as Service Configuration Management or Change Enablement, consider providing further permissions to these IAM users as outlined in the AWS Documentation.
- Enable OpsCenter in the Systems Manager console as depicted in the following illustration:
- Create a CloudWatch alarm and configure a Systems Manager action for the alarm to generate an OpsItem when triggered.
- For this demonstration, an Amazon EC2 instance has been established, and we will utilize its CPU Utilization metric to set up a CloudWatch alarm. The same methodology applies to other CloudWatch metrics.
- Navigate to the CloudWatch console, select Alarms, and click on Create alarm.
- Choose Select metric and select the metric for which you want to create the CloudWatch alarm.
- In this scenario, I selected the CPU Utilization metric for the previously created EC2 instance.
- Under Conditions, establish the threshold for the CloudWatch alarm. I set the threshold to 90, meaning the alarm will activate when CPU utilization surpasses 90%. Click Next.
- Under Configure actions, select Add Systems Manager action.
- Choose Create OpsItem under Systems Manager action and select the Severity for the OpsItem. Click Next to define the alarm name and then Create alarm.
Configure ServiceNow
Set up a developer ServiceNow instance or utilize your existing ServiceNow instance. I employed a free ServiceNow Developer instance’s admin login for this guide.
Follow the AWS Documentation to configure core ServiceNow components. This includes installing the ServiceNow Connector scoped application, synchronizing AWS accounts in the Connector, validating connectivity to the AWS account, and manually synchronizing scheduled jobs.
Integrate AWS Systems Manager OpsCenter in ServiceNow: Type OpsCenter in the navigator and select AWS Systems Manager – OpsCenter. On this screen, you can opt to create incidents when synchronizing OpsItems. For this article, I chose to create incidents for all severity levels. You can also modify the Assignment Group for the incidents to ensure they are directed to the relevant support teams.
Test the Integration of CloudWatch Alarm and ServiceNow
To verify this integration, we will activate the CloudWatch alarm, which should create an OpsItem in AWS Systems Manager as well as an incident in ServiceNow.
To manually trigger the CloudWatch alarm, I altered the threshold to 0.01% CPU Utilization. You can adjust the threshold according to the metric selected and its current value.
As anticipated, an OpsItem is created in the Systems Manager console for the CloudWatch alarm.
Additionally, an incident is generated in ServiceNow corresponding to the OpsItem/CloudWatch alarm.
Once the incident is resolved in ServiceNow, the OpsItem in the Systems Manager console is also marked as resolved.
Cleanup
To prevent future charges, ensure to delete the resources created during this process: delete the CloudFormation stack, remove the CloudWatch Alarm, and release the ServiceNow Personal Developer Instance.
Conclusion
This article illustrates how to connect ServiceNow with CloudWatch, allowing for the creation of incidents in ServiceNow whenever a CloudWatch alarm is triggered in AWS. This concept can be expanded to include additional CloudWatch metrics or Amazon EventBridge events. When an alarm transitions to the alarm state or an Amazon EventBridge event is processed, you can configure OpsCenter to create both an OpsItem and a ServiceNow incident via the AWS Service Management Connector for ServiceNow. For further insights, you might find this blog post engaging, and for authoritative information, this article is highly recommended. Moreover, if you’re interested in roles related to this field, check out this resource.
Leave a Reply