Configure CSM to Add AWS Product Configuration Items to your CMDB

Prepare your CSM instance for adding new AWS products to your CMDB automatically, based on SNS messages.

Before you begin, complete the global steps outlined in Configure CSM for AWS. To support this use case, you will also need to complete Configure AWS Config for CSM.

The overall workflow for the automatic creation of AWS Product CIs in your CMDB is depicted here:

Workflow for automatic creation of AWS product CIs in the CMDB

This webhook triggers the Create AWS Config Staging One-Step™ Action, which creates an AWS Config Staging Business Object. This object stores incoming AWS Config notifications from Amazon SNS in a new AWS Config Staging object. An automation process (AWS Config Staging - Create CI) then reads this staging record, parses the stored JSON message, and from it creates the CI in your CMDB. Optionally, a separate automation process (AWS Config Staging - Delete Staging Record) can be enabled to follow up and delete the processed AWS Config Staging record.

Webhook passwords should not correspond to any CSM logins. Instead, they are arbitrary and used for the webhook only to enhance security.

  1. If you have not already done so, in CSM Administrator, go to Managers > Webhook Manager and set a custom webhook username and password for the AWS webhooks that were provided with the mApp® Solution.
    1. Copy the Full Endpoint from the General page of the Webhook Manager. Using the new username and password you just set for the webhook, modify the copied URL to the fit the following format; replace the sample information for webhook username and password, as well as the external URL of your CSM server. https://webhookUsername:[email protected]/CherwellAPI/api/Webhooks/createawsconfigstaging
  2. Configure any One-Step™ Actions that parse incoming messages from AWS specific to your Amazon CFTs. Specifically, check these:

    If you are not using AWS Config for your notifications of new devices, you may need to adjust both this One-Step Action and the Automation Process (AWS Config Staging) AWS Config Staging - Create CI. This process expects specific JSON parsing of incoming SNS messages to create CIs properly, so if your JSON is different you may get different results and need to adjust this.

  3. (None) Create AWS Config Staging: This One-Step Action splits up the SNS JSON and stores the message body for the newly-created item in the message field to be parsed later. The AWS Config Staging Record will contain JSON specific to your particular CFTs and to the services that you have enabled in Amazon.
  4. (AWS Config Staging) Create CI from Incident: This One-Step Action is the action for the Automation Process (AWS Config Staging) AWS Config Staging - Create CI. It connects the AWS Config Staging object to the Incident, in case you wish to keep these.
  5. (Incident) Create Config Item: This One-Step Action will create a CI in your CMDB from an AWS Config Staging Record. Change this One-Step Action in order for your CIs to be added correctly to your CMDB. Set up one branch in the decision tree for each CI type that your CFTs reflect. For our example, we set up branches as follows:
    1. EC2: Creates a Config - Cloud Services Virtual Machine configuration item.
    2. RDS: Creates a Config - Cloud Services Database configuration item.
    3. S3 Bucket: Creates a Config - Cloud Services Storage configuration item.