How the AWS mApp® Solution Works

The AWS mApp Solution integrates with AWS Service Catalog so CSM Portal customers and CSM users can directly query the AWS API to provision and terminate the AWS products which their organization has defined and made available in the AWS Service Catalog Portfolio.

This mApp Solution covers these primary use cases:

  • Allow a CSM Portal customer or CSM user to make an AWS request by choosing Desktop Management > Computer > New CFT in the Service Catalog. When the request is approved, the resource is provisioned in AWS and added to the Cherwell CMDB.
  • Allow a CSM Portal customer or CSM user to terminate AWS resources directly from the Cherwell CMDB. Portal users can access their AWS CIs by going to My Items.
  • Allow a user to manually add existing AWS resources directly to the Cherwell CMDB.
  • Create an Incident in CSM for AWS resources that have CloudWatch Alarms in Alarm state, and associate the Incident to a related CSM configuration item.

Overall AWS Workflow

For more details about each of these cases, see:

CSM Features Leveraged in this mApp Solution

This mApp Solution leverages several features of CSM which are either relatively new or more advanced topics. This section serves as an overview of those features.

Action Blocks

Action Blocks are similar to One-Step™ Actions, but can be reused across objects by passing in appropriate object-specific data through parameters.

The provision and terminate use cases in this mApp Solution leverage Action Blocks to make API calls directly to the AWS API, bypassing the need to import the AWS Service Catalog into CSM.

For more details on the use of Action Blocks in this mApp Solution, see AWS Action Blocks.


Every AWS account has a public (Access Key ID) and private key (Secret Key). Keys are stored in the AWS Account table, with the Secret Key properly encrypted. This key appears as a hashed until decrypted when needed.

For more details on the use of encryption in this mApp Solution, see AWS Key Encryption or Add AWS Access Keys to CSM.


This mApp Solution contains webhooks, which enable the automatic creation of CIs and Incidents for AWS resources.

For more details on the use of webhooks in this mApp Solution, see Configure CSM to Add Incidents for AWS Product Events and Configure CSM to Add AWS Product Configuration Items to your CMDB