good evening good afternoon and good morning myself arsh kumar product management leader at servicenow today i'll talk about a new feature that we have introduced in paris for aws cloud discovery since london we have released series of features to enable aws cloud discovery the major challenge our customer had is that they need to share their master account credentials to servicenow with evolving aws roles and idt platform we are able to enhance our discovery platform to discover resources on aws without any credentials provided by our customer now with the paris we have introduced cross assume role and accessor account features now using cross assume role an accessor account can assume roles in other member accounts to discover resources also customers can configure their mid server to assume role on aws for discovery besides master the member discovery with assume role we support cross art discovery recursive cases member to master discovery member to member discovery all you have to do is to create a custom role and add that custom role to servicenow table now let's get to the demo as you can see i have created this custom role on aws on this particular account ending in 920 and this particular role as access read-only access for these resources and also i have introduced a trust relationship for this particular role in other accounts now as you can see in account ending 6000 i have created a trust relationship for this particular role also i have i have added a trust relationship for this particular user for using this particular role also added a trust relationship for this particular user in this particular account for this particular role now let me go to my servicenow instance on my servicenow instance i have this mid server now i want to give an aws im profile or im profile role to this bit server so that the mid server can assume this particular role for the discovery now i have gone to my configuration parameters of mid server and i've added this particular parameter and i've assigned a value called full access for this particular mid server and this particular bit server is already there on this aw aws ec2 instance and it can assume this particular role for the discovery now also on this particular account on this particular instance i have created one master account and three member accounts and as you can see for this master account which is ending in nine to zero that's where this particular role exists right now i have assigned an accessor account a member accessor account to this particular master and this particular member sorry this particular member is there in the account ending in 6000 and as you know the mid server also there on this particular account on the account ending in six thousand now also since i've created this particular custom role all i have to do is take this particular custom role add that particular role in this particular table cross assume role table and i've already mapped this particular role to the master account now as you can see i have given the mid server which is posted on that particular ec2 instance of aws i have given a full access role to the mid server and also on this particular account which is ending in 920 which is a master account i have created a custom role and i have assigned that particular role to the master account on the service now table now during the discovery what will happen is this aws this mid server on this particular aws account is going to assume the full access role that i have provided here and it's going to do the discovery once it finishes the the this account discovery for this particular account ending in 6000 that's where this particular mid server is it's going to assume this particular role assume this particular account member account that is present and it's gonna do the discovery now as you can see the master account as this particular access accessor account attached now this member account what it's gonna do is it's gonna assume that the cross assume role that you have mentioned here which is aws demo and it's going to do the rest of the discovery that's how the discovery is going to work now let me show you let me set up my discovery schedule and show you how this works now if i do a cloud discovery for aws let me call it as disco aws select an account i've already created an account create a select the master account because you want to discover the master account and select the credentials you don't need to sell the credentials the credentials you don't need to provide the credentials as you know and just this account whether this to see whether the master account um you know is validating well whether the master account is getting validated or not now just give it a moment almost there now let's go to the next step of the the schedule now i want to discover these the um the available data centers um i just want to discover let's say not all i just want to like i just want to discover only two of them east and northeast and click next and so let me select the mid server i have the mid server on the aws that's gonna start the discovery assuming uh i am profile and let me do it right now once right now is 1930 and then finish and run discovery is running it has eight data centers let's see if we find any cloud resources or not it's still running let's give it a moment and you can see there's eight data centers let me look at the ci resources it's too slow still running still loading the categories just give it a moment and if you get advanced to you let's see what we have in the advanced view so if you see this advanced view this discovery and start it's in english probes and see there is a cq you can see the discovery via this particular net server that we selected which we have assigned um i am profile and let's see we see any items it's still running so basically you could start the discovery and if you i i don't think this um accounts have any resources um assigned or created um yeah it's basically uh it's gonna pick up the uh assume roll and it's gonna uh the mid server is gonna pick up the assume roll and the member in the mid server account is gonna pick up the assume role and it's gonna do the cross organization discovery in the master so that's it guys um if you have any questions reach out to arshad vijayakumar servicenow.com thank you