AWS Cloud Financial Management
Integrate AWS Cost Anomaly Detection Notifications with IT Service Management Workflow – Part 2 ServiceNow
In part one of this blog series, we shared instructions on how you can integrate AWS Cost Anomaly Detection (CAD) notification with Atlassian Jira Service Management (read blog). In part two of the blog series, we will shed light on the integration of CAD with ServiceNow IT Service Management.
ServiceNow IT Service Management offers a widely used, cloud-based ITSM platform designed to improve IT services’ flexibility and agility. You can consolidate your legacy on-premise systems and IT tools into a single data model to transform the IT services experience, automate workflows, gain near real-time visibility, and improve IT productivity.
By leveraging automation, you can invoke advanced yet flexible, high-velocity ITSM workflows in ServiceNow ITSM to create incident records. You can further customize these workflows to add context, assign ownership and drive issues to timely resolution. This also benefits you by eliminating any potential scope for human errors and reducing administrative overhead. You remain in sync with your organization’s defined mechanisms to document and track the end-to-end flow.
AWS Cost Anomaly Detection uses advanced Machine Learning to identify anomalous spends and generate timely alerts, empowering the customers to act swiftly. Organizations following the ITSM framework need duly assigned incident tickets to assign ownership, and record, track and manage the efforts to address the anomaly.
This post explains how you can integrate the AWS Cost Anomaly notifications with ServiceNow ITSM’s built-in abilities to automate incident management workflow.
Architecture Overview
The following architecture diagram illustrates the use of AWS Lambda to retrieve the cost anomaly alerts and trigger a REST API endpoint using ServiceNow Scripted REST API in ServiceNow ITSM. When a cost anomaly is detected by AWS, the cost monitor generates an alert notification and publishes it to an Amazon Simple Notification Service (SNS) Topic. The SNS Topic has a subscription for Lambda function which retrieves the message and in turn, triggers a Scripted REST API endpoint in ServiceNow, also supplying the notification message. Optionally, you can create an SNS Topic subscription to send email/SMS notifications to cloud admins. The REST API triggers the automation workflow to create a new incident management record in ServiceNow ITSM, parses the JSON notification message and populates the defined fields therein.
Prerequisites
- AWS Cost Anomaly Detection is a feature within AWS Billing and Cost Management Console. To access AWS Cost Anomaly Detection, enable AWS Cost Explorer. For instructions on how to enable AWS Cost Explorer using the console, see Enabling AWS Cost Explorer.
- Configure AWS Cost Anomaly Detection so that it detects anomalies at a lower granularity and spend patterns, in context to your monitor type. Creating your cost monitors
- Create an AWS Simple Notification Service (SNS) Topic with the required permissions for the cost anomaly to publish the alert notifications to. Creating an Amazon SNS topic for anomaly notifications
- Signup and setup the ServiceNow developer program instance. ServiceNow Developer getting started guide
Implementation Steps
Step 1: Configure the Scripted REST API in ServiceNow ITSM
- Launch your custom ServiceNow developer instance URL (https://devxxxxx.service-now.com/) and login with the admin user role
- In the search box on the left-hand side, search for “Scripted REST APIs”. Under System Web Services choose Scripted REST APIs
- Choose New on the right top corner of the page to create a new REST API
- Provide a Name and API ID of your choice for the new API and choose Submit
- Back on the Scripted REST APIs page, search and choose the API that you created in the previous step
- Under the Resources tab, choose New
- Provide a Name for this new Scripted REST Resource and under HTTP method choose POST from the dropdown list
- On the same page, under the section for Script, use this JavaScript code to parse the notification data from the AWS Lambda function and trigger the incident management workflow
- Under the Security tab, clear the checkbox that says Requires authentication and choose Submit. Refer Scripted REST API access controls and CORS rules to implement additional access control mechanisms
- From the Scripted REST API page, notice the Base API path for your newly created REST API service
- Go to the REST API Explorer page and choose your API Namespace
- You can find the REST API endpoint URL against the name of the scripted REST resource (In this example: https://devxxxxxx.service-now.com/api/1230129/aws_cost_anomaly_incidents)
Step 2: Launch the AWS CloudFormation Template
Download and launch this AWS CloudFormation template to deploy an AWS Lambda function, Amazon CloudWatch Logs group, and add Lambda subscription to the SNS Topic. We can use this CloudFormation template for integration with Jira Service Management as well which is explained in part one of this blogpost.
Note: Anomaly notification published to the SNS Topic, followed by the Lambda function trigger can incur costs. To learn more about pricing refer: AWS Lambda pricing; Amazon SNS pricing; AWS Pricing Calculator
- Sign in to the AWS Management Console and navigate to the AWS CloudFormation console
- Choose Create Stack > “With new resources” and specify a “Stack name”
- Under “Parameters” provide the REST API Endpoint URL you had created in Step 1, the SnsTopicArn for your SNS Topic (created as part of pre-requisites) and choose Next
- Leave the “Configure stack options” at default values, add tags as needed and choose Next
- Review the details on the final screen and under “Capabilities” check the box for “I acknowledge that AWS CloudFormation might create IAM resources with custom names”
- Choose Submit
Note: You can review the progress of your new stack under AWS CloudFormation > Stacks > [StackName] > Events tab
Once the Stack is created successfully, you will see the following resources deployed:
AWS Lambda function, Amazon CloudWatch Log group, SNS Subscription for the Lambda function under your SNS Topic and the corresponding AWS IAM Roles and Policies.
Step 3: Test your Scripted REST API code using a sample JSON
- Sign in to the Amazon SNS console
- In the left navigation pane, choose Topics
- Choose the SNS topic you had created as the pre-requisite, and then choose Publish message
- In the Message body section, copy this test JSON and choose Publish message
- On successfully publishing the message to the SNS topic, the Lambda function triggers the REST API endpoint URL in ServiceNow developer instance, which executes the JavaScript code to initiate the workflow Note: You can verify the Lambda execution using CloudWatch metrics under the “Monitor” tab
- The code parses the JSON format notification data, retrieves the values for the defined variables and creates the new incident management record in ServiceNow Service Management
- When the actual cost anomaly alert notification is generated, the REST API script creates the new incident record with the values and details from the cost anomaly notification fields
Clean up
You will continue to incur cost until you clean up the infrastructure that you created for this post:
- Delete AWS CloudFormation Stack
- Delete Amazon SNS Topic
- Delete the Scripted REST APIs you created for this demo
- Delete the incident records that were created
Conclusion
In this part of the blog post, we discussed how you can integrate the AWS Cost Anomaly notifications with ITSM platform provided by ServiceNow ITSM to automate the creation of incident records with the help of Scripted REST APIs in ServiceNow. This empowers you with an efficient mechanism to automate the end-to-end flow of work to identify, document and track issues related to anomalous spends in your AWS account and make swift decisions. To get started and learn more, visit Getting started with AWS Cost Anomaly Detection and ServiceNow Developer getting started guide.
As an option, you can also add subscriptions for other protocols like Email, SMS, HTTPS etc. to your SNS Topic to get notifications and/or trigger additional workflows. For example, you can integrate the solution to visualize the cost anomaly data using Amazon Managed Grafana. Alternatively, in order to have an organizational view for the cost anomaly data in Amazon QuickSight, you can deploy the Cost Anomaly Dashboard.
Refer part one of this blog post to know about integrating AWS Cost Anomaly notifications with Jira service management to trigger automation workflows using incoming webhook URLs.