Configuring ServiceNow connections
The grant type determines how Amazon Glue communicates with ServiceNow to request access to your data. Your choice affects the requirements that you must meet before you create the connection. ServiceNow supports only the AUTHORIZATION_CODE grant type for OAuth 2.0.
This grant type is considered "three-legged" OAuth as it relies on redirecting users to a third-party authorization server to authenticate the user. It is used when creating connections via the Amazon Glue console. The Amazon Glue console will redirect the user to ServiceNow where the user must login and allow Amazon Glue the requested permissions to access their ServiceNow instance.
Users may still opt to create their own connected app in ServiceNow and provide their own client id and client secret when creating connections through the Amazon Glue console. In this scenario, they will still be redirected to ServiceNow to login and authorize Amazon Glue to access their resources.
This grant type results in a refresh token and access token. The access token is short lived, and may be refreshed automatically without user interaction using the refresh token.
For public ServiceNow documentation on creating a connected app for Authorization Code OAuth flow, see Set up OAuth
.
To configure a ServiceNow connection:
In Amazon Secrets Manager, create a secret with the following details:
For basic authentication, the Secret should contain the connected app Consumer Secret with
USERNAME
andPASSWORD
as key.For an authorization code grant type, the Secret should contain the connected app Consumer Secret with
USER_MANAGED_CLIENT_APPLICATION_CLIENT_SECRET
as key.Note: You must create a secret per connection in Amazon Glue.
In the Amazon Glue Data Catalog, create a connection by following the steps below:
When selecting a Connection type, select ServiceNow.
Provide the INSTANCE_URL of the ServiceNow instance you want to connect to.
Select the Amazon IAM role which Amazon Glue can assume and has permissions for following actions:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterface", "ec2:DeleteNetworkInterface", ], "Resource": "*" } ] }
Select the Authentication Type you want to use for this connection in Amazon Glue.
Basic Auth: this auth type works well for automation scenarios as it allows to use username and password up front with the permissions of a particular user in the ServiceNow instance. Amazon Glue is able to use the username and password to authenticate ServiceNow APIs. Enter the following inputs only in case of Basic Auth:
Username
andPassword
.OAuth2: enter the following inputs only in case of OAuth2:
ClientId
,ClientSecret
,Authorization URL
,Authorization Token URL
.
Select the
secretName
which you want to use for this connection in Amazon Glue to put the tokens.Select the network options if you want to use your network.
Grant the IAM role associated with your Amazon Glue job permission to read
secretName
.In your Amazon Glue job configuration, provide
connectionName
as an Additional network connection.