Discovery - Assume Role enhancements for AWS OrganizationsSummaryServicenow Supports Discovery of Cloud Resources for a Member Account without requiring Member Account credentials.We use an Amazon AWS API Called Security Token Service (STS) called 'AssumeRole' to accomplish this.In New York, we are exposing the full set of parameters to this API in a table so that customers can customize if they wish.Whenever temporary credentials are required for the member account, customers can now customize the 'Access Role'.By default, it is 'OrganizationAccountAccessRole'The main Account assumes this role when acquiring credentials for the Member account.The user can provide a custom role if they don't want to use the "OrganizationAccountAccessRole" role. The custom role should be configured properly with all the appropriate permission(s) in the AWS consoleThe steps to add that custom role in the ServiceNow Instance, are mentioned in Configure a custom AWS member role, follow up and do the sameFor Advanced member role configuration: Create records in the Cloud Management AWS Org Assume Role Parameters module that specify the roles and restrictions that apply.Navigate to Cloud Management Organization Access ParametersAWS Org Assume Role ParametersClick New and then complete the form using the parametersHere is an example of the configuration. Please note the configuration needs to match the 'AccessRole' created at AWS. If you still encounter the issue with using the custom role then please check on the AWS Console that whether the IAM roles are properly configured for those member accounts against that custom role.ReleaseNewYorkRelated LinksUseful docs: AWS cloud discovery of member account resources using dynamically acquired credentialsTroubleshooting AWS Cloud Discovery Best PracticesCreate an assume role configurationCreating AssumeRole on AWS Console for AWS Management/Member Discovery