Event-Driven Discovery (AWS) — SNS permissions & ServiceNow rolesSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Purpose Explain exactly what access is needed in AWS SNS/IAM and ServiceNow to wire AWS Config → SNS → ServiceNow Cloud Events API for Event-Driven Discovery. Scope & Audience Cloud, and ServiceNow admins enabling AWS event ingestion (no troubleshooting here—just the required access and the endpoint format). Requirements AWS (SNS/IAM) — least-privilege actions - Ensure that an AWS role is available that can access the following services and resources: - SNS - AWS Config service - Resource types for which you want to track the configuration change ServiceNow — roles & endpoint - discovery_admin - sn_cmp.cloud_event_integration: The access credentials of a ServiceNow user with the sn_cmp.cloud_event_integration role is required to subscribe the instance to the SNS notifications. - HTTPS subscription endpoint format: https://<user>:<password>@<instance>/api/now/cloud_event - Password rule: avoid @ and # (they break basic-auth URLs). Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Configure the AWS Config service to send event notifications to the ServiceNow instance