AWS Cloud Discovery Is Not Discovering Virtual Machines - Support and Troubleshooting

AWS Cloud Discovery Is Not Discovering Virtual Machines .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; } :root { /* ── ServiceNow Brand Colors ── */ --infinite-blue: #032D42; --wasabi-green: #63DF4E; --bright-blue: #52B8FF; --bright-indigo: #7661FF; --bright-purple: #BF71F2; /* ── Derived tokens ── */ --header-bg: var(--infinite-blue); --accent: var(--wasabi-green); --accent-light: #e8fce4; --border: #d0dbe0; --text-primary: #0d1f2b; --text-secondary: #3d5a6a; --bg-page: #f2f5f7; --bg-card: #ffffff; --warn-bg: #fff4e0; --warn-border: #e6a817; --note-bg: #e6f4ff; --note-border: var(--bright-blue); --tag-bg: #e8fce4; --tag-color: #032D42; --radius: 6px; } body { font-family: 'Lato', sans-serif; font-size: 15px; line-height: 1.7; color: var(--text-primary); padding: 0; margin: 0; } .kb-wrapper { max-width: 100%; } /* ── Body card ── */ .kb-body { padding: 0; } /* ── Sections ── */ .section { margin-bottom: 34px; } .section:last-child { margin-bottom: 0; } h2.section-title { font-size: 16px; font-weight: 900; color: var(--infinite-blue); margin-bottom: 14px; padding-bottom: 8px; border-bottom: 2px solid var(--accent-light); } /* ── Text ── */ p { margin-bottom: 12px; color: var(--text-primary); } p:last-child { margin-bottom: 0; } ul, ol { padding-left: 22px; margin-bottom: 12px; } li { margin-bottom: 6px; } li:last-child { margin-bottom: 0; } /* ── Inline code ── */ code { font-family: 'Courier New', Courier, monospace; font-size: 13px; background: #e6f0f5; color: #032D42; padding: 1px 6px; border-radius: 3px; border: 1px solid #b8cfd8; } /* ── Callout boxes ── */ .callout { border-left: 4px solid var(--note-border); background: var(--note-bg); border-radius: 0 var(--radius) var(--radius) 0; padding: 13px 16px; margin: 16px 0; font-size: 14px; } .callout.warn { border-left-color: var(--warn-border); background: var(--warn-bg); } .callout strong { display: block; margin-bottom: 4px; font-weight: 700; } /* ── Ordered steps ── */ .steps-list { list-style: none; padding-left: 0; counter-reset: steps; } .steps-list li { counter-increment: steps; display: flex; gap: 14px; align-items: flex-start; margin-bottom: 14px; } .steps-list li::before { content: counter(steps); flex-shrink: 0; width: 26px; height: 26px; background: var(--infinite-blue); color: var(--wasabi-green); border-radius: 50%; font-size: 12px; font-weight: 900; display: flex; align-items: center; justify-content: center; margin-top: 2px; } /* ── Related chips ── */ .related-list { list-style: none; padding-left: 0; display: flex; flex-direction: column; gap: 8px; } .related-list li { background: var(--tag-bg); border: 1px solid #a8dfa0; border-radius: var(--radius); padding: 10px 14px; margin-bottom: 0; } .related-list li a { color: var(--infinite-blue); text-decoration: none; font-size: 13.5px; font-weight: 700; } .related-list li a:hover { text-decoration: underline; color: #0057a8; } /* ── Footer ── */ .kb-footer { margin-top: 20px; font-size: 12px; color: #6a8a9a; text-align: center; line-height: 1.6; } /* ── Divider ── */ hr.section-divider { border: none; border-top: 1px solid var(--border); margin: 30px 0; }

Issue AWS Cloud Discovery completes without errors but does not return any Virtual Machine (VM) CIs for a specific AWS region, even though VMs are confirmed to exist in that region.

Symptoms VMs in a specific AWS region are confirmed to exist via the AWS CLI. Discovery Logs contain an INFO level message for the Amazon AWS – Virtual Server (LP) pattern stating that no VMs were found in the region. In the pattern's Discovery logs, Step 3.1 Get Instances (where the EC2 DescribeInstances API call is made) shows no errors — the request is successful and a requestId is present in the response. Despite the successful API response, no instance data is returned — the response body contains only the requestId with no VM records. Facts VM CIs are discovered by the Amazon AWS – Virtual Server (LP) Discovery Pattern. The pattern calls the AWS EC2 API's DescribeInstances action to retrieve VMs for the region being discovered. A successful HTTP response with a requestId but no instance data indicates the AWS API processed the request without error — the empty result originates from the AWS side, not from ServiceNow. The requestId in an AWS EC2 API response is a unique identifier used to trace the request within AWS systems for troubleshooting and debugging purposes. Cause Successful GET REST calls to the AWS EC2 API are returning empty responses — no VM data is included in the DescribeInstances response from AWS. Because the API call itself succeeds (HTTP 200, valid requestId ), the issue does not originate within ServiceNow or the Discovery pattern. The root cause lies within the AWS environment and must be investigated on the AWS side.

Note Common AWS-side causes include IAM permission restrictions on the credentials used by ServiceNow, region-level resource filters or SCPs (Service Control Policies), or account-level restrictions applied by the AWS organization. Only AWS Support or your AWS Cloud Admins can confirm the specific cause. Solution This issue must be investigated on the AWS side by your AWS Cloud Admins or by logging a case with AWS Support. ServiceNow is correctly invoking the EC2 API — the empty response is returned by AWS.

Using the requestId for Investigation

Retrieve the requestId from the EC2 API response logged in Step 3.1 of the Discovery pattern logs. This ID uniquely identifies the API call within AWS systems and can be leveraged in two ways:

AWS CloudTrail — Search CloudTrail logs for the requestId to find the associated event details and identify any filters, denials, or policy restrictions applied to the call. AWS Support case — Provide the requestId when opening a support case. AWS Support can use it to trace the request through internal AWS systems and identify the cause of the empty response. How to Locate the requestId Navigate to the Discovery pattern logs for the relevant Discovery run. Open Step 3.1 Get Instances and locate the EC2 DescribeInstances response entry. The requestId is included in the response body of the successful but empty API call. Recommended Steps

Confirm VMs exist in the target region. Verify via AWS CLI or the AWS Console that instances are present and running in the region being discovered by ServiceNow. Retrieve the requestId from Discovery logs. Open the pattern's Discovery logs for the affected run and copy the requestId from the Step 3.1 Get Instances response. Search AWS CloudTrail for the requestId . Use CloudTrail to identify the event associated with the DescribeInstances call and review for any applied filters, SCPs, or IAM policy denials. Engage your AWS Cloud Admins. Share the requestId and Discovery log details with your AWS team. Ask them to review IAM permissions for the ServiceNow credentials, region-level filters, and any organizational policies that may be restricting the response.

The Cloud discovery spreadsheet linked below can be used to verify REST API permissions.

https://downloads.docs.servicenow.com/resource/enus/api/servicenow-discovery-patterns-api-details.xlsx Log a case with AWS Support if needed. If internal investigation does not identify the cause, open an AWS Support case and provide the requestId , the affected region, and the API action ( DescribeInstances ) to expedite triage. Related Links ServiceNow Documentation on Discovery for AWS ServiceNow Documentation on AWS Discovery using Patterns AWS Documentation on Working with CloudTrail event history AWS Documentation on Amazon EC2 API Reference for DescribeInstances Amazon Web Services (AWS)