ServiceNow Service Graph Connector for Terraform

Use the Service Graph Connector for Terraform to securely import HCP Terraform resources into your ServiceNow instance. The ServiceNow Service Graph for Terraform is a certified scoped application available in the ServiceNow Store.

The integration is based on the Service Graph Connector technology that provides a framework for discovering and mapping relationships between the organization's infrastructure and the ServiceNow Configuration Items (CIs), and then automatically updating the ServiceNow CMDB (Configuration Management Database) with this information. This enables platform teams to gain a comprehensive view of the resources they support. The CMDB is a central repository within the ServiceNow platform, which provides a single source of truth for your infrastructure and offers configurable dashboards for monitoring and reporting.

Key benefits

• Enhanced visibility: The Service Graph Connector for Terraform updates the CMDB dashboards with resources deployed in HCP Terraform.
• Improved efficiency: By connecting Terraform to the ServiceNow CMDB, platform teams can manage and search Terraform-provisioned resources in the CMDB alongside the rest of the company's infrastructure.
• Consistent management: Terraform state file changes get automatically and securely updated in the ServiceNow CMDB, capturing status changes for all technical resources in a timely manner.
• Extensibility: ServiceNow admins can customize mappings for additional resource types, potentially working with HashiCorp’s entire Terraform ecosystem made up of thousands of providers.

Technical design

The diagram below shows how the Service Graph Connector for Terraform connects HCP Terraform to your ServiceNow instance.

The Service Graph Connector for Terraform integrates with HCP Terraform to fetch up-to-date information about your deployments. It leverages the Terraform state as the primary data source. The application doesn't make any requests to your cloud provider or require you to share any cloud credentials.

Import methods

The integration offers two methods of importing your Terraform resources into CMDB. You can configure the application to periodically pull all your resources in one batch. Alternatively, you can set up webhooks in your Terraform workspaces, which will notify your ServiceNow instance about new deployments.

Scheduled polling

The Service Graph Connector for Terraform can be scheduled to periodically poll HCP Terraform. Depending on the size of your infrastructure and how frequently the state of your resources needs to be refreshed in CMDB, the polling schedule can be set anywhere from once a week to every second. This option is not recommended for big environments with thousands of Terraform workspaces as the import job will take several hours to complete.

The scheduled job makes a request to HCP Terraform to obtain all organizations that the HCP Terraform API token provided to the application has access to. It will attempt to import all relevant resources from all workspaces within each of those organizations. The processing time depends of the number of organizations and workspaces in HCP Terraform. Configuring the import job to run frequently is not recommended for big environments.

To access the scheduler, search for Service Graph Connector for Terraform in the top navigation menu and select SG-Import Schedule. You can change the polling settings and view all previous import sets pulled into your ServiceNow instance using this method.

HCP Terraform Webhook Notifications

You can configure webhook notifications for all relevant workspaces in HCP Terraform organization. Webhooks offer an event-based approach to importing your resources. The import is triggered as soon as a Terraform run is successfully completed in HCP Terraform.

Webhook POST requests are sent to an API endpoint exposed by the Service Graph Connector for Terraform in your ServiceNow instance. Each webhook request includes an HMAC token, and the endpoint validates the signature using the secret you provide. Learn more about HCP Terraform notification authenticity.

Internally, the application uses a scheduled job as a helper to keep track of the incoming webhook requests. To activate, configure, and view the history of all webhook imports, navigate to Scheduled Imports and select SG-Terraform Scheduled Process State. By default, the job is set to run every minute.

The setup page provides configuration details for both import modes.

ETL (Extract, Transform, Load)

After the application successfully imports the resources, they are temporarily stored in a staging database table. The import set records are then transferred to the ETL (Extract, Transform, Load) pipeline. Search for IntegrationHub ETL in the top navigation menu to view and edit the default ETL rules of the Service Graph Connector for Terraform. The application's ETL Transform Map is called SG-Terraform.

To deactivate resources that you do not want imported into the CMDB, navigate to the Select CMDB Classes to Map Source Data section of the application's ETL record, and toggle the switch on the resource mapping record to deactivate it.

Supported resources

The Service Graph Connector for Terraform supports selected resources from the following cloud providers:

• AWS
• Microsoft Azure
• Google Cloud
• VMware vSphere

The resource mapping documentation contains tables detailing the mapping of objects and attributes between HCP Terraform and ServiceNow CMDB.

Destroyed resources

After the destroy operation is completed in HCP Terraform and the application's import job is finished in your ServiceNow instance, the Operational Status field of all resources in the CMDB removed from the Terraform state during the deletion process will be updated to Non-Operational.

Get started

Refer to the setup page for information on how to configure the integration in your ServiceNow instance.