ServiceNow Service Graph Connector for Terraform
Integration version: v1.0.1
Use the Service Graph Connector for Terraform to securely import Terraform Cloud resources into your ServiceNow instance. The ServiceNow Service Graph for Terraform is a certified scoped application available in the ServiceNow Store.
The integration is based on the Service Graph Connector technology that provides a framework for discovering and mapping relationships between the organization's infrastructure and the ServiceNow Configuration Items (CIs), and then automatically updating the ServiceNow CMDB (Configuration Management Database) with this information. This enables platform teams to gain a comprehensive view of the resources they support. The CMDB is a central repository within the ServiceNow platform, which provides a single source of truth for your infrastructure and offers configurable dashboards for monitoring and reporting.
- Enhanced visibility: The Service Graph Connector for Terraform updates the CMDB dashboards with resources deployed in Terraform Cloud.
- Improved efficiency: By connecting Terraform to the ServiceNow CMDB, platform teams can manage and search Terraform-provisioned resources in the CMDB alongside the rest of the company's infrastructure.
- Consistent management: Terraform state file changes get automatically and securely updated in the ServiceNow CMDB, capturing status changes for all technical resources in a timely manner.
- Extensibility: ServiceNow admins can customize mappings for additional resource types, potentially working with HashiCorp’s entire Terraform ecosystem made up of thousands of providers.
The diagram below shows how the Service Graph Connector for Terraform connects Terraform Cloud to your ServiceNow instance.
The Service Graph Connector for Terraform integrates with Terraform Cloud to fetch up-to-date information about your deployments. It leverages the Terraform state as the primary data source. The application doesn't make any requests to your cloud provider or require you to share any cloud credentials.
The integration offers two methods of importing your Terraform resources into CMDB. You can configure the application to periodically pull all your resources in one batch. Alternatively, you can set up webhooks in your Terraform workspaces, which will notify your ServiceNow instance about new deployments.
The Service Graph Connector for Terraform can be scheduled to periodically poll Terraform Cloud. Depending on the size of your infrastructure and how frequently the state of your resources needs to be refreshed in CMDB, the polling schedule can be set anywhere from once a week to every second. This option is not recommended for big environments with thousands of Terraform workspaces as the import job will take several hours to complete.
The scheduled job makes a request to your Terraform Cloud to obtain all organizations that the Terraform Cloud API token provided to the application has access to. It will attempt to import all relevant resources from all workspaces within each of those organizations. The processing time depends of the number of organizations and workspaces in your Terraform Cloud. Configuring the import job to run frequently is not recommended for big environments.
To access the scheduler, search for Service Graph Connector for Terraform in the top navigation menu and select SG-Import Schedule. You can change the polling settings and view all previous import sets pulled into your ServiceNow instance using this method.
You can configure webhook notifications for all relevant workspaces in your Terraform Cloud organization. Webhooks offer an event-based approach to importing your resources. The import is triggered as soon as a Terraform run is successfully completed in the Terraform Cloud.
Webhook POST requests are sent to an API endpoint exposed by the Service Graph Connector for Terraform in your ServiceNow instance. Each webhook request includes an HMAC token, and the endpoint validates the signature using the secret you provide. Learn more about Terraform Cloud notification authenticity.
Internally, the application uses a scheduled job as a helper to keep track of the incoming webhook requests. To activate, configure, and view the history of all webhook imports, navigate to Scheduled Imports and select SG-Terraform Scheduled Process State. By default, the job is set to run every minute.
Tip: Both import options may be enabled, or you may choose to configure only the webhooks or the scheduled import.
The setup page provides configuration details for both import modes.
After the application successfully imports the resources, they are temporarily stored in a staging database table. The import set records are then transferred to the ETL (Extract, Transform, Load) pipeline. Search for IntegrationHub ETL in the top navigation menu to view and edit the default ETL rules of the Service Graph Connector for Terraform. The application's ETL Transform Map is called SG-Terraform.
To deactivate resources that you do not want imported into the CMDB, navigate to the Select CMDB Classes to Map Source Data section of the application's ETL record, and toggle the switch on the resource mapping record to deactivate it.
Tip: Run an import before you open the ETL map as the interface requires at least one import set stored in the memory to be able to display the rules.
The Service Graph Connector for Terraform supports selected resources from the following cloud providers:
- Microsoft Azure
- Google Cloud
- VMware vSphere
The resource mapping documentation contains tables detailing the mapping of objects and attributes between Terraform Cloud and ServiceNow CMDB.
After the destroy operation is completed in Terraform Cloud and the application's import job is finished in your ServiceNow instance, the Operational Status field of all resources in the CMDB removed from the Terraform state during the deletion process will be updated to Non-Operational.
Refer to the setup page for information on how to configure the integration in your ServiceNow instance.