Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Add an AWS Config Rules input for the Splunk App for AWS

Create a Config Rules input to gather compliance results based on the rules you have set in your AWS environment and display them on the Config Rules dashboard, as well as layer on your Topology dashboard.

Prerequisites

Before you can successfully configure an AWS Config Rules input, you need to:

1. Set up the Config Rules for all the regions that you want to track data in the Splunk App for AWS. If you have not already done this, see Configure your AWS services for the Splunk App for AWS in this manual.

Note: This data source is only available in a subset of AWS regions, which does not currently include China or GovCloud. See the AWS documentation for a full list of supported regions: http://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region.

2. Make sure that the account friendly name you use to configure this input corresponds to an AWS Account Access Key ID or EC2 IAM role that has the necessary permissions to gather this data. If you have not already done this, see Configure your AWS permissions for the Splunk App for AWS in this manual.

Add a new AWS Config Rules input

1. In the app, click Configure in the app navigation bar.

2. Under Data Sources, in the AWS Config Rules box, click New input.

3. Select the friendly name of the AWS Account that you want to use to collect AWS Config Rules data. If you have not yet configured the account you need, click Add New Account to configure one now.

4. Select an AWS Region for which you have set up Config Rules.

5. (Recommended) Configure a custom Index to override the default.

6. (Optional) Adjust the Interval for data collection in the Advanced Settings.

Once saved, the input begins collecting data immediately and checks for updates every 300 seconds by default.

Edit or delete a AWS Config Rules input

You can view, edit, or delete your existing AWS Config Rules inputs from the Config Rules Inputs screen.

1. In the app, click Configure in the app navigation bar.

2. Under Data Sources, in the AWS Config Rules box, click the link that tells you how many inputs you currently have configured for AWS Config Rule.

3. The AWS Config Rules Inputs screen displays a list of AWS Config Rules inputs, organized by the name auto-assigned to the input.

4. From here, you can click the names to open the individual inputs to edit them, or delete an input by clicking the trash can icon.

Last modified on 13 May, 2016
Add an AWS Config input for the Splunk App for AWS   Add a CloudTrail input for the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.0.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters