Splunk® App for AWS (Legacy)

Installation and Configuration Manual

On July 15, 2022, the Splunk App for AWS will reach its end of life (EOL). After this date, Splunk will no longer maintain or develop this product. Splunk App for AWS is used for both IT monitoring and security use cases because it provides dashboards for both ITOps and security teams. The IT monitoring functionality in Splunk App for AWS is migrating to a content pack in Data Integrations called the Content Pack for Amazon Web Services Dashboards and Reports. The security use case functionality in Splunk App for AWS is migrating to the new Splunk App for AWS Security Dashboards. For more about migration options, see this community post.
This documentation does not apply to the most recent version of Splunk® App for AWS (Legacy). For documentation on the most recent version, go to the latest release.

Add AWS accounts for the Splunk App for AWS

When you open the Splunk App for AWS, the app displays an Overview dashboard. This dashboard had no data in it yet, because you first need to configure your AWS account(s) and enable your data inputs.

Prerequisites

Before you proceed, confirm that you have configured your AWS accounts and services in the AWS Management Console and configured sufficient IAM permissions for at least one account or an EC2 IAM role. If you have not yet completed those steps, go back to the Before You Deploy chapter in this manual for instructions and guidance.

Use this procedure only if you fall into one of these categories:

If you do not fall into these categories, do not use the Configure tab in the app. Instead go to your forwarder and configure your accounts and inputs using the add-on instead.

Discover an EC2 IAM role

If you are running your data collection node of your Splunk platform in your own managed AWS environment, you can set up an IAM role for the EC2 and use that role to configure data collection jobs. The Splunk App for AWS automatically discovers this role once it is set up.

  1. Follow the AWS documentation to set up an IAM role for your EC2: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html.
  2. Ensure that this role has all of the required permissions specified in Configure your AWS permissions for the Splunk App for AWS. If you do not want to give the role all of the permissions required for all inputs, you also need to configure AWS accounts that you can use for the other inputs not covered by the permissions in this role.
  3. Click Splunk App for AWS in your left navigation bar on Splunk Web's home page.
  4. Click Configure in the app navigation bar.
  5. Look for the EC2 IAM role in list of accounts. If you are in your own managed AWS environment and you have an EC2 IAM role configured, it appears in this account list automatically.

No further configuration is required. You can also configure AWS accounts if you want to use both EC2 IAM roles and user accounts to ingest your AWS data.

Add accounts using the Configure tab in the app

  1. Open the Splunk App for AWS.
  2. Click Configure on the app navigation bar. This tab is only visible to Splunk administrators.
  3. On the Configure page, click Add AWS Account.
  4. Enter a Friendly Name to identify the account. Use only alphanumeric characters.
  5. Enter the Access Key ID for the AWS account that you want the app to use to collect data.
  6. Enter the Secret Access Key for the AWS account.
  7. Select the Region Category that matches your AWS account. Most common is Global.
  8. Click Add.

If necessary, you can create multiple accounts, each configured with permissions for all or selected AWS services.

When you have configured at least one account, you can start to configure your data inputs. See Inputs overview for the Splunk App for AWS.

Edit an account

  1. Open the Splunk App for AWS.
  2. Click Configure on the app navigation bar. This tab is only visible to Splunk administrators.
  3. On the Configure page, click the name of an account that you want to edit.
  4. Adjust the AWS Account Access Key ID, AWS Account Secret Access Key, or AWS Account Region Category. You cannot change the Friendly Name.
  5. Click Update.
Last modified on 24 May, 2016
Install the Splunk App for AWS on Splunk Enterprise   Upgrade the Splunk App for AWS

This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.2.0, 4.2.1, 5.0.0, 5.0.1, 5.0.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters