Hardware and software requirements for the Splunk Add-on for AWS
To install and configure the Splunk Add-on for Amazon Web Services (AWS), you must have admin or sc_admin role permissions.
AWS account prerequisites
To set up your AWS configuration to work with your Splunk platform instance, make sure you have the following AWS account privileges:
- A valid AWS account with permissions to configure the AWS services that provide your data.
- Permission to create Identity and Access Management (IAM) roles and users. This lets you set up AWS account IAM roles or Amazon Elastic Compute Cloud (EC2) IAM roles to collect data from your AWS services.
AWS region limitations
The Splunk Add-on for AWS supports all services offered by AWS in each region. To learn which worldwide geographic regions support which AWS services, see the Region Table in the AWS global infrastructure documentation.
In the AWS China region, the add-on supports only the services that AWS supports in that region. For an up-to-date list of what products and services are supported in this region, see https://www.amazonaws.cn/en/products/.
For an up-to-date list of what services and endpoints are supported in AWS GovCloud region, see https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-services.html.
Network configuration requirements
The Splunk Add-on for AWS makes REST API calls using HTTPS on port 443. Data inputs for this add-on use large amounts of memory. See Sizing, performance, and cost considerations for the Splunk Add-on for AWS for more information.
AWS encryption requirements
Amazon Web Services supports the following server-side encryption types:
- Server-side encryption with Amazon S3-managed encryption keys (SSE-S3). For SSE-S3 configurations, the unique key is used for encrypting each object)
- Server-side encryption with AWS Key Management Service (SSE-KMS). SSE-KMS will manage encryption. AWS will manage the master key.
- Server-side encryption with customer-provided encryption keys (SSE-C). KMS service will manage encryption/ The client needs to provide a custom master key.
The Splunk Add-on for AWS supports all server-side encryptions. Client-side encryption is not supported. Server side encryption is handled by AWS. AWS SDK for Python does not support client-side encryption.
Splunk platform requirements
There are no Splunk platform requirements specific to the Splunk Add-on for AWS.
For Splunk Enterprise system requirements, see System requirements for use of Splunk Enterprise on-premises in the Splunk Enterprise Installation Manual.
For information about installation locations and environments, see Install the Splunk Add-on for AWS.
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
Source types for the Splunk Add-on for AWS
Sizing, performance, and cost considerations for the Splunk Add-on for AWS
This documentation applies to the following versions of Splunk® Supported Add-ons: released