Splunk® App for Infrastructure

Administer Splunk App for Infrastructure

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of InfraApp. Click here for the latest version.
Acrobat logo Download topic as PDF

Configure Identity and Access Management (IAM) policy for AWS data collection

If Splunk App for Infrastructure is deployed on an AWS EC2 instance, you can configure an Identity and Access Management (IAM) policy for AWS data collection, which is a more secure option than entering your AWS Key ID and Secret Key information.

The are two options available to configure an IAM policy required for data collection, including:

  • EC2 Role: Attach an EC2 role to the AWS EC2 instance -- Splunk App for Infrastructure. Configuring an EC2 Role is the preferred option for organizations that have tight security controls and do not give out access keys.
  • IAM AssumeRole: Grant a primary AWS account access to collect data from multiple sub-accounts using AssumeRole API.

Configure an EC2 Role

  1. Create an IAM policy for your EC2 instance. See Creating Policies on the JSON Tab on the AWS website. Note the following is a policy JSON file, which has the policies you need to attach to your IAM role to allow for AWS data collection on your EC2 instance:
      
      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "cloudwatch:Describe*",
                      "cloudwatch:Get*",
                      "cloudwatch:List*",
                      "logs:DescribeLogGroups",
                      "logs:DescribeLogStreams",
                      "logs:GetLogEvents",
                      "ec2:Describe*",
                      "elasticloadbalancing:Describe*"
                  ],
                  "Resource": [
                      "*"
                  ]
              }
          ]
      }
      
      
  2. Create an IAM Role for your IAM policy. See Creating an IAM Role on the AWS website.
  3. Attach the IAM Role to the EC2 instance running Splunk App for Infrastructure. See Attaching an IAM Role to an Instance on the AWS website.
  4. In the Splunk App for Infrastructure user interface, click Verify IAM role attachment to confirm that the IAM role appears as a detected role.

Configure an IAM AssumeRole

  1. Create an IAM policy for your EC2 instance. See Creating Policies on the JSON Tab on the AWS website. Note the following is a policy JSON file, which has the policies you need to attach to your IAM role to allow for AWS data collection on your EC2 instance:
      
      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Effect": "Allow",
                  "Action": [
                      "cloudwatch:Describe*",
                      "cloudwatch:Get*",
                      "cloudwatch:List*",
                      "logs:DescribeLogGroups",
                      "logs:DescribeLogStreams",
                      "logs:GetLogEvents",
                      "ec2:Describe*",
                      "elasticloadbalancing:Describe*"
                  ],
                  "Resource": [
                      "*"
                  ]
              }
          ]
      }
      
      
  2. Create an  IAM AssumeRole for your IAM policy. See Creating an IAM Role on the AWS website.
  3. Attach the IAM AssumeRole to the EC2 instance running Splunk App for Infrastructure. See Attaching an IAM Role to an Instance on the AWS website.
  4. In the Splunk App for Infrastructure user interface, click Verify IAM role attachment to confirm that the IAM role appears as a detected role.
Last modified on 04 January, 2019
PREVIOUS
Configure AWS Data Collection for Splunk App for Infrastructure
  NEXT
Configure Windows data collection for Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure: 1.2.0, 1.2.1, 1.2.2, 1.2.3


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters