This documentation does not apply to the most recent version of Splunk® App for Infrastructure (Legacy).
For documentation on the most recent version, go to the latest release.
Configure Identity and Access Management (IAM) policy for AWS data collection
If Splunk App for Infrastructure is deployed on an AWS EC2 instance, you can configure an Identity and Access Management (IAM) policy for AWS data collection, which is a more secure option than entering your AWS Key ID and Secret Key information.
The are two options available to configure an IAM policy required for data collection, including:
- EC2 Role: Attach an EC2 role to the AWS EC2 instance -- Splunk App for Infrastructure. Configuring an EC2 Role is the preferred option for organizations that have tight security controls and do not give out access keys.
- IAM AssumeRole: Grant a primary AWS account access to collect data from multiple sub-accounts using AssumeRole API.
Configure an EC2 Role
- Create an IAM policy for your EC2 instance. See Creating Policies on the JSON Tab on the AWS website. Note the following is a policy JSON file, which has the policies you need to attach to your IAM role to allow for AWS data collection on your EC2 instance:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents", "ec2:Describe*", "elasticloadbalancing:Describe*" ], "Resource": [ "*" ] } ] } - Create an IAM Role for your IAM policy. See Creating an IAM Role on the AWS website.
- Attach the IAM Role to the EC2 instance running Splunk App for Infrastructure. See Attaching an IAM Role to an Instance on the AWS website.
- In the Splunk App for Infrastructure user interface, click Verify IAM role attachment to confirm that the IAM role appears as a detected role.
Configure an IAM AssumeRole
- Create an IAM policy for your EC2 instance. See Creating Policies on the JSON Tab on the AWS website. Note the following is a policy JSON file, which has the policies you need to attach to your IAM role to allow for AWS data collection on your EC2 instance:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents", "ec2:Describe*", "elasticloadbalancing:Describe*" ], "Resource": [ "*" ] } ] } - Create an IAM AssumeRole for your IAM policy. See Creating an IAM Role on the AWS website.
- Attach the IAM AssumeRole to the EC2 instance running Splunk App for Infrastructure. See Attaching an IAM Role to an Instance on the AWS website.
- In the Splunk App for Infrastructure user interface, click Verify IAM role attachment to confirm that the IAM role appears as a detected role.
Last modified on 04 January, 2019
| Configure AWS Data Collection for Splunk App for Infrastructure | Configure Windows data collection for Splunk App for Infrastructure |
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.2.0, 1.2.1, 1.2.2, 1.2.3
Download manual
Feedback submitted, thanks!