Splunk® App for Infrastructure

Administer Splunk App for Infrastructure

Download manual as PDF

Download topic as PDF

Configure Identity and Access Management (IAM) policy for AWS data collection

If the Splunk App for Infrastructure (SAI) is deployed on an AWS EC2 instance, you can configure an Identity and Access Management (IAM) policy for AWS data collection, which is a more secure option than entering your AWS Key ID and Secret Key information.

To set up IAM permissions for AWS data collection, you must complete the following two steps:

  • Create an IAM policy. An IAM policy defines the permissions for an IAM identity or AWS resource. For more information, see Configure an IAM policy.
  • Create an IAM role. An IAM role is an IAM identity with permissions that you define using an IAM policy. For more information, see Configure an IAM role.

Configure an IAM policy

Create an identity-based policy that delegates access to cost, usage, and storage information about the AWS services you are using. For more information about creating a policy with the JSON tab, see Creating Policies on the JSON Tab on the AWS website.

  1. Log in to the AWS Management Console at https://aws.amazon.com.
  2. From the Identity and Access Management Dashboard, create a new policy.
  3. In the policy creation window, select the JSON tab and paste this policy:
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "",
                "Effect": "Allow",
                "Action": [
                    "elasticloadbalancing:Describe*",
                    "ec2:Get*",
                    "ec2:Describe*",
                    "s3:Get*",
                    "s3:List*",
                    "ce:*",
                    "config:Get*",
                    "config:Describe*"
                ],
                "Resource": "*"
            }
        ]
    }
    

Configure an IAM role

Create a role that delegates access of ELB, EBS, and EC2 data and CloudWatch logs to SAI. When you create the IAM role, attach the IAM policy that enables you to send data to SAI to the IAM role.

  1. Log in to the AWS Management Console at https://aws.amazon.com.
  2. From the Identity and Access Management Dashboard, create a new role.
    1. For Select type of trusted entity, select AWS service.
    2. For Choose the service that will use this role, select EC2.
  3. Add the policy that delegates access of ELB, EBS, and EC2 data and CloudWatch logs from your AWS account to the role.
  4. Attach the IAM role to the EC2 instance running SAI. For more information, see Attaching an IAM Role to an Instance on the AWS website.
PREVIOUS
Configure AWS data collection for Splunk App for Infrastructure
  NEXT
Send collectd data to a local universal forwarder

This documentation applies to the following versions of Splunk® App for Infrastructure: 1.3.0, 1.3.1, 1.4.0, 1.4.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters