Splunk® App for Infrastructure

Administer Splunk App for Infrastructure

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure Identity and Access Management (IAM) policy for AWS data collection

If the Splunk App for Infrastructure (SAI) is deployed on an AWS EC2 instance, you can configure an Identity and Access Management (IAM) policy for AWS data collection, which is a more secure option than entering your AWS Key ID and Secret Key information.

To set up IAM permissions for AWS data collection, you must perform the following steps:

  • Create an IAM policy. An IAM policy defines the permissions for an IAM identity or AWS resource.
  • Create an IAM role. An IAM role is an IAM identity with permissions that you define using an IAM policy.

Configure an IAM policy

Create an identity-based policy that delegates access to cost, usage, and storage information about the AWS services you are using. For more information about creating a policy with the JSON tab, see Creating Policies on the JSON Tab on the AWS website.

  1. Log in to the AWS Management Console at https://aws.amazon.com.
  2. From the Identity and Access Management Dashboard, create a new policy.
  3. In the policy creation window, select the JSON tab and paste this policy:
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "",
                "Effect": "Allow",
                "Action": [
                    "elasticloadbalancing:Describe*",
                    "ec2:Get*",
                    "ec2:Describe*",
                    "s3:Get*",
                    "s3:List*",
                    "ce:*",
                    "config:Get*",
                    "config:Describe*"
                ],
                "Resource": "*"
            }
        ]
    }
    

Configure an IAM role

Create a role that delegates access of ELB, EBS, and EC2 data and CloudWatch logs to SAI. When you create the IAM role, attach the IAM policy that enables you to send data to SAI to the IAM role.

  1. Log in to the AWS Management Console at https://aws.amazon.com.
  2. From the Identity and Access Management Dashboard, create a new role.
    1. For Select type of trusted entity, select AWS service.
    2. For Choose the service that will use this role, select EC2.
  3. Add the policy that delegates access of ELB, EBS, and EC2 data and CloudWatch logs from your AWS account to the role.
  4. Attach the IAM role to the EC2 instance running SAI. For more information, see Attaching an IAM Role to an Instance on the AWS website.
Last modified on 26 August, 2020
PREVIOUS
Configure AWS data collection for Splunk App for Infrastructure
  NEXT
Send collectd data to a local universal forwarder

This documentation applies to the following versions of Splunk® App for Infrastructure: 1.3.0, 1.3.1, 1.4.0, 1.4.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1 Cloud only, 2.2.0 Cloud only, 2.2.1, 2.2.2, 2.2.3 Cloud only


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters