Docs » Connect to your cloud service provider » Connect AWS to Splunk Observability Cloud

Connect AWS to Splunk Observability Cloud 🔗

You have several data ingestion and connection methods when it comes to monitoring your Amazon Web Services (AWS) data in Splunk Observability Cloud.


If you want to send AWS data to the Splunk platform, use the Splunk add-on. Learn more at Splunk Add-on for AWS .

Before you start, see AWS authentication, permissions, and supported regions, and check the Supported AWS integrations in Splunk Observability Cloud.

Available options to connect with AWS

See a comparison of the connection options at Compare AWS connection options, and choose the connection method that best matches your needs:

Connection option

Available at

Polling (default)

Use either the Splunk Observability Cloud UI guided setup or the Splunk Observability Cloud API.

Streaming (Splunk-managed)

Use either the Splunk Observability Cloud UI guided setup or the Splunk Observability Cloud API.

Streaming (AWS-managed)

Connect and manage Metric Streams from the AWS console.

Managing your infrastructure as code (Splunk Terraform)

If you already manage your infrastructure as code, continue deploying through Splunk Terraform.


If you can’t connect AWS to Splunk Observability Cloud, see Troubleshoot your AWS connection.

Constraints and limitations for data polling

There are constraints to consider in terms of high data volume and filtering.

High data volume warning

After you create an AWS integration, if it retrieves more than 100,000 metrics from CloudWatch, Splunk Observability Cloud automatically deactivates the integration and sends you a warning email.

This check runs once per integration. If you activate the integration afterwards, it will work correctly.

You can deactivate this check by setting the enableCheckLargeVolume field in the AWS integration to false using the API. See the API reference guide in the Splunk Observability developer docs.

Tag filtering

If you filter data based on tags, your costs for Amazon CloudWatch and Splunk Infrastructure Monitoring might decrease.

Be careful when choosing tag names. Splunk Observability Cloud allows only alphanumeric characters, and the underscore ( _ ) and minus ( - ) symbols. Spaces are replaced by the underscore character.

These characters are unsupported:

  • periods ( . )

  • colons ( : )

  • forward slashes ( / )

  • equal signs ( = )

  • plus signs ( + )

  • at symbols ( @ )

Constraints and limitations for streaming

CloudWatch Metric Streams supports filtering by namespace and metric name but doesn’t support filtering based on resource tags.

Data availability


Splunk is not responsible for data availability, and it can take up to several minutes or longer, depending on your configuration, from the time you connect until you start seeing valid data from your account.

By default, Splunk Observability Cloud brings in data from all supported AWS services associated with your account. See Supported integrations in Splunk Observability Cloud.

To limit the amount of data to import, see Specify and limit the data and metadata to import.

Data collection interval and costs

In most cases, metrics are reported every minute. However, some services use a different cadence. For example, selected S3 metrics are reported on a daily basis. Check the AWS documentation to verify how often your services’ metrics are reported.

Collecting Amazon CloudWatch metrics through the polling APIs at the default polling rate of 300 seconds (5 minutes) is usually cheaper than using Metric Streams. On the other hand, if you set polling intervals to 1 minute, generally you see an increase in Amazon CloudWatch usage costs compared to Metric Streams.

Learn more at Costs for AWS monitoring.

Install the Splunk Distribution of OpenTelemetry Collector

To take advantage of the full benefits of the Splunk Observability Cloud platform, install the Splunk Distribution of the OpenTelemetry Collector.

To track the degree of OpenTelemetry enablement in your AWS integrations:

  1. From Splunk Observability Cloud, go to Data Management > AWS.

  2. Select OpenTelemetry Enabled to see whether the OTel Collector is installed on each AWS EC2 instance. This helps you identify the instances that still need to be instrumented. For instances that are successfully instrumented, you can see which version of the OTel Collector is deployed.

Amount of AWS entities with the Collector installed.

Private connectivity

Splunk Observability Cloud also offers secured connectivity with AWS. For more information, see Private Connectivity using AWS PrivateLink.

See also