topic Re: AWS IAM Role in All Apps and Add-ons

AWS IAM Role

davidhofmann — Fri, 10 Jul 2015 15:24:37 GMT

Is it possible to have the Splunk Add-on for AWS use the IAM Role assigned to the splunk server instead of using AWS user credentials?

Re: AWS IAM Role

rpille_splunk — Fri, 10 Jul 2015 19:26:26 GMT

Yes, you can. That is in fact the recommended way to handle this. See http://docs.splunk.com/Documentation/AddOns/latest/AWS/ConfigureAWSpermissions for details about the permissions. The docs say: "You can use the AWS Policy Generator tool to collect all permissions into one centrally managed policy that you can apply to the IAM used by the Splunk Enterprise server."

Re: AWS IAM Role

davidhofmann — Fri, 10 Jul 2015 19:58:12 GMT

Thanks. Policy wise I can set that up, but I'm not sure how to configure it on the splunk server side once I've assigned the IAM role to the server.

Re: AWS IAM Role

rpille_splunk — Fri, 10 Jul 2015 20:34:29 GMT

You can create a user specifically for the purpose of handling the Splunk Enterprise connection, assign them to the IAM role, then use that set of credentials when you set up the add-on and configure the connection to the AWS account.

Re: AWS IAM Role

davidhofmann — Mon, 13 Jul 2015 12:52:08 GMT

That's what I'm doing now. But I was wondering if it's possible to not use user creditals and instead use the Server assigned role.

Re: AWS IAM Role

rpille_splunk — Mon, 13 Jul 2015 17:20:04 GMT

I see what you mean. No, not at this time. As it is designed, the add-on's connection with AWS depends on an account key ID and secret key.