Re: AWS IAM Role

davidhofmann · ‎07-10-2015

Is it possible to have the Splunk Add-on for AWS use the IAM Role assigned to the splunk server instead of using AWS user credentials?

rpille_splunk · ‎07-10-2015

Yes, you can. That is in fact the recommended way to handle this. See http://docs.splunk.com/Documentation/AddOns/latest/AWS/ConfigureAWSpermissions for details about the permissions. The docs say: "You can use the AWS Policy Generator tool to collect all permissions into one centrally managed policy that you can apply to the IAM used by the Splunk Enterprise server."

rpille_splunk · ‎07-10-2015

You can create a user specifically for the purpose of handling the Splunk Enterprise connection, assign them to the IAM role, then use that set of credentials when you set up the add-on and configure the connection to the AWS account.

davidhofmann · ‎07-13-2015

That's what I'm doing now. But I was wondering if it's possible to not use user creditals and instead use the Server assigned role.

rpille_splunk · ‎07-13-2015

I see what you mean. No, not at this time. As it is designed, the add-on's connection with AWS depends on an account key ID and secret key.

davidhofmann · ‎07-10-2015

Thanks. Policy wise I can set that up, but I'm not sure how to configure it on the splunk server side once I've assigned the IAM role to the server.

AWS IAM Role

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?