Currently we have to use a proxy to connect to the S3 and SQS endpoints however the proxy is on-prem so it’s leaving AWS, going into our data center and back to AWS – not ideal.
I’m told that if we can set only specific services by using something like no_proxy="s3.amazonaws.com,s3.us-east-1.amazonaws.com” we can bypass the proxy and this will utilize the s3 vpc endpoint. Is there a way to configure the add-on to skip the proxy for specific services? I’ve tried to edit the server.conf file but that didn’t work….
We used to have the following in our splunk-launch.conf
, however we found that after a certain number of exclusions it stopped working (around ~270 char line...??):
NO_PROXY=127.0.0.1,169.254.169.254,codebuild.eu-west-2.amazonaws.com,config.eu-west-2.amazonaws.com,dynamodb.eu-west-2.amazonaws.com,ec2.eu-west-2.amazonaws.com,ec2messages.eu-west-2.amazonaws.com,elasticloadbalancing.eu-west-2.amazonaws.com,events.eu-west-2.amazonaws.com,execute-api.eu-west-2.amazonaws.com,kms.eu-west-2.amazonaws.com,logs.eu-west-2.amazonaws.com,monitoring.eu-west-2.amazonaws.com,s3.eu-west-2.amazonaws.com,secretsmanager.eu-west-2.amazonaws.com,servicecatalog.eu-west-2.amazonaws.com,sns.eu-west-2.amazonaws.com,ssm.eu-west-2.amazonaws.com
Now we have the following config in server.conf
:
[proxyConfig]
http_proxy=egress.yourproxy.com:443
https_proxy=egress.yourproxy.com:443
no_proxy=::1,localhost,127.0.0.1,169.254.169.254,codebuild.eu-west-2.amazonaws.com,config.eu-west-2.amazonaws.com,dynamodb.eu-west-2.amazonaws.com,ec2.eu-west-2.amazonaws.com,ec2messages.eu-west-2.amazonaws.com,elasticloadbalancing.eu-west-2.amazonaws.com,events.eu-west-2.amazonaws.com,execute-api.eu-west-2.amazonaws.com,kms.eu-west-2.amazonaws.com,logs.eu-west-2.amazonaws.com,monitoring.eu-west-2.amazonaws.com,s3.eu-west-2.amazonaws.com,secretsmanager.eu-west-2.amazonaws.com,servicecatalog.eu-west-2.amazonaws.com,sns.eu-west-2.amazonaws.com,ssm.eu-west-2.amazonaws.com
I hope this helps!