Take a look at the indexes.conf documentation for Splunk 7.0. There's a new feature (unsupported, hopefully out in 7.1?) called remotePath and storageType (look at the very end for an example). Automatically handles S3 and caching data back for searching.
When I manually run the coldtofrozens3.py , it is working. But when splunk runs it, it doesn't copy the file to s3. I figured out that splunk has some issues when executing aws cli:
File "/usr/local/bin/aws", line 19, in
ImportError: No module named awscli.clidriver
By any change do you know how this can be resolved, aws installed as root, but splunk is running as user "splunk"