All Apps and Add-ons

Getting Access Denied for Splunk Add-on for AWS


I am in a bit of a fix right now and getting the below error when I am trying to add a new input to Splunk using this document


Note:  The Splunk instance is in a different account than the S3 bucket.

Error response received from the server: Unexpected error "<class 'splunktaucclib.rest_handler.error.RestError'>" from python handler: "REST Error [400]: Bad Request -- An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied". See splunkd.log/python.log for more details.


I have created an AWS role to allow the user residing in  account where my S3 bucket is and the permissions are like below



Trust relationship:




The user contains s3full access and AssumeRole policy attached to it. 


Splunk config:
The IAM role still shows undiscovered:





Are there any changes required at the Splunk instance level in the other account so that it could access the policy?

TIA for your help!

Labels (1)


BUMP! I am having the same issue with similar config. @himaniarora20 you didnt end up finding a resolution?

0 Karma


I did actually..  Just found out that you need to try with the indexer instead of Search Head. And also, attach an IAM role to your Splunk server, and  use the ARN of that same role to attach to your Splunk config.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...