Is there any way I can use a custom AMI for Splunk...

msrkr · ‎10-05-2017

Can I use a custom AMI which is hardened by a script for Splunk deployment in AWS?
If there is a possibility, how can I do it?
please suggest me.
I know just changing the AMI in the cloudformation does not work
There are some internal changes that need to be made.

Kindly help me with this.
Thank you in advance.

esix_splunk · ‎10-05-2017

You can install Splunk on any AMI in AWS that is supported. It would be up to you to change the cloudformation scripts as neccesary and make sure they work.

msrkr · ‎10-09-2017

But I am unable to deploy it as it's not receiving success signal.

msrkr · ‎10-06-2017

I have changed the AMI in cloud formation but did not get a success signal.

19:29:05 UTC-0400 ROLLBACK_IN_PROGRESS AWS::CloudFormation::Stack Spk The following resource(s) failed to create: [SplunkCM]. . Rollback requested by user.

19:29:04 UTC-0400 CREATE_FAILED AWS::EC2::Instance SplunkCM Failed to receive 1 resource signal(s) within the specified duration

18:28:47 UTC-0400 CREATE_IN_PROGRESS AWS::EC2::Instance SplunkCM Resource creation Initiated

Is there any way I can use a custom AMI for Splunk in AWS?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...