Can I use a custom AMI which is hardened by a script for Splunk deployment in AWS?
If there is a possibility, how can I do it?
please suggest me.
I know just changing the AMI in the cloudformation does not work
There are some internal changes that need to be made.
Kindly help me with this.
Thank you in advance.
You can install Splunk on any AMI in AWS that is supported. It would be up to you to change the cloudformation scripts as neccesary and make sure they work.
I have changed the AMI in cloud formation but did not get a success signal.
19:29:05 UTC-0400 ROLLBACKINPROGRESS AWS::CloudFormation::Stack Spk The following resource(s) failed to create: [SplunkCM]. . Rollback requested by user.
19:29:04 UTC-0400 CREATE_FAILED AWS::EC2::Instance SplunkCM Failed to receive 1 resource signal(s) within the specified duration
18:28:47 UTC-0400 CREATEINPROGRESS AWS::EC2::Instance SplunkCM Resource creation Initiated