All Apps and Add-ons

Splunk AWS Addon In Federate (SAML) Environment

New Member

I am trying to use the AWS Addon in a federated environment where we are authenticated into AWS via SSO. When I am trying to configure the AWS Addon (v4.6) I am being asked to provide Key ID and Secret Key. These are not available in this federated environment.

When reading through the documentation ( on configuring the add on it states (in the Discover an EC2 IAM role section) step 5: Look for the EC2 IAM role in the Autodiscovered IAM Role column. If you are in your own managed AWS environment and you have an EC2 IAM role configured, it appears in this account list automatically.

I am not seeing this. I am being asked for the Key ID and Secret Key.

Splunk Server is running in AWS EC2 with a role associated with the EC2 instance that has all appropriate policies applied to the role to access AWS resources.

Any guidance would be appreciated.


Tags (1)
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...