Will AWS S3 event forwarding to SQS will end up be...

tiagofbmm · ‎02-13-2019

I am using the Splunk Technical Add-on that will be pulling messages from an SQS queue. Although the TA suggests using S3 forwarding to an SNS and it subscribed to an SQS, there is also the possibility of S3 to forward directly to SQS, and my customer is trying to get rid of SNS by AWS advice.

Would SNS make any change on what S3 send to it? Or would it be a fully transparent transport method to SQS?

asabatini85 · ‎02-13-2019

Hi Tiago,

it depends on the type of input you are configuring

for example the cloudtrail inputs needs only the SQS and the S3.

for the config-legacy inputs you needs the SNS.

also you can configure the custom data in your S3 bucket.

For any doubts I suggest you to check these videos

https://www.youtube.com/channel/UCn7X9CAe0ZAHOzVb_OpRWkQ

Regards
Alessandro

tiagofbmm · ‎02-13-2019

Thanks for the reply.

So according to the videos, it seems until v 5.2 of the App it is not recommended to have SQS Based S3 inputs.
If that is the case, then I believe this should also be part of the documentation of the current version.
The documentation is clear stating that

**However, it is highly recommended that you configure SQS-based S3 inputs to collect this type of data.**

And SQS-based S3 is the recommended input type for collecting a variety of pre-defined data types: CloudFront Access Logs, Config, ELB Access logs, CloudTrail, S3 Access Logs, as well as other custom data types.

Will AWS S3 event forwarding to SQS will end up being a different message than S3 to SNS to SQS?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)