Hi Folks; Hoping that some of our AWS experts can help with this. Basically I have set up Splunk running in EC2 within our splunk aws account for our company. Now that we have proven out that the data is good, and folks are motivated, the next step here is to start pulling that same data from all other accounts in our space.
Right now i have a single role called SplunkEC2Role that has 2 policies (one for the addon, one for SAI). That role is bound to Splunk EC2 instance within my account. That role was auto-discovered in the add-on, and i created inputs using that role.
My expertise ends here. But I assume that I will need to create a Role with an STS policy with a wildcarded account resource?
What we've done is two things:
The documentation is pretty good on this subject: https://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWSpermissions