Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

AWS ADD-ON config on HF in AWS with Multiple Accounts

radam2000
Path Finder
‎11-09-2020 07:39 AM

Thanks in advance for any responses...

Scenario: I have a Heavy Forwarder Installed in my AWS environment sending my data to splunk cloud... works fine for any servers in AWS with a UF sending to HF and then to cloud

We have two accounts:
AccountA has a read-only access right assigned for an audit role across all services. And has read-only access to an S3 storage bucket containing all logs... AWS forwarder is an EC2 instance under this account
We created a User in AccountA with With Cross-Account Assume Permission that will enable it to assume a role in AccountB with Full Read-Only Access to S3 bucket but get errors...

AccountB has a logging archive role and read-only access to an S3 bucket where all logs from all services are written to the S3 bucket.

what is the best way to configure the add-on to pull the logs from this s3 bucket...

there are so many input options but we tried S3 Inputs/Access Logs/Generic S3 with the account and role...

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...