Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

AWS ADD-ON config on HF in AWS with Multiple Accounts

radam2000
Path Finder
‎11-09-2020 07:39 AM

Thanks in advance for any responses...

Scenario: I have a Heavy Forwarder Installed in my AWS environment sending my data to splunk cloud... works fine for any servers in AWS with a UF sending to HF and then to cloud

We have two accounts:
AccountA has a read-only access right assigned for an audit role across all services. And has read-only access to an S3 storage bucket containing all logs... AWS forwarder is an EC2 instance under this account
We created a User in AccountA with With Cross-Account Assume Permission that will enable it to assume a role in AccountB with Full Read-Only Access to S3 bucket but get errors...

AccountB has a logging archive role and read-only access to an S3 bucket where all logs from all services are written to the S3 bucket.

what is the best way to configure the add-on to pull the logs from this s3 bucket...

there are so many input options but we tried S3 Inputs/Access Logs/Generic S3 with the account and role...

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...