Splunk Enterprise Security

AWS SQS - Api calls using http only?

Stokers_23
Explorer

I have configured the AWS Add-On for Splunk and want to ingest logs from an S3 bucket by following the Splunk recommended design pattern as per http://docs.splunk.com/Documentation/AddOns/released/AWS/SQS-basedS3.

I have configured everything as specified however encountered a problem where it is not working. After looking into things it appears that Splunk is making the call to our S3 bucket via HTTP and not HTTPS. Our bucket policy states that only HTTPS connections can be made to it, as we have an organisation policy that states data must be encrypted in transit (which is fairly standard within the industry).

We have looked into all of the configurable variables within the Splunk console and cannot find a field where the get method for the SQS-based S3 can be changed to HTTPS. I’m fairly confident that Splunk would be able to make its requests via HTTPS, however we just can’t see where it can be configured. Please can you confirm if we are able to enforce https api calls?

Thanks in advance

Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...