I have been using the AWS Add-On to pull data from S3 into Splunk. It's been working well for internal use. I now have been tasked to provide data to an external source. The external source should only have access to the data that they need. The S3 looks similar to this.
dataset2/dashboard <--- External source should only access this data
I created AWS keys specifically for this external source. I want to set my permissions so the external source only has access to dataset2 without viewing data from dataset1 and dataset3.
The problem is Splunk requires the ListBucket permission to index the data. I have attempted to use a condition statement to lock this down to the specific folder. However, when I use the permissions below, Splunk cannot grab the data. If I remove the condition statement the data is processed into Splunk but I can now see the contents of dataset1 and dataset3.