We are trying to integrate Evident.io logging with Splunk using Evidentio->SNS->Lambda->Splunk. Following the steps are listed in http://docs.evident.io/#organization , basically it talks about
1)Installing the Evident.io App for Splunk
2)Creating a HTTP Event Collector token in Splunk
3)Creating Lambda function for splunk integration
4)Evident.io SNS integration
5)Lambda and SNS integration
In step 3, during creation of lambda function, procedure is to encrypt the “HTTP Event Collector token” generated in Splunk, using KMS service and to use the encrypted token in the lambda function. When the Lambda function runs, it uses the KMS service to decrypt the token and to talk to Splunk servers.
With our current network design, Splunk instances are in a private subnet with internet connection through proxy from our corporate network. When the lambda function is created in default VPC (No VPC (if NO VPC is selected all AWS Lambda functions run securely inside a default system-managed VPC.)) function is able to talk to KMS service and unable to talk to Splunk servers. When function is created in subnet where the Splunk instance are, function is unable to talk to KMS and failing.
In this scenario, Lambda function needs access to internet to use KMS and access to Splunk servers in private subnet.
Can the Splunk-logging Lambda function take the proxy setting to make the API calls to AWS KMS for decryption of the “HTTP Event collector token”?
Can there be situations where Splunk and the Lambda function are on different subnets?
... View more