Hi, Ensure that the roles you are using has adequate permissions. If you do not give this role all of the permissions required for all inputs, configure AWS accounts specific to inputs not covered by the permissions for this role. On the Splunk Web home page, click Splunk Add-on for AWS in the left navigation bar. Click Configuration in the app navigation bar. By default, the add-on displays the Account tab. Look for the EC2 IAM role in the Autodiscovered IAM Role column. If you are in your own managed AWS environment and have an EC2 IAM role configured, it appears in this account list automatically. You can also configure AWS accounts if you want to use both EC2 IAM roles and user accounts to ingest your AWS data. How to configure an EC2 Role? Create an IAM policy for your EC2 instance. Ensure this policy has all of the required permissions specified in 'Configure AWS permissions for the Splunk Add-on for AWS'. If this policy does not include permissions required for all inputs, you need to configure an AWS account that includes permissions for inputs that are not included in this policy. Create an IAM Role for your IAM policy. Attach the IAM Role to the EC2 instance running Splunk Light. Search for 'Attaching an IAM Role to an Instance' on the AWS website. In Splunk Light, from the sidebar menu, select Data > Apps and Add-ons. In the Splunk Add-on for AWS window, click Open. Under the Data section on the right side of the window, click Add Data. From the top bar menu, click Configuration. Select the Account tab. Confirm that the IAM role appears as an Autodiscovered IAM Role. If this works, mark this as solution! Happy Splunking!🙂
... View more