×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
abow
Explorer
Member since: ‎10-07-2024
‎03-11-2025
Community Statistics
Posts 4
Solutions 1
Karma Given 1
Karma Received 1
Member Since ‎10-07-2024
View All

Re: Use Cross-Account IAM role with Splunk Add-on ...

by in All Apps and Add-ons
‎03-03-2025 11:59 AM
‎03-03-2025 11:59 AM
Hi @robj, thanks for the suggestion! That sounds like a solid option. Do you also have your heavy forwarder deployed in AWS? We ended up using the Splunk Data Manager app to ingest AWS CloudTrail logs from an AWS S3 bucket using a cross-account IAM role that can be assumed by Splunk Cloud. Splunk Data Manager documentation: https://docs.splunk.com/Documentation/DM/1.12.0/User/About Configure AWS for onboarding from a single account: https://docs.splunk.com/Documentation/DM/1.12.0/User/AWSSingleAccount You can use the above implementation to either ingest CloudTrail logs from a single AWS account or from your centralized logging account in an AWS Organization or Control Tower environment. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-11-2025 05:58 PM
Karma from
View All
Karma given to
View All