Splunk Enterprise

configure AWS account id in Splunk using app “SPLUNK App For AWS” and “Splunk Add on For AWS”

girijaamaresh
Engager

configure AWS account id in Splunk using app “SPLUNK App For AWS” and “Splunk Add on For AWS”

Labels (1)
0 Karma
1 Solution

SOURAV_S
Explorer

Hi,

You can perform the following steps to configure an AWS account in Splunk:

  1. In the Splunk Web home page, click Splunk Add-on for AWS in the left navigation bar.
  2. Click Configuration in the app navigation bar. The add-on displays the Account tab.
  3. Click Add.
  4. Name the AWS account. You cannot change this name once you configure the account.
  5. Enter the Key ID and Secret Key credentials for the AWS account that the Splunk platform uses to access your AWS data. The accounts that you configure must have the necessary permissions to access the AWS data that you want to collect.
  6. Select the Region Category for the account. The most common category is Global.
  7. Click Add.

Edit existing accounts by clicking Edit in the Actions column.

Delete an existing account by clicking Delete in the Actions column. You cannot delete accounts that are associated with any inputs, even if those inputs are disabled. To delete an account, delete the inputs or edit them to use a different account and then delete the account.

 

If this works, mark it as solution. 🙂

View solution in original post

0 Karma

SOURAV_S
Explorer

Hi,

  1. Ensure that the roles you are using has adequate permissions. If you do not give this role all of the permissions required for all inputs, configure AWS accounts specific to inputs not covered by the permissions for this role.
  2. On the Splunk Web home page, click Splunk Add-on for AWS in the left navigation bar.
  3. Click Configuration in the app navigation bar. By default, the add-on displays the Account tab.
  4. Look for the EC2 IAM role in the Autodiscovered IAM Role column. If you are in your own managed AWS environment and have an EC2 IAM role configured, it appears in this account list automatically.

You can also configure AWS accounts if you want to use both EC2 IAM roles and user accounts to ingest your AWS data.

How to configure an EC2 Role?

  1. Create an IAM policy for your EC2 instance. Ensure this policy has all of the required permissions specified in 'Configure AWS permissions for the Splunk Add-on for AWS'. If this policy does not include permissions required for all inputs, you need to configure an AWS account that includes permissions for inputs that are not included in this policy.
  2. Create an IAM Role for your IAM policy.
  3. Attach the IAM Role to the EC2 instance running Splunk Light. Search for 'Attaching an IAM Role to an Instance' on the AWS website.
  4. In Splunk Light, from the sidebar menu, select Data > Apps and Add-ons.
  5. In the Splunk Add-on for AWS window, click Open.
  6. Under the Data section on the right side of the window, click Add Data.
  7. From the top bar menu, click Configuration.
  8. Select the Account tab.
  9. Confirm that the IAM role appears as an Autodiscovered IAM Role.

 

If this works, mark this as solution!

Happy Splunking!🙂

0 Karma

SOURAV_S
Explorer

Hi,

You can perform the following steps to configure an AWS account in Splunk:

  1. In the Splunk Web home page, click Splunk Add-on for AWS in the left navigation bar.
  2. Click Configuration in the app navigation bar. The add-on displays the Account tab.
  3. Click Add.
  4. Name the AWS account. You cannot change this name once you configure the account.
  5. Enter the Key ID and Secret Key credentials for the AWS account that the Splunk platform uses to access your AWS data. The accounts that you configure must have the necessary permissions to access the AWS data that you want to collect.
  6. Select the Region Category for the account. The most common category is Global.
  7. Click Add.

Edit existing accounts by clicking Edit in the Actions column.

Delete an existing account by clicking Delete in the Actions column. You cannot delete accounts that are associated with any inputs, even if those inputs are disabled. To delete an account, delete the inputs or edit them to use a different account and then delete the account.

 

If this works, mark it as solution. 🙂

0 Karma

girijaamaresh
Engager

I have add account in the Splunk Add on for AWS. Can't really see in the Account Id dropdown of Splunk App for aws. do we need any additional configuration to reflect account id in Splunk App for aws overview page account ID dropdown(refer second screenshot)

Please refer screenshot

girijaamaresh_0-1616655715729.png

 

girijaamaresh_1-1616655772991.png

 

 

Quick help is much appreciated.

Thanks 

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...