I'm running Splunk 6.5.2 in AWS. I have a Heavy Forwarder with the AWS Add-On installed. The majority of our external traffic goes via a proxy server but for some of the AWS API traffic it goes via a VPC end-point. Has anybody attempted this method and got it to work with the Splunk Add-On?
For each S3 VPC End-Point in use you need to add the region hostname to your no_proxy config in Splunk. For example if S3 buckets were in US East 2 need to add s3.us-east-2.amazonaws.com. All your configuratins in inputs.conf need to use the region hostname instead of the default s3.amazonaws.com