All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to enable IAM roles for Cloudtrail app and Splunk Add-on for Amazon Web Services?

sureshsala
Explorer
‎04-21-2016 02:21 AM

I don't want to add Secret Keys. Instead, I want to use IAM Roles. I have installed CLoudTrail app and AWS Add-On.

Please guide how to enable IAM Role.

Reply

rpille_splunk
Splunk Employee
Splunk Employee
‎05-25-2016 06:37 AM

Hi sureshsala,

Version 4.0.0 of the Splunk Add-on for AWS, released yesterday, adds support for using your EC2 IAM role instead of account credentials, if you are running your data collection node on your own managed AWS instance.

Docs are here: http://docs.splunk.com/Documentation/AddOns/latest/AWS/Setuptheadd-on#Discover_an_EC2_IAM_role

Cheers!

0 Karma
Reply

lim2
Communicator
‎01-30-2020 09:34 AM

Thanks for the link @rpille_splunk . But with Splunk 7.3.4 and Splunk TA AWS version 5.0.0 when clicked on "IAM Role" tab only saw "Loading..." & I'm getting following message also:

Unable to initialize modular input "splunk_ta_aws_sqs" defined in the app "Splunk_TA_aws": Introspecting scheme=splunk_ta_aws_sqs: script running failed (exited with code 1)..

Reply

travislelledeep
Explorer
‎02-07-2020 10:04 AM

Version 5.0 isn't compatible with 7.3.4. It's listed as being compatible with 8.0 only.

0 Karma
Reply

andreasz
Path Finder
‎02-21-2020 08:13 AM

I have version 8.0.2 installed and get the same error on my Search Head:
Unable to initialize modular input "splunk_ta_aws_sqs" defined in the app "Splunk_TA_aws": Introspecting scheme=splunk_ta_aws_sqs: script running failed (exited with code 1)

For some reasons I don't get this error on my Heavy Forwarder (8.0.2 as well)

Reply

Jeremiah
Motivator
‎04-22-2016 12:19 AM

By IAM roles, do you mean you want to use ec2 instance profiles? The app doesn't support that, unfortunately.

https://answers.splunk.com/answers/209605/can-we-use-aws-instance-profiles-instead-of-hard-c.html

http://docs.splunk.com/Documentation/AWS/latest/Installation/ConfigureyourAWSpermissions

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...