Hey everyone,
We have about 20 AWS accounts at the moment and I want to the use the Splunk AWS app to monitor them all but it looks like it only works in single accounts?
I currently have cloudtrail on all accounts which then go into 1 master s3bucket which we pull the logs down from, also where my splunk instance is sitting. I can get the AWS splunk app working in the aws account i deploy splunk from (using IAM roles from the doco) but I can't see how to pull that type of data from other accounts without setting up 20+ splunk instances?
How does everyone else use the splunk AWS app when you have alot of seperate aws accounts? Is it done through SQS or something?
Thanks!
... View more