I just had the same problem as you, and I found this endpoint: https://localhost:8089/servicesNS/nobody/Splunk_TA_aws
I am poking around this endpoint with curl and jq, which I've defined this handy shell function for: req() {curl -ku admin:changeme "$1?output_mode=json" | jq -C . | less -R} (of course, you'll have to adjust the admin/changeme passwords to suit your deployment).
Then, req https://localhost:8089/servicesNS/nobody/Splunk_TA_aws to discover all the query endpoints that the AWS add-on REST api supports. You'll see, for example:
{
"name": "splunk_ta_aws_iam_roles",
"id": "https://localhost:8089/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_iam_roles",
"updated": "2018-01-26T10:08:27+00:00",
"links": {
"alternate": "/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_iam_roles",
"create": "/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_iam_roles/_new",
"list": "/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_iam_roles",
"_acl": "/servicesNS/nobody/Splunk_TA_aws/splunk_ta_aws_iam_roles/_acl"
},
"author": "system",
"acl": {
"app": "",
"can_list": true,
"can_write": true,
"modifiable": false,
"owner": "system",
"perms": null,
"removable": false,
"sharing": "system"
},
"content": {
"eai:acl": null
}
},
The links section here takes you to other endpoints that you can use, and you can, for example, make a GET request on the "create" endpoint to figure out the parameters that it takes.
As a side note, I'm pretty sure there are no guarantees on backwards/forwards-compatibility here, but I super feel your pain re. having to set up machines automatically, so it looks like this is the best way to set things up automatically for now.
... View more
