Select and prepare your distributed Splunk Enterprise deployment for the Splunk Add-on for Amazon Web Services

Before you install the Splunk Add-on for Amazon Web Services on a distributed Splunk Enterprise, review the supported deployment topologies below. The diagrams show where the Splunk Add-on for Amazon Web Services should be installed for data collection in the supported distributed deployment topologies. The add-on is also installed on search heads for search-time functionality, but that is not shown in the diagrams.

Choose the deployment topology that works best for your situation.

Indexers in AWS VPC

If your indexers are on AWS Virtual Private Cloud, use an elastic load balancer to send data to your indexers.

Next step Configure an Elastic Load Balancer for the Splunk Add-on for Amazon Web Services

Indexers not in an AWS VPC

If your indexers are not in an AWS VPC, but are accessible from AWS Firehose via public IPs, install a CA-signed SSL certificate on each indexer, then send data directly to your indexers.

Prepare your indexers before you proceed: Install a CA-signed SSL certificate on each indexer. For instructions, see Configure Splunk indexing and forwarding to use TLS certificates in Securing Splunk Enterprise. Create a DNS name that resolves to the set of indexers that you plan to use to collect data from Amazon Kinesis Firehose. You will need this DNS name in a later step.

Next step Install the Splunk Add-on for Amazon Web Services on a distributed Splunk Enterprise deployment