Manage AWS IAM Roles for Splunk Add-on for Amazon Web Services

Use the Configuration menu in the Splunk Add-on for AWS to manage AWS IAM roles that can be assumed by IAM users. Adding IAM roles lets the Splunk Add-on for AWS access AWS resources such as Billing, CloudTrail Lake, CloudWatch, CloudWatch Logs, Config Rules, Generic S3, Incremental S3, Inspector, Kinesis, Metadata, SQS, and SQS-based S3.

Add an IAM role

Use the following steps to add an IAM role:

1. On the Splunk Web home page, click Splunk Add-on for AWS in the left navigation bar.
2. Click Configuration in the app navigation bar, and then click the IAM Role tab.
3. Click Add.
4. In the Name field, name the role to be assumed by authorized AWS accounts managed on the Splunk platform. You cannot change the name once you configure the role.
5. In the ARN field, enter the role’s Amazon Resource Name in the valid format: arn:aws:iam::<aws_resource_id>:role/<role_name>.
6. Click Add.

Click Edit in the Actions column to edit existing IAM roles.

Click Delete in the Actions column to delete an existing role. You cannot delete roles associated with any inputs, even if those inputs are disabled. To delete an account, delete the inputs or edit them to use a different assumed role and then delete the role.