Splunk App for AWS Proxy and Instance Profiles for CloudTrail

Proxying the Splunk App for AWS through boto.cfg. Because sometimes you want to deploy Splunk in a VPC and have it proxy out to the AWS API.

$ cat /etc/boto.cfg
[Boto]
proxy = IP_ADDRESS
proxy_port = PORT

Using Instance profiles for the Splunk App for AWS. Because you don’t want to hard code your IAM creds into Splunk or save them in clear text and using Instance profiles is way cooler.

$ cd $SPUNK_HOME/etc/apps/SplunkAppforAWS/bin
# diff aws-cloudtrail.py aws-cloudtrail.py.orig
183,186c183,185
< #sqs_queue_region,
< #aws_access_key_id=key_id,
< #aws_secret_access_key=secret_key
< sqs_queue_region
---
> sqs_queue_region,
> aws_access_key_id=key_id,
> aws_secret_access_key=secret_key
193,194c192,193
< #aws_access_key_id=key_id,
< #aws_secret_access_key=secret_key
---
> aws_access_key_id=key_id,
> aws_secret_access_key=secret_key

Now you can do this in the Splunk App for AWS:
creds

References:
http://apps.splunk.com/app/1274/
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.