Docs » Connect to your cloud service provider » Connect to AWS and send data to Splunk Observability Cloud » Connect to AWS using the guided setup in Splunk Observability Cloud

Connect to AWS using the guided setup in Splunk Observability Cloud 🔗

If you have administrator privileges for Splunk Observability Cloud and your Amazon Web Services (AWS) account, you can use guided setup to do the following:

  • Connect AWS to Observability Cloud.

  • Configure metrics and logs collection.

If you want to activate Metric Streams, read the specific instructions.

For other ways to connect Observability Cloud to AWS, see Connect to AWS and send data to Observability Cloud.

Access the guided setup for AWS integration 🔗

To access the guided setup for AWS integration, perform the following steps:

  1. Log in to Splunk Observability Cloud.

  2. Open the Amazon Web Services guided setup. Optionally, you can navigate to the guided setup on your own:

    • On the left navigation menu, select Data Management.

    • Select Add Integration to open the Integrate Your Data page.

    • On the Integrate Your Data page, select the tile for Amazon Web Services.

  3. Follow the steps provided in the guided setup.


    While choosing data sources, you might see the option to import all data from built-in CloudWatch namespaces. Select it to ensure that built-in dashboards display automatically.

  4. For the authentication step of establishing a connection between your AWS account and Splunk Observability Cloud, do one of the following:

    • In most AWS regions, use the Identity and Access Management (IAM) policy created through the guided setup.

    • For the GovCloud or China regions, select the option to authenticate using a secure token.

  5. Select the rate at which you want Splunk Observability Cloud to poll CloudWatch for metric data, with 1 minute as the minimum value, and 10 minutes as the maximum value. For example, a value of 300 polls metrics once every 5 minutes. Poll rate is expressed in seconds.

If you run into a problem, the guided setup displays an error message in context at the step with the problem. The error message summarizes and suggests a fix for that problem.

To learn more about how to get AWS CloudWatch data into Observability Cloud, watch this video on the Splunk YouTube channel.

Create an AWS IAM policy 🔗

The AWS IAM policy is a JSON object to which Observability Cloud refers for permission to collect data from every supported AWS service.

If this is the first time you have connected Observability Cloud to Amazon CloudWatch, or if you want to create a new AWS IAM policy, follow these steps. If you have already installed at least one AWS integration and want to reuse the same IAM policy, skip to the Create an AWS IAM role section.

  1. Log into your Amazon Web Services account.

  2. From the Services list, select Security, Identity, & Compliance > IAM to open Identity and Access Management.

  3. Select Policies > Create Policy, then select the JSON tab.

  4. Replace the placeholder JSON with the default AWS IAM policy JSON.

    Alternatively, you can also get this default AWS IAM policy JSON in the Prepare AWS Account step of the guided setup in Observability Cloud. The default AWS IAM policy supports metrics and log collection. To learn how to add support for CloudWatch Metric Streams, see Enable Metric Streams.

  5. Follow the instructions, and go through Next: Tags, and Next: Review. Give the policy a name, and select Create policy.

While preparing your AWS account, guided setup prompts you to copy the default IAM policy to connect your AWS account to Splunk Observability Cloud.

Create an AWS IAM role 🔗

Your AWS account includes IAM in its list of services. After creating an AWS IAM policy, you assign that policy to a particular role by performing the following steps in the Amazon Web Services console:

  1. Select Roles > Create Role.

  2. Select Another AWS account as the type of trusted entity.

  3. Copy and paste the Account ID displayed in guided setup into the Account ID field.

  4. Select Require external ID. Copy and paste the External ID displayed in the guided setup into the External ID field.

  5. Click Next: Permissions. Under Policy name, select the policy you made in the previous step.

  6. Click through Next: Tags and Next: Review.

  7. Name your new AWS IAM role. You also have the option of adding a short description for it. Select Create role.

Creating the AWS IAM role generates the Role ARN used to establish connection with AWS. Copy the created ARN role, and paste it into the Role ARN field in the guided setup.

Enable Metric Streams 🔗

To enable Metric Streams, use the guided setup, and take the following considerations into account:

  • On the Define AWS connection screen, disable the CloudWatch Metrics polling box.

  • When creating the new AWS IAM policy, add these additional permissions to the ones already suggested in the guided setup.

  • Follow the instructions to enable Metric Streams.

  • Update your settings and deploy the CloudFormation template following these steps.

Review the default AWS integration settings 🔗

After creating an AWS IAM policy and assigning it to a particular role through the guided setup, you can modify your configuration.

Limit the scope of data collection 🔗

By default, Splunk Observability Cloud will bring in data from all supported AWS services associated with your account, with certain limitations.

  • To manage the amount of data to import, see Specify and limit the data and metadata to import.

  • Use the check box options in the guided setup to limit the scope of your data collection. These are the available options:

    • Amazon Cost and Usage Metrics

    • CloudWatch Metrics polling (you can disable it altogether, or disable the polling but enable AWS Metric Streams instead)

    • CloudWatch Logs

    • AWS regions to fetch data from

    • AWS services to fetch data from

  • In the Data Management menu in Observability Cloud, edit any integration to limit data import.

  • Use the AWS console to revise the contents of the Action and Resource fields.

Select a CloudFormation template 🔗

Select a CloudFormation template to collect logs or Metric Streams for each AWS region that you want to operate in.

Next steps 🔗

After you connect Splunk Observability Cloud with AWS, you can use Observability Cloud to track a series of metrics and analyze your AWS data in real time.