Docs » Connect to your cloud service provider » Connect to AWS and send data to Splunk Observability Cloud

Connect to AWS and send data to Splunk Observability Cloud 🔗

To leverage the benefits of data monitoring across your infrastructure, connect Splunk Observability Cloud to AWS. Follow these steps:

  1. Verify the prerequisites.

  2. Plan your integration.

  3. Choose your AWS connection option.

  4. (Optional) Enable metric streams.

You can also set the following configuration options to complete the integration:

  • Select Amazon Web Services (AWS) regions to collect data from.

  • Enable the ingestion of metrics through polling or streaming.

  • Decide whether to process information about application logs.

Following configuration, you can use Amazon CloudWatch to import metrics and logs from supported AWS services into Splunk Observability Cloud, and analyze your data using Observability Cloud tools.

AWS integration prerequisites

To connect AWS to Observability Cloud and integrate those platforms, you must meet the following prerequisites:

  • Administrator privileges in Observability Cloud and your AWS accounts

  • One of the following authentication methods:
    • An AWS IAM role and an external ID from Observability Cloud. An external ID is a random string used to establish a trust relationship between Observability Cloud and your AWS account. An external ID is automatically generated for you when you create a new AWS integration in Observability Cloud. See How to use an external ID when granting access to your AWS resources to a third party in AWS documentation.

    • A secure token, which combines an access key ID and a secret access key


Observability Cloud supports all AWS regular regions, GovCloud, and China. However, the GovCloud and China regions require a secure token for access.

Plan your integration

Regardless of the connection option you choose, you can configure your system more efficiently if you decide beforehand what data types and sources you want.

To determine the best connection method and configuration settings, answer the following questions before you connect AWS to Splunk Observability Cloud:

  • Do I want to collect metrics through API polling at specified intervals, or through CloudWatch Metric Streams?

  • Do I want to collect logs in addition to metrics? If yes, then include logs while configuring through the API or when given that option while performing a guided setup.

AWS connection options

You can connect Observability Cloud to AWS in several different ways. Choose the connection method that best matches your needs:

Connection option

Why use this?

Connect to AWS using the guided setup in Splunk Observability Cloud

Guides you step-by-step to set up an AWS connection and default configuration in Observability Cloud. Guided setup includes links to Amazon CloudFormation templates that you can select to create needed AWS IAM roles.

Connect to AWS using the Splunk Observability Cloud API

Requires knowledge of POST and PUT call syntax, but includes options and automation that are not part of the guided setup. Choose this method if you want to configure many integrations at once.

Connect to AWS using Splunk Terraform

Use this connection method if you already manage your infrastructure as code by deploying through Terraform.

See also the Splunk add-on for Amazon Kinesis Firehose.


Splunk is not responsible for data availability, and it can take up to several minutes (or longer, depending on your configuration) from the time you connect until you start seeing valid data from your account.

By default, Splunk Observability Cloud will bring in data from all supported AWS services associated with your account. To limit the amount of data to import, see Specify and limit the data and metadata to import.

If you can’t connect AWS to Observability Cloud, see Troubleshoot your AWS connection.

Use Metric Streams to forward data to Splunk Observability Cloud

Rather than polling for metrics data at specified intervals, CloudWatch Metric Streams sends metrics to a Kinesis Data Firehose stream, reducing latency. See Low Latency Observability Into AWS Services With Splunk in the DevOps blog for more information.

You can enable Metric Streams both with our guided setup, or the Splunk Observability Cloud API.

Although Metric Streams are more efficient than API polling, consider the constraints below.

Collection interval

CloudWatch Metric Streams continually stream Amazon CloudWatch metrics as soon as they are published. In most cases, the metrics are published once per minute.

For customers currently collecting Amazon CloudWatch metrics at the default polling rate of 300 seconds (5 minutes), this difference in intervals typically increases Amazon CloudWatch usage costs.

Customers already polling at 1-minute intervals generally see a slight decrease in Amazon CloudWatch usage costs compared to Metric Streams.

High data volume warning

After you create an AWS integration, Observability Cloud checks if more than 100,000 metrics are fetched from CloudWatch. If this is the case, the integration gets automatically disabled, and a warning email is sent.

This check runs just once per integration. If you enable the integration afterwards, it will work correctly.

You can disable this check by setting the enableCheckLargeVolume field in the AWS integration to false using the API.

Tag filtering

CloudWatch Metric Streams do not support filtering based on resource tags. Configuration applies to individual services, and all resources that report metrics from a configured service stream those metrics. If you filter data based on tags, your costs for Amazon CloudWatch and Splunk Infrastructure Monitoring might increase.


Be careful when choosing tag names: Splunk Observability Cloud only allows alphanumeric characters, and the underscore and minus symbols. Unsupported characters include ., :, /, =, +, @, and spaces, which are replaced by the underscore character.

Next steps