Connect to AWS 🔗
This section describes how to connect to Amazon Web Services (AWS) to start sending data to Splunk Observability Cloud.
There are a few different ways to configure this AWS connection. Choose the method that best matches your use case.
Guides you step-by-step through in the Observability Cloud UI through AWS connection setup and default configuration.
Requires knowledge of POST and PUT call syntax, but can optionally include options and automation that are not part of the wizard, as for example if you want to configure many integrations at once.
Can be used if you already manage your infrastructure as code by deploying through Terraform.
You establish a connection with AWS and then set configuration options to create the integration. Following configuration, you can use Amazon CloudWatch to import metrics and logs from supported AWS services into Observability Cloud, and analyze your data using Observability Cloud tools.
You configure the system to select one or more regions to collect data from, enable the ingest of metrics through polling or streaming, and decide whether to also process information about application logs.
If your attempt to connect Splunk Observability Cloud with AWS fails or does not work as expected, see Troubleshoot your AWS connection.
Observability Cloud uses AWS CloudWatch to collect metrics data, and AWS Compute Optimizer to collect Amazon cost and usage data.
While configuring your connection to AWS, you’ll authenticate using either an external ID provided by Observability Cloud and an AWS IAM role, or a secure token. Secure tokens combine an access key ID and a secret access key. The AWS GovCloud and China regions require a secure token.
Splunk provides CloudFormation templates you can select that create the IAM roles for CloudWatch metric streams and Kinesis Firehose automatically.
Successful integration requires the following:
Administrator privileges in Observability Cloud
Administrator privileges for your AWS accounts
Regardless of the connection option you choose, you can configure your system more efficiently if you decide beforehand what data types and sources you want.
Answering the following questions while you’re planning AWS integration helps determine the settings you’ll want:
Do I want to collect metrics through API polling at specified intervals, or through metric streams?
Do I want to collect logs in addition to metrics?
Will I pull data from AWS regions that require authentication using a secure token rather than an external ID, such as China (www.amazonaws.cn) or AWS GovCloud?
The initial release of CloudWatch Metric Streams includes limitations that you should consider:
Collection interval: CloudWatch Metric Streams streams all metrics as soon as they are published to AWS CloudWatch. In most cases, the metrics are published once per minute. For customers currently collecting AWS CloudWatch metrics at the default polling rate of 300 seconds (5 minutes), this difference in intervals results in more data being collected from AWS CloudWatch. This increase in data rate typically increases AWS CloudWatch usage costs. Customers already polling at 1-minute intervals generally see a slight decrease in AWS CloudWatch usage costs.
Tag filtering: CloudWatch Metric Streams does not support filtering based on resource tags. Collection configuration is per-service, and all resources that report metrics from a configured service have their metrics streamed. If you filter data based on tags, your costs for AWS CloudWatch and Splunk Infrastructure Monitoring might increase.
After connecting to AWS describes the actions you can perform after you connect and configure your AWS services.