Authenticate an Amazon S3 connection for Edge Processors using an IAM role

Finish creating an Amazon S3 connection for Edge Processors by configuring authentication using an IAM role.

After completing the steps described in Create an Amazon S3 connection for Edge Processor pipelines to start creating an Amazon S3 connection, finish creating the connection by configuring authentication settings.
Note: This page describes how to authenticate the connection using an IAM role. For information about authenticating the connection using an access key pair instead, see Authenticate an Amazon S3 connection for Edge Processors using access keys.
  1. In the Data Management app, on the Storage authentication page of your Amazon S3 connection settings, select Copy to copy the custom trust policy.
  2. On another browser tab, navigate to the AWS IAM console, and update the role that your EC2 instances use to access the S3 bucket so that the role meets the following requirements:

    • The role contains the custom trust policy that you copied during step 1.

    • This role has a resource tag where the Key is splunk-assumable-role and the Value is true.

    For more information, see the following documentation in the AWS Identity and Access Management User Guide:

    Note: This role also needs specific resource access policies in order to access your Amazon S3 bucket, but you will configure these policies during a later step that's described in Create an Amazon S3 dataset for Edge Processor pipelines.
  3. Copy the Amazon Resource Name (ARN) of the role that you configured during step 2.
  4. Return to the browser tab that shows the Storage authentication page in the Data Management app, and then do the following:
    1. Paste the ARN into the IAM Role ARN field.
    2. Select I confirm that I have added the tag to the new IAM role.
  5. Depending on whether you previously selected other abilities or authentication methods on the Select abilities page for this connection, do one of the following:
    Option Description

    You only selected the Send data from Edge Processor ability, or you also selected the Send data from Ingest Processor ability and then selected the same authentication method for both abilities.

    		 Select Next to proceed to the Review page. Continue on to step 6.
    You also selected the Send data from Ingest Processor ability, and selected the Access key authentication method for it. You must configure additional authentication settings. For more information, see Authenticate an Amazon S3 connection for Ingest Processor using access keys in the Use Ingest Processors manual.

    You also selected the Run federated search ability.

    		 Select Next to proceed to the Catalog authentication page. For instructions on configuring catalog authentication and finishing connection creation, see Create an Amazon S3 Connection in the Splunk Cloud Platform Federated Search manual.
  6. On the Review page, ensure that all the entered information is correct, and then select Create to create your connection.
You now have a connection that uses an IAM role to authenticate to Amazon S3.

Next, create a dataset that uses this connection to access an S3 bucket. You can then configure a pipeline to use this dataset as a destination and start sending data from an Edge Processor to the S3 bucket.

For more information, see Create an Amazon S3 dataset for Edge Processor pipelines.