Authenticate an Amazon S3 connection for Ingest Processor using an IAM role

Finish creating an Amazon S3 connection for Ingest Processor by configuring authentication using an IAM role.

After completing the steps described in Create an Amazon S3 connection for Ingest Processor pipelines to start creating an Amazon S3 connection, finish creating the connection by configuring authentication settings.
Note:

This page describes how to authenticate the connection using an IAM role. For information about authenticating the connection using an access key pair instead, see Authenticate an Amazon S3 connection for Ingest Processor using access keys.

Be aware that it is a best practice to use IAM role authentication, which prevents the need to store and rotate sensitive credentials such as a secret access key.

You have already started creating an Amazon S3 connection, and completed the configurations on the Select data store, General, and Select abilities pages. For more information, see Create an Amazon S3 connection for Ingest Processor pipelines.

  1. In the Data Management app, on the Storage authentication page of your Amazon S3 connection settings, select Copy to copy the custom trust policy.
  2. On another browser tab, navigate to the AWS IAM console, and create an IAM role that meets the following requirements:

    • The role contains the custom trust policy that you copied during step 1.

    • This role has a resource tag where the Key is splunk-assumable-role and the Value is true.

    For more information, see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html in the AWS Identity and Access Management User Guide.

    Note: This role also needs specific resource access policies in order to access your Amazon S3 bucket, but you will configure these policies during a later step that's described in Create an Amazon S3 dataset for Ingest Processor pipelines.
  3. Copy the Amazon Resource Name (ARN) of the role that you created during step 2.
  4. Return to the browser tab that shows the Storage authentication page in the Data Management app, and then do the following:
    1. Paste the ARN into the IAM Role ARN field.
    2. Select I confirm that I have added the tag to the new IAM role.
  5. Depending on whether you previously selected other abilities or authentication methods on the Select abilities page for this connection, do one of the following:
    Option Description

    You only selected the Send data from Ingest Processor ability, or you also selected the Send data from Edge Processor ability and then selected the same authentication method for both abilities.

    		 Select Next to proceed to the Review page. Continue on to step 6.
    You also selected the Send data from Edge Processor ability, and selected the Access key authentication method for it. You must configure additional authentication settings. For more information, see Authenticate an Amazon S3 connection for Edge Processors using access keys in the Use Edge Processors for Splunk Cloud Platform manual.

    You also selected the Run federated search ability.

    		 Select Next to proceed to the Catalog authentication page. For instructions on configuring catalog authentication and finishing connection creation, see Create an Amazon S3 Connection in the Splunk Cloud Platform Federated Search manual.
  6. On the Review page, ensure that all the entered information is correct, and then select Create to create your connection.
You now have a connection that uses an IAM role to authenticate to Amazon S3.

Next, create a dataset that uses this connection to access an S3 bucket. You can then configure a pipeline to use this dataset as a destination and start sending data from Ingest Processor to the S3 bucket.

For more information, see Create an Amazon S3 dataset for Ingest Processor pipelines.