An S3 bucket and the necessary resources for Splunk to ingest its objects with SQS Based ingestion.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

S3 bucket and support infrastructure for Splunk SQS based S3 ingestion.

This module creates an S3 bucket and other components (SNS, SQS, IAM) needed for Splunk to ingest objects with SQS Based S3 ingestion

It requires the Splunk environment to be hosed in AWS.


  • All accounts in the AWS organization given by the aws_organization_id can put objects in the created bucket
  • One dedicated account has read access to the bucket. This will typically be the AWS account hosting Splunk
  • A separate bucket for S3 Access logs will be created
  • The module provisions SQS and SNS resources and required policies. You can override attributes of the SQS queue by changing variables.
  • The bucket is created with a default and customizable lifecycle policy that removes items after seven days.


The bucket created by this module wil also allow Elastic Load Balancers in the same region to write it's access logs to the bucket

The bucket policy also allows the AWS ConfigService to write put objects to the bucket.