Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

aws kinesis create-stream --stream-name "splunk-vpc" --shard-count 1

TrustPolicyForCWL.json

{
  "Statement": {
    "Effect": "Allow",
    "Principal": { "Service": "logs.us-east-2.amazonaws.com" },
    "Action": "sts:AssumeRole"
  }
}

aws iam create-role --role-name CWLtoKinesisRole --assume-role-policy-document file:///tmp/TrustPolicyForCWL.json

PermissionsForCWL.json

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "kinesis:PutRecord",
      "Resource": "arn:aws:kinesis:us-east-2:123456789999:stream/splunk-vpc"
    },
    {
      "Effect": "Allow",
      "Action": "iam:PassRole",
      "Resource": "arn:aws:iam::123456789999:role/CWLtoKinesisRole"
    }
  ]
}

aws iam put-role-policy --role-name CWLtoKinesisRole --policy-name Permissions-Policy-For-CWL --policy-document file:///tmp/PermissionsForCWL.json

aws logs put-subscription-filter --log-group-name "vpcflowlogs" --filter-name "vpcflowlogs-filter" --filter-pattern "" --destination-arn "arn:aws:kinesis:us-east-2:123456789999:stream/splunk-vpc" --role-arn "arn:aws:iam::123456789999:role/CWLtoKinesisRole"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.